RSA NetWitness® Platform Redefines SIEM to Optimize Security Operations

The RSA NetWitness SIEM is engineered to immediately identify an organization's high-risk security threats, reduce attacker dwell time, and more


  • Presents information in one screen to help analysts – novice to hunter – accelerate threat detection and response from on-premises and Cloud to mobile and social
  • Correlates identity and asset criticality data to prioritize security events based on business impact to mitigate the most damaging threats to the business
  • Out-of-the-box machine learning and behavior analytics help enable analysts to keep up with sophisticated attack methods
  • New user interface based on hundreds of hours of security analysts' feedback and testing

BEDFORD, MA – July 18, 2017 — RSA, a global cybersecurity leader delivering Business-Driven Security™ solutions, unveiled the next release of RSA NetWitness® Platform that is designed both to increase productivity for security analysts of every skill and experience level and to accelerate threat detection and response. By integrating business context with true end-to-end visibility, the RSA NetWitness evolved SIEM is engineered to immediately identify an organization's high risk security threats, optimizes security processes to reduce attacker dwell time, and prioritizes the threats that matter most to the business.

The RSA NetWitness SIEM is designed to bring together log, network and endpoint data with business insights and threat intelligence into one, non-siloed analytics engine to find attacks that could otherwise go undetected. The Suite also features new User Interfaces (UI) built to help analysts respond to attacks that have the greatest potential to do the most harm to an organization. The end-to-end visibility and use of data in one SIEM to detect and respond separates RSA NetWitness Platform from other solutions in the market.

Today's risk landscape is a result of the increasing length and frequency of modern cyberattacks, and the dissolution of the traditional enterprise perimeter. Because attacks and vulnerabilities can strike anywhere and anytime, businesses can no longer rely on simple preventative measures and perimeter-based controls. Organizations must prepare for continuous attacks from advanced persistent threats by ensuring they have deep and wide visibility across their infrastructure, the right tools, skills, and business-risk assessment to prioritize threats and defend their network. However, due to the shortage of skilled analysts, security operations teams are spread thin. They are often unable to keep up with the exploding number of alerts and struggle to correlate data from disparate sources to understand the full scope of an attack. It is time for the centerpiece of the security operation center to evolve, for SIEM to live up to its promise of detection and responding to threats – not just provide compliance.

The new release of RSA NetWitness Platform is engineered to deliver visibility across the enterprise – from the endpoint to the cloud – in a new, highly intuitive UI that presents security analysts with a comprehensive view of the IT infrastructure, across logs, packets, endpoints, NetFlow and threat intelligence. This broad data set is designed to be made intelligent and actionable to limit false positives and the system noise with which most SIEMs are associated.

The Suite is built to use behavioral analytics and machine learning to automate the correlation of massive volumes of disparate data to help alleviate the workloads of today's security teams. By prioritizing incidents, orchestrating workflows, and providing context in the midst of an investigation, RSA NetWitness Platform is designed to allow security analysts to more effectively investigate the full scope of an attack, triage, and respond to the threats that could do the most harm to an organization.

"Security teams struggle with understanding the business context necessary to focus on the threats that matter most to the business," said Mike Adler, Vice President of Product, RSA NetWitness Platform. "Our new, evolved SIEM is engineered to provide organizations with a Business-Driven Security strategy by interweaving business context and risk with the most advanced visibility and cybersecurity capabilities to help the entire organization – from the CEO and CISO to the security operations center – protect itself from known and unknown threats, minimize attacker dwell time and mitigate negative business consequences."

Enhancements to RSA NetWitness Platform is engineered to include:

  • RSA NetWitness Logs & Packets 11 provides improved visibility by delivering advanced threat analytics across environments -- on-premises, virtualized infrastructure, or in the cloud on Amazon Web Services (AWS) and Microsoft Azure. Continued enhancements to the Suite's real-time behavior analytics and machine learning, as well as expanded threat intelligence across RSA capabilities, third party, and crowd sourced from the community, all provide security analysts with real-time insights into the most advanced cybersecurity threats.
  • RSA NetWitness Endpoint 4.4 focuses on expanding its integration capabilities with the RSA NetWitness Platform. Already an integral part of the RSA NetWitness Platform, RSA NetWitness Endpoint can now transform its deep endpoint visibility into powerful metadata for even tighter integration and incorporation in the new analyst experience workflows of the RSA NetWitness Platform – providing a single place for detection and response across logs, network and endpoint data.

RSA NetWitness Platform is designed to leverage machine learning techniques to look for anomalous behaviors that, in turn, can be used to identify threats. For example, the Command & Control detection capability identifies connections to malicious servers and helps identify nation state threat actors. The features leveraged involve traffic patterns and what is known about the domain to which a connection is being made, amongst many other pieces of information.

As organizations struggle to staff and maintain security operations teams due to the shortage of skilled security pros, RSA NetWitness Platform is engineered to help alleviate that pressure by improving productivity of existing security analysts. The intuitive workflows and automated analytics improve the experience for security analysts of all levels and frees up more experienced threat hunters to focus on higher priority threats. "Because it's so difficult to hire new staff, it's important that you have your team focus on the most important tasks and automate the manual ones, such as log reviews. By using tools to complete manual tasks, your skilled team can use their time on value-add activities." 1


The latest version of RSA NetWitness Platform will be available in early second half of 2017.



RSA, a Dell Technologies business, offers business-driven security solutions that uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and, reduce business risk, fraud, and cybercrime. RSA protects millions of users around the world and helps more than 90% of the Fortune 500 companies thrive in an uncertain, high risk world. For more information, go to

RSA, Dell, Business Driven Security, NetWitness and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners.

Special Note on Forward-Looking Statements:
Statements in this press release concerning Dell Technologies' plans and objectives relating to its products, services and solutions are forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934 and Section 27A of the Securities Act of 1933 and are based on Dell Technologies' current expectations. Dell Technologies' results in future periods could differ materially from those expressed or implied by these forward-looking statements because of risks, uncertainties and other factors that are described in Dell Technologies' reports and other filings with the Securities and Exchange Commission, which are available for review through the Securities and Exchange Commission's website at