Products and Solutions

Enabling the Hunt: RSA NetWitness Platfrom Updates & Enhancements

Oct 26, 2016 | by Amy Blackshaw |

RSA Charge 2016, a gathering of more than 2,000 RSA customers, is off to a great start in New Orleans this week. Bringing together RSA product experts with our users and cybersecurity thought-leaders makes for great conversation, collaboration, innovation - and a little bit of fun!

Our RSA NetWitness® Platform solution teams and customers have a lot of things to be excited about this week. We are happy to announce our latest capabilities, which will continue to enable our customers to rapidly detect and respond to today's threats - before damage is done within their organizations.

New to the RSA NetWitness Platform are "Hunter Packs," delivered out-of-the-box via RSA Live, which help organizations detect both known and unknown threats. RSA Live is a service that shares content and threat intelligence insights with RSA NetWitness Platform customers. Through the RSA Live service, intelligence from industry research, information crowd sourced from RSA's customer base, and the organization's own data is aggregated and operationalized at ingestion, to help detect the unknowns that are key indicators of compromises - saving valuable time and resources.

Using the RSA NetWitness Platform, organizations can now deploy the same threat detection content that RSA's Incident Response Practice uses every day to smoke out and respond to active threats around the globe.

A new set of "meta keys" facilitates the enablement of this new content. An analyst can rapidly find interesting and suspicious events by applying content packs leverage the new meta keys instead of manually editing or updating indices. Specifically, analysts can find behaviors of compromise, identify unusual protocols and file attributes, and quickly categorize threats to streamline investigation. These capabilities were developed in collaboration with the Dell Cybersecurity Intelligence & Response Team and were leveraged successfully at the Black Hat USA 2016 conference.

Other features of our newest release include:

  • Expanded behavior analytics capabilities enable customers to leverage logs to identify potentially command and control activities.
  • Enhanced cloud visibility. As more sensitive data, applications and resources are move to the cloud, RSA NetWitness Platform now extends its visibility to include the Azure cloud.
  • Out-of-the-box dashboards and reports enable organizations to quickly show value to management and the board.

The RSA NetWitness Platform is central to our business-driven security strategy. It provides the fastest path to mitigate, and then eradicate, threats prior to business impact through a deep understanding across the broadest set of attack vectors.

Want to learn more? Visit our RSA Threat Detection & Response website.