RSA NetWitness Suite is Said to Redefine SIEM to Optimize Security Operations

RSA, a cybersecurity leader delivering Business-Driven Security solutions, unveiled the next release of  RSA NetWitness Suite that increases productivity for security analysts of every skill and experience level, and accelerates threat detection and response. By integrating business context with true end-to-end visibility, the RSA NetWitness evolved SIEM immediately identifies an organization’s high risk security threats, optimizes security processes to reduce attacker dwell time, and prioritizes the threats that matter most to the business.

The RSA NetWitness SIEM brings together log, network and endpoint data with business insights and threat intelligence into one, non-siloed analytics engine to find attacks that could otherwise go undetected. The Suite also features new User Interfaces (UI) to help analysts respond to attacks that have the greatest potential to do the most harm to an organization. The end-to-end visibility and use of data in one SIEM to detect and respond separates RSA NetWitness Suite from other solutions in the market.

Today’s risk landscape is a result of the increasing length and frequency of modern cyberattacks, and the dissolution of the traditional enterprise perimeter. Because attacks and vulnerabilities can strike anywhere and anytime, businesses can no longer rely on simple preventative measures and perimeter-based controls. Organizations must prepare for continuous attacks from advanced persistent threats by ensuring they have deep and wide visibility across their infrastructure, the right tools, skills, and business-risk assessment to prioritize threats and defend their network. However, due to the shortage of skilled analysts, security operations teams are spread thin. They are often unable to keep up with the exploding number of alerts and struggle to correlate data from disparate sources to understand the full scope of an attack. It is time for the centerpiece of the security operation center to evolve, for SIEM to live up to its promise of detection and responding to threats – not just provide compliance.

The new release of RSA NetWitness Suite delivers visibility across the enterprise – from the endpoint to the cloud – in a new, highly intuitive UI that presents security analysts with a comprehensive view of the IT infrastructure, across logs, packets, endpoints, NetFlow and threat intelligence. This broad data set is made intelligent and actionable to limit false positives and the system noise with which most SIEMs are associated. 

The Suite uses behavioral analytics and machine learning to automate the correlation of massive volumes of disparate data to help alleviate the workloads of today’s security teams. By prioritizing incidents, orchestrating workflows, and providing context in the midst of an investigation, RSA NetWitness Suite allows security analysts to more effectively investigate the full scope of an attack, triage, and respond to the threats that could do the most harm to an organization.

“Security teams struggle with understanding the business context necessary to focus on the threats that matter most to the business,” said Mike Adler, Vice President of Product, RSA NetWitness Suite. “Our new, evolved SIEM provides business-driven security by interweaving business context and risk with the most advanced visibility and cybersecurity capabilities to help the entire organization – from the CEO and CISO to the security operations center – protect itself from known and unknown threats, minimize attacker dwell time and mitigate negative business consequences.”

Enhancements to RSA NetWitness Suite include:
RSA NetWitness Logs & Packets 11 provides improved visibility by delivering advanced threat analytics across environments -- on-premises, virtualized infrastructure, or in the cloud on Amazon Web Services (AWS) and Microsoft Azure. Continued enhancements to the Suite’s real-time behavior analytics and machine learning, as well as expanded threat intelligence across RSA capabilities, third party, and crowd sourced from the community, all provide security analysts with real-time insights into the most advanced cybersecurity threats.


RSA NetWitness Endpoint 4.4 focuses on expanding its integration capabilities with the RSA NetWitness Suite.  Already an integral part of the RSA NetWitness Suite, RSA NetWitness Endpoint can now transform its deep endpoint visibility into powerful metadata for even tighter integration and incorporation in the new analyst experience workflows of the RSA NetWitness Suite – providing a single place for detection and response across logs, network and endpoint data. 

RSA NetWitness Suite leverages machine learning techniques to look for anomalous behaviors that, in turn, can be used to identify threats. For example, the Command & Control detection capability identifies connections to malicious servers and helps identify nation state threat actors. The features leveraged involve traffic patterns and what is known about the domain to which a connection is being made, amongst many other pieces of information.

As organizations struggle to staff and maintain security operations teams due to the shortage of skilled security pros, RSA NetWitness Suite helps alleviate that pressure by improving productivity of existing security analysts. The intuitive workflows and automated analytics improve the experience for security analysts of all levels and frees up more experienced threat hunters to focus on higher priority threats.

“Because it’s so difficult to hire new staff, it’s important that you have your team focus on the most important tasks and automate the manual ones, such as log reviews. By using tools to complete manual tasks, your skilled team can use their time on value-add activities