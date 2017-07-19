RSA launched the next release of RSA NetWitness Suite that increases productivity for security analysts of every skill and experience level, and accelerates threat detection and response. By integrating business context with true end-to-end visibility, the RSA NetWitness evolved SIEM immediately identifies an organization’s high risk security threats, optimizes security processes to reduce attacker dwell time, and prioritizes the threats that matter most to the business.

The RSA NetWitness SIEM brings together log, network and endpoint data with business insights and threat intelligence into one, non-siloed analytics engine to find attacks that could otherwise go undetected. The Suite also features new User Interfaces (UI) to help analysts respond to attacks that have the greatest potential to do the most harm to an organization. The end-to-end visibility and use of data in one SIEM to detect and respond separates RSA NetWitness Suite from other solutions in the market.

The new release of RSA NetWitness Suite delivers visibility across the enterprise – from the endpoint to the cloud – in a new, highly intuitive UI that presents security analysts with a comprehensive view of the IT infrastructure, across logs, packets, endpoints, NetFlow and threat intelligence. This broad data set is made intelligent and actionable to limit false positives and the system noise with which most SIEMs are associated.

The Suite uses behavioral analytics and machine learning to automate the correlation of massive volumes of disparate data to help alleviate the workloads of today’s security teams. By prioritizing incidents, orchestrating workflows, and providing context in the midst of an investigation, RSA NetWitness Suite allows security analysts to more effectively investigate the full scope of an attack, triage, and respond to the threats that could do the most harm to an organization.

Enhancements to RSA NetWitness Suite include:

RSA NetWitness Logs & Packets 11 provides improved visibility by delivering advanced threat analytics across environments — on-premises, virtualized infrastructure, or in the cloud on Amazon Web Services (AWS) and Microsoft Azure. Continued enhancements to the Suite’s real-time behavior analytics and machine learning, as well as expanded threat intelligence across RSA capabilities, third party, and crowd sourced from the community, all provide security analysts with real-time insights into the most advanced cybersecurity threats.

RSA NetWitness Endpoint 4.4 focuses on expanding its integration capabilities with the RSA NetWitness Suite. Already an integral part of the RSA NetWitness Suite, RSA NetWitness Endpoint can now transform its deep endpoint visibility into powerful metadata for even tighter integration and incorporation in the new analyst experience workflows of the RSA NetWitness Suite – providing a single place for detection and response across logs, network and endpoint data.

RSA NetWitness Suite leverages machine learning techniques to look for anomalous behaviors that, in turn, can be used to identify threats. For example, the Command & Control detection capability identifies connections to malicious servers and helps identify nation state threat actors. The features leveraged involve traffic patterns and what is known about the domain to which a connection is being made, amongst many other pieces of information.

As organizations struggle to staff and maintain security operations teams due to the shortage of skilled security pros, RSA NetWitness Suite helps alleviate that pressure by improving productivity of existing security analysts. The intuitive workflows and automated analytics improve the experience for security analysts of all levels and frees up more experienced threat hunters to focus on higher priority threats.

AVAILABILITY

The latest version of RSA NetWitness Suite will be available in October 2017.