CA Security Command Center

(Others)

CA SCC Manages Security Risks in Real Time

IT organizations face a flood of security messages and events — literally millions per day — that results in security information overload. In this scenario, IT teams need a tool to convert raw data from diverse infrastructure components into business intelligence that can prevent security breaches — and their resulting impact on critical business processes and assets.

CA SCC aggregates, correlates and prioritizes data from disparate enterprise resources, delivering business intelligence that enables you to discover, prioritize and act quickly to prevent breaches. You manage security from a single, centralized console that displays information visually, in the context of your organization’s business priorities. Individual IT team members work through web-based views that show only the information pertinent to their role. When an alert or incident appears, they can use drill down capabilities to determine what action should be taken — and take it.

Key Capabilities and Features

At every step from discovery to resolution, you can take advantage of distinctive features and capabilities to mitigate risk.

Discover, gather, monitor Use real-time Auto Discovery capabilities to find out what is in your environment and to collect and manage unique events from diverse sources. Monitor operational and alert messages in real time and present this intelligence on demand to those who need to respond to the incident.

Correlate and analyze You can customize these CA SCC correlation and analysis tool to meet your site-specific needs.

Rule-Based Correlation Monitor events as they occur in your environment with rules that are easy to download, deploy and configure. Or, build your own correlation rules from scratch, using intuitive templates and a wizard.

Security Software and Hardware Correlation Correlate data from diverse security software and hardware in a normalized, consolidated data structure. Link events from all sources and classify assorted security data.

Network Operations Correlation Improve both network and security operations through bi-directional correlation of security events with network traffic from your network and system management systems.

Access Management Correlation Correlate failed logons to uncover suspicious usage patterns.

Database, Mainframe and Business Application Correlation Analyze and correlate data through a single, powerful engine to expose patterns in legacy applications, business processes and vital platforms.

Asset Classification and Prioritization Correlate threats and vulnerabilities to critical business processes and assets to mitigate risk.

Alert, control, act You can quickly identify security threats and escalate them for resolution through advanced alerting, visualization, incident management and remediation capabilities.

The same policy engine used for correlation is also used for policy-based event notification, calling on applications, triggering alerts and paging or emailing critical responders on your staff, as necessary.

Visualization enables you to identify security risks quickly through a color-coded comparison graphic, created dynamically from a data stream. At a glance, you can associate an event with magnitude, number or type.

When an incident occurs, you can respond quickly and effectively with incident management and advanced workflow features. By grouping and annotating events, or declaring and acknowledging incidents, you can quickly get to the root cause, manage the events surrounding it and respond effectively.

Finally, you can resolve a security issue by feeding vital security information to mechanisms that will implement a manual or automated fix, including trouble ticketing systems, patching tools, vulnerability management, network and systems management systems.

Report and investigate CA SCC gathers reports from point devices and systems for centralized archiving, viewing and distribution — enabling you to identify security risks quickly.

An on demand query tool provides both reports and the input for the CA SCC visualizer in a single interface — new queries and visualizations are available over the Web as an ongoing service. Correlation, reports and workspaces around compliance needs enable you to focus on managing security from complete, refined information.

Additional features

Scalability Supports remote deployment of event aggregation, reduction, correlation and collection tools in different areas of the network

Agent and Agentless Deployment Supports agentless third-party event forwarding and data collection as well as traditional agent deployment

Filtering at the Agent Aggregate, reduce and filter data at the agent level, reducing the amount of data sent over the network

Online Correlation Rule Updates Receive new policies and correlation rules via Web Update Services

Product Integration Kits Acquire status of systems and appliances, reports and tools that must operate in native mode to resolve incidents.

Supported Environment CA SCC supports Windows 95, 98 and 2000, Windows XP, Linux and UNIX environments.