Enabling the Hunt: RSA NetWitness Suite Updates & Enhancements

Oct 27, 2016 | by Amy Blackshaw

RSA Charge 2016, a gathering of more than 2,000 RSA customers, is off to a great start in New Orleans this week. Bringing together RSA product experts with our users and cybersecurity thought-leaders makes for great conversation, collaboration, innovation - and a little bit of fun!

Our RSA NetWitness® Suite solution teams and customers have a lot of things to be excited about this week. We are happy to announce our latest capabilities, which will continue to enable our customers to rapidly detect and respond to today's threats - before damage is done within their organizations.

New to the RSA NetWitness Suite are "Hunter Packs," delivered out-of-the-box via RSA Live, which help organizations detect both known and unknown threats. RSA Live is a service that shares content and threat intelligence insights with RSA NetWitness Suite customers. Through the RSA Live service, intelligence from industry research, information crowd sourced from RSA's customer base, and the organization's own data is aggregated and operationalized at ingestion, to help detect the unknowns that are key indicators of compromises - saving valuable time and resources.

Using the RSA NetWitness Suite, organizations can now deploy the same threat detection content that RSA's Incident Response Practice uses every day to smoke out and respond to active threats around the globe.

A new set of "meta keys" facilitates the enablement of this new content. An analyst can rapidly find interesting and suspicious events by applying content packs leverage the new meta keys instead of manually editing or updating indices. Specifically, analysts can find behaviors of compromise, identify unusual protocols and file attributes, and quickly categorize threats to streamline investigation. These capabilities were developed in collaboration with the Dell Cybersecurity Intelligence & Response Team and were leveraged successfully at the Black Hat USA 2016 conference.

Other features of our newest release include:

  • Expanded behavior analytics capabilities enable customers to leverage logs to identify potentially command and control activities.
  • Enhanced cloud visibility. As more sensitive data, applications and resources are move to the cloud, RSA NetWitness Suite now extends its visibility to include the Azure cloud.
  • Out-of-the-box dashboards and reports enable organizations to quickly show value to management and the board.

The RSA NetWitness Suite is central to our business-driven security strategy. It provides the fastest path to mitigate, and then eradicate, threats prior to business impact through a deep understanding across the broadest set of attack vectors.

Want to learn more? Visit our RSA Threat Detection & Response website.

Author: Amy Blackshaw

Category: Archive, Threat Detection and Response