RSA enVision SIEM

The RSA enVision platform provides a centralized log management service that enables organizations to simplify their compliance programs and optimize their security incident management. The RSA enVision solution facilitates the automated collection, analysis, alerting, auditing, reporting, and secure storage of all logs. Organizations can simplify compliance by using regulation-specific, out-of-the-box reports, alerts and correlations rules. Reports can be scheduled to be delivered at a specific time or run on an ad-hoc basis. Alerts can be delivered through the intuitive user interface, via SMS, or email. Administrators don’t have to be glued to the interface at all times. Auditors can even be granted read-only access to the enVision platform so that they can access the reports whenever they need them.

RSA enVision ES Series

RSA Envision ES 560

  • Sustained Events/Second: 500 EPS
  • Max Devices per Appliance: 100
  • Simultaneous RSA Users: 6
  • Storage: 300 GB Internal
  • Virtualized Appliance: Yes

RSA Envision ES 1060

  • Sustained Events/Second: 1000 EPS
  • Max Devices per Appliance: 200
  • Simultaneous RSA Users: 8
  • Storage: 300 GB Internal
  • Virtualized Appliance: Yes

RSA Envision ES 1260

  • Sustained Events/Second: 1200 EPS
  • Max Devices per Appliance: 600
  • Simultaneous RSA Users: 9
  • Storage: 300 GB Internal
  • Virtualized Appliance: Yes

RSA Envision ES 2560

  • Sustained Events/Second: 2500 EPS
  • Max Devices per Appliance: 400
  • Simultaneous RSA Users: 10
  • Storage: 300 GB Internal
  • Virtualized Appliance: Yes

RSA Envision ES 3060

  • Sustained Events/Second: 3000 EPS
  • Max Devices per Appliance: 1500
  • Simultaneous RSA Users: 11
  • Storage: External Storage Required
  • Virtualized Appliance: Yes

RSA Envision ES 5060

  • Sustained Events/Second: 5000 EPS
  • Max Devices per Appliance: 7500
  • Simultaneous RSA Users: 12
  • Storage: External Storage Required
  • Virtualized Appliance: Yes

RSA Envision ES 7560

  • Sustained Events/Second: 7500 EPS
  • Max Devices per Appliance: 1250
  • Simultaneous RSA Users: 14
  • Storage: External Storage Required
  • Virtualized Appliance: Yes

RSA Envision LS Series

RSA Envision LS A60

  • Application Server Appliance
  • Sustained Events/Second: N/A
  • Max Devices/Appliance: N/A
  • Simultaneous RSA Users: 16
  • Storage: NAS Storage Required
  • Virtualized Appliance: No

RSA Envision LS D60

  • Database Server Appliance
  • Sustained Events/Second: 30000 EPS
  • Max Devices/Appliance: 6144
  • Simultaneous RSA Users: N/A
  • Storage: NAS Storage Required
  • Virtualized Appliance: No

RSA Envision LS L605

  • Local Collector Appliance
  • Sustained Events/Second: 5000 EPS
  • Max Devices/Appliance: 1500
  • Simultaneous RSA Users: N/A
  • Storage: NAS Storage Required
  • Virtualized Appliance: No

RSA Envision LS L610

  • Local Collector Appliance
  • Sustained Events/Second: 10000 EPS
  • Max Devices/Appliance: 2048
  • Simultaneous RSA Users: N/A
  • Storage: NAS Storage Required
  • Virtualized Appliance: No

RSA Envision LS R601

  • Remote Collector Appliance
  • Sustained Events/Second: 1000 EPS
  • Max Devices/Appliance: 512
  • Simultaneous RSA Users: N/A
  • Storage: NAS Storage Required
  • Virtualized Appliance: No

RSA Envision LS R602

  • Remote Collector Appliance
  • Sustained Events/Second: 2000 EPS
  • Max Devices/Appliance: 1024
  • Simultaneous RSA Users: N/A
  • Storage: NAS Storage Required
  • Virtualized Appliance: No

RSA Envision LS R600.5

  • Remote Collector Virtual Appliance
  • Sustained Events/Second: 500 EPS
  • Max Devices/Appliance: 256
  • Simultaneous RSA Users: N/A
  • Storage: NAS Storage Required
  • Virtualized Appliance: Yes

RSA Envision LS R600.1

  • Remote Collector Virtual Appliance
  • Sustained Events/Second: 100 EPS
  • Max Devices/Appliance: 50
  • Simultaneous RSA Users: N/A
  • Storage: NAS Storage Required
  • Virtualized Appliance: Yes

How does it work?

It all starts with collection of the logs and events being generated by the devices in an organization’s infrastructure. The RSA enVision platform offers market-leading, out-of-the box log collection support for over 300 devices. Everything from network devices, servers, routers, storage, and databases to firewalls, intrusion prevention devices, and anti-virus software—the enVision platform has them covered. Do you have proprietary applications or services? Not a problem; the enVision solution provides a wizard-based tool to automate the collection from custom application and services as well. The platform continuously records and stores every event log, ensuring that each event is verifiably complete and accurate. Once logs are collected, the enVision platform permanently archives the log data, processes the logs in real time and generates alerts when it observes suspicious or otherwise notable patterns of behavior. Organizations can interrogate the full volume of stored data at any time.

The RSA enVision Solution for Compliance

The RSA enVision Solution has been purpose built for the collection, archiving, and reporting on massive volumes of logs—which makes it a perfect fit for organizations facing IT compliance challenges. Regulations across geographies and industries vary significantly so it’s important to make sure your organization can keep up with all of their reporting requirements. The enVision solution helps to automate the compliance processes with out-of-the-box reports designed specifically for the regulations organizations are facing today, massively simplifying compliance programs. To achieve and maintain compliance, the enVision platform helps organizations to:

  • Efficiently collect, protect, and store log data in a secure, non-filtered, and non-normalized fashion.
  • Provide summary and detailed reports for the mandated periods of time.
  • Establish baseline levels of activity for the entire IT operation to define “normal activity,” making unusual levels and types of activity easier to detect.
  • Alert on deviations from baseline activities, and detect complex patterns of potentially malicious activity across multiple, disparate devices.
  • Perform forensic analysis on massive archives of log data for security incident and regulatory investigations.
  • Automate incident management processes for close monitoring and correction of issues to make sure they are recorded, escalated, and corrected in a timely and thorough manner.