Socwise logo


RSA Archer automates routine tasks and fills them up with content

For enterprises, the biggest challenges from cybersecurity and other risk management perspectives are recruiting suitable staff, fulfilling compliance requirements, and the obligation to consistent data provision.

RSA’s development Archer Suite supports all these through automating tasks, creating reports about security incidents, and providing a unified methodology, workflows, and indicators concerning the whole company.

Archer is a great tool for understanding and prioritizing the organization’s own risks, as well as for managing its compliance. It’s difficult to define priorities among the heaps of IT security or vulnerability alerts without such a software. Just imagine: if we identify hundreds or thousands of security incidents, how will we decide what to handle first? How will we rank them in order from a risk perspective? How will we be able to lower our risk profile most efficiently?

In our opinion, the mindset of organizations is evolving into a direction where risk management is of most importance, including the holistic understanding of the risks concerning the whole company. In the interest of integrated risk management, RSA’s solution provides a unified platform with excellent configuration options to manage the differing dimensions of a risk. It provides SOC teams with real-time, intuitively displayed, accurate information, giving them a comprehensive picture which they can easily understand and make decisions based on. It’s not without a reason that Gartner Magic Quadrant ranked it in the top quarter in its Integrated Risk Management (IRM) category.

In addition, one could easily think of this software as a web-based monitoring package which helps automate processes through seamless workflows and reporting, displays data collected from other security tools, and helps automate routine tasks.

The system offers a number of various methods to define risks, including simple color-coding (green/yellow/red/) and quantitative risk evaluation values defined by various formulas. These are in parallel with the widely-accepted risk management methodologies such as NIST 800-53, ISO 31000, NIST RMF, and so on.

In all cases, the goal to be achieved is risk quantification: the ability to calculate the costs of the risk. Not only the severity of the risk, but also how much we gain by averting it. This enables the organization to consider risks from a budget perspective. Nevertheless, this is a long, evolutionary process for many organizations. Suitable operation needs mature risk management culture, which cannot be achieved overnight.

The product assigns underlying content to events, security incidents. It provides answers to key questions such as:

  • What other tools does the affected system domain contain?
  • What user groups or software need to know how to use the domain to stay operational?
  • Which network does a given tool operate on?
  • Who is responsible for the applications and systems?
  • What would be the consequence of shutting these systems down to mitigate the impact of an incident?

Using all these, the product gives members of a Security Operation Center (SOC) a holistic understanding of the incident and helps them make better response-related decisions in the future.

Archer also provides SOC members with a central portal where incident investigation can be tracked and managed with full transparency, is supported by reporting, and it lets management monitor key performance indicators. In addition to its usability in a SOC, it also helps continuously monitor the IT environment by aggregating data from various tools and creating a summarized view.

Due to the abovementioned advantages, the US Department of Homeland Security, among others, has also chosen RSA Archer for its government-level cybersecurity program. Archer is used to aggregate data into a federal-agency-level dashboard by performing risk scoring while creating numerous reports. The Continuous Diagnostics and Monitoring (CDM) dashboard provides the heads of the agencies with real-time information concerning the status of governmental networks and reports containing crucial risk indicators. It acts as a central hub collecting data coming from tools that were previously installed to map and manage networks (such as vulnerability detection and configuration tools), enabling the creation of an aggregated risk picture at any level of the organization.

However, IT security risk management, as we’ve discussed it so far, is only one of the seven domains of the solution package. The rest of the solutions span from business resilience and operations planning through audit management, operational risk, and supply chain control to compliance with regulations. What they all have in common is all these solutions increase efficiency, as they are of significant help in automating and modernizing processes.

Using the Business Resilience solution, Archer can be assigned to the alerting tools so it can send alerts in the event of a true security incident automatically.

Automatic data collection and reporting as configurable in the system. This is a lot more forward-looking than the practice applied by most organizations today, where various areas send tabular reports individually – maybe even with different formatting – which a colleague laboriously aggregates into a corporate-level report. From a compliance report and risk management perspective, the solution replaces this manual task.

As for managerial oversight, the solution ensures a consistent overview of data across all units of the company using mutual measurement and reporting processes. When asked if they’re able to collect and document risks in a unified and consistent manner, managers concisely say no most of the time.

RSA Archer helps managers fully understand and manage corporate risks. And this doesn’t only apply to cyber and IT risks, but all other sorts of risks as well, such as environmental, workforce, or financial risks which can also greatly affect achieving corporate goals.

One of the particularly useful tools of the software package is Risk Register, which helps define risks, create consistent documentations across the whole of the company, and develop a unified terminology and methodology.

Consequently, it helps assign applicable regulations and controls to the risks.

The various functionalities that build on each other are synergic. For example, the results of a vulnerability investigation can be assigned to the systems, which then provide decision support to help respond to emerging vulnerabilities.

The software can be easily integrated and it’s highly customizable. It works as an out-of-the-box solution with pre-designed processes based on industry best practices, but it can also be easily configured based on unique needs and defined processes. As for implementation, it can be either run on the organization’s own hardware or used as a service.

The future

For now, the system does not make automated decisions yet, it only helps human decision-making by providing information. For example, in the event of a true security incident, the given management has to take the necessary steps to send the alert.

Nevertheless, a shift can be observed towards automated decision-making. As RSA put it: “We have been doing some work in the area of artificial intelligence, so that is something that could come out in the future in terms of the way we interact with tools,” he explained. “Right now we are reporting data … We won’t apply the patch, for instance.” Instead the system will send an alert to security managers, who will need to apply the patch themselves.In our opinion, Archer could replace human work in this area in the near future.

The solution background

RSA has been regarded as one of the most well-known players of the cybersecurity industry worldwide since as early as 1977, when the three co-founding researchers – Rivest, Shamir, and Adleman, whose initials make up the name of company – created a new type of encryption. RSA’s product portfolio was expanded with the GRC system through the acquisition of Archer Technologies in 2010. This tool is widely used by large organizations, in both the public and the private sectors. It has more than 1500 corporations (banks, commercial, and telco companies) as customers globally, including half of the Forbes 100 companies.

A strong GRC technology platform is critical to a successful risk management program. Without one, it’s infinitely harder to leverage common processes, share data and gain visibility into risks across your enterprise.

How can you tell if the GRC platform you’re considering will support your organization’s needs now and in the future? Download this buyer’s guide, 5 Things to Know When Researching Risk Management Platforms, to find out:

•    5 absolutely essential capabilities the platform should support
•    Tough questions you should ask GRC platform providers
•    Advice for picking a platform designed to provide a quick return on investment

Use your precious budget wisely; download the 3-page guide and find out what to seek today.