RSA NetWitness Platform: Changing the Security Paradigm

Jul 28, 2016 | by Amy Blackshaw

In technology - especially information security - the pace of change can be overwhelming. Adversaries continually invent new (and more often, reinvent old) ways to infiltrate and compromise organizations, while the good guys try to take advantage of the innovation in technologies, techniques, and processes to protect their organizations against these adversaries. But there are some things that aren't changing fast enough: the sophistication of threat actors and the expanding attack surface make it nearly impossible for security teams to discover and fully understand compromises quickly enough to respond before they impact the business.

That is why today, we announced the RSA NetWitness® Platform - to change the paradigm and favor the good guys. RSA is bringing back the NetWitness name as the family name of our threat detection & response offerings to represent the evolution and extension of the original NetWitness product which we acquired in 2011.

What hasn't changed - and won't change - is the maniacal focus we have on enabling security teams to detect and understand the full scope of a compromise before there is damage to the business. The RSA NetWitness Platform continues to monitor the broadest set of attack vectors and capture activity - from endpoints, logs and packets - to provide a much more complete picture and deeper understanding so security teams are more effective at shutting down the entire attack campaign, not just thwarting a single incident. In addition, the RSA NetWitness Platform provides orchestration of the entire incident response process to drive efficiencies - saving seconds and minutes when it matters most.

In addition, new capabilities within the RSA NetWitness Platform include, Live Connect which enables organizations to utilize and operationalize real-time, crowd sourced threat intelligence from the RSA customer, partner and research community for faster threat identification and more accurate incident prioritization. The suite also includes improved threat detection by combining recently introduced behavioral analytics with data science models and machine learning that requires no advanced knowledge of specific attacks or signatures, rules, or analyst tuning.

As Neil MacDonald, VP and Distinguished Analyst at Gartner stated, "Organizations must switch to a continuous-monitoring mindset, where threats are prioritized, and focus is given to mitigating and limiting resulting damage from an attack. Behavioral analytics can be used to detect suspicious behavior without requiring prior knowledge of technical IOCs, while security intelligence, derived from both outside and within the organization, can be used to continuously inform and amend security operations, tactics and strategy."

By applying the most sophisticated technology to analyze, prioritize and investigate threats, security teams can respond to advanced attacks in minutes, not days or months. The RSA NetWitness Platform brings the change that is needed to flip the security paradigm to favor the good guys.

Want to learn more? Visit the Threat Detection and Response page on rsa.com.

Author: Amy Blackshaw

Category: Archive, Threat Detection and Response