Products and Solutions

Introducing RSA NetWitness® Detect AI

Feb 03, 2021 | by Arthur Fontaine |
Visualization of RSA NetWitness Detect AI

RSA NetWitness Platform has an important place in the history of the threat detection and response market. Originally started as a U.S. government research project, the technology has grown and evolved while protecting many of the world’s largest, most complex and most security-conscious organizations. Now a leading evolved SIEM and XDR solution, RSA NetWitness Platform serves as the foundation of cutting-edge security operations centers (SOCs), which rely on its powerful threat detection, incident response and security automation capabilities to battle the stealthiest threats and the most sophisticated adversaries.

For the past decade, RSA NetWitness Platform has been part of the RSA Security product family. We’ve stood shoulder-to-shoulder with our customers as they’ve defended against an ever-increasing and ever-evolving threat landscape, adapting our solutions to contend with new challenges. In addition to its original focus on network analytics, today RSA NetWitness Platform correlates threat data across support for logs, endpoints, and IoT, with advanced behavior analytics and security orchestration & automation. RSA’s Advanced Cyber Defense and Incident Response services teams continuously apply the technology against real-world attacks from real-world adversaries, generating a feedback loop and driving the continuous improvements that the market demands.

Part of that evolution is cloud support. Traditionally deployed on-premises to support in-house SOCs, RSA NetWitness Platform has long embraced a “see everything, run anywhere” architecture that allows organizations to run any component – from collectors to analytics, as well as incident response and orchestration – in public or private cloud instances. Many organizations take advantage of this virtualization capability today, for reasons ranging from cloud visibility to cost optimization.

Today we are announcing the availability of the next evolution in the RSA NetWitness Platform cloud strategy. RSA NetWitness Detect AI is a cloud-native analytics solution that leverages cloud scalability and elasticity, avoiding the need for most hardware while simplifying planning and administration.

Why is this important?  It makes the work of security analysts better, faster, and smarter. Running the advanced analytics and machine learning engines from RSA NetWitness Platform as cloud-native services deliver big benefits to security analysts and threat hunters, as well as to administrators and IT resources. RSA NetWitness Detect AI performs cloud-scale detection and correlation, freeing up personnel to focus on defensive activities and giving them the meaningful data and insights they need to accelerate incident resolution.

RSA NetWitness Detect AI’s unsupervised machine learning algorithms work across a wide range of use cases, including detection of insider threats, brute force authentication and machine operated activities. It gets continuously smarter about the specifics of your environment as more data flows through it, and its machine learning algorithms are continuously refined and updated by RSA data scientists, so your analysts don’t have to worry about tuning them. RSA NetWitness Detect AI combines its proprietary machine learning algorithms with an innovative risk scoring model designed to alleviate alert fatigue for analysts by only alerting on high fidelity and high priority threats, leading to faster attack investigation and response times, and driving more efficient and complete incident management.

RSA NetWitness Detect AI can accommodate the processing requirements of organizations large and small. The elastic nature of the cloud means that the service only consumes the resources it requires, without the need to keep capacity in reserve for traffic spikes or incident response activities. Flexible licensing options make planning and budgeting easy, even as situations and use cases change.

As we continue to work closely with existing and prospective customers to improve RSA NetWitness Platform, RSA will always make enhancements to the technology that meet evolving deployment models, use cases, and threat vectors and techniques. RSA NetWitness Detect AI is the first step in leveraging pure cloud SaaS capabilities to benefit the advanced SOC, but you’ll see many more exciting innovations in the coming months and years.

For more information contact your RSA representative or visit rsa.com/detect-ai.

###

See the following resources for more information on RSA NetWitness Detect AI: 

Recommended for you