This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The New RSA NetWitness Suite: Evolved SIEM

Anonymous
Not applicable
‎2017-07-18 09:04 AM

Despite increasing investments in security, breaches are still occurring at an alarming rate. Whether the result of cyber criminals sending phishing or malware attacks through company emails, nation states targeting organization’s IP, or insiders misusing sensitive data, we live in a world where prevention of breaches has become impossible. Given the speed at which cyber criminals are able to create new security threats, companies must change their approach to security.  It is time for the centerpiece of our security operation to evolve – for SIEM to finally deliver what it has promised for decades.

 

We are thrilled to announce, that is exactly what we are delivering. We’ve redefined modern security operations with a new kind of SIEM: the RSA NetWitness® Suite. 

 

Of course, we have all the traditional SIEM requirements like compliance; but it is built to be laser focused on security – to rapidly detect and respond to today’s known and unknown threats – before they do damage.

 

The latest release of the RSA NetWitness Suite delivers end to end visibility across the organization – from logs, network, endpoints and threat intelligence - in a brand new, highly intuitive and blazing fast user interface. The new user interface was designed from the ground up after 100s of hours of security analyst interviewing and testing. The new Respond and Investigate workflows make it easy for security analysts to triage information rapidly because they have all the information they need in one screen - and will make threat hunters even more impactful by providing them insights and drills into all the data, business context and threat intelligence they need. From novice to hunter – these workflows will make any security analyst better at defending their networks. 

pastedImage_1.png

                                                                                 RESPOND: Interactive Nodal

We continue to focus on improving the efficiency and effectiveness of security analysts of all levels, by providing out of the box machine learning and behavior analytics for alerting and detection and by prioritizing the most important incidents based on business risk – from identity and asset criticality data. The new RSA NetWitness Suite is a force multiplier for security analysts and incident responders.

 

Ultimately, the RSA NetWitness Suite enables analysts to detect and investigate the full scope of an attack and more rapidly respond to those threats that matter the most to an organization.

 

You need to see it for yourself. You can learn more by visiting: www.rsa.com/DoMore

6 Comments
SomBorivong
Beginner
Beginner
‎2017-07-18 03:20 PM
‎2017-07-18 03:20 PM

Can this new version of Netwitness have the capability to decrypt SSL or TLS traffic coming into the Packet Decoder?

0 Likes
Anonymous
Not applicable
‎2017-07-18 03:31 PM
‎2017-07-18 03:31 PM

Yes, version 11 has native SSL decryption capabilities for private servers. Organizations will register SSL private key(s) with the decoder to reveal decrypted metadata. That metadata then becomes available for investigations, reporting, and alerting.

 

 

Thanks,

Amy

dineshpk
Beginner
Beginner
‎2017-07-24 05:27 AM
‎2017-07-24 05:27 AM

In cases, the password is visible after decryption, how that can be handled.

0 Likes
NathanGetty
Beginner
Beginner
‎2017-07-24 02:17 PM
‎2017-07-24 02:17 PM

Comment removed as requested.

0 Likes
MichaelGotham
Beginner
Beginner
‎2017-07-24 02:27 PM
‎2017-07-24 02:27 PM

You can obfuscate the meta key replacing a hashed value in place of the decrypted content or completely remove the key from an analysts view using RBAC.  The actual reconstructed payload will still show as encrypted.  Only the meta data will be clear text, unless you manually pull the key and packets from the decoder and decrypt via REST API.  Again, that can be controlled with RBAC.

 

See here for more details: https://community.rsa.com/docs/DOC-63209 

0 Likes
MaryRoark
Employee
Employee
‎2017-07-31 02:43 PM
‎2017-07-31 02:43 PM

Hell everyone - Target GA for RSA NetWitness Logs and Packets v11 is October of 2017.  It was exciting to see pre-release version keeping everyone safe and supporting the Black Hat 2017 NOC in Las Vegas. It was also live and protecting the network for RSAC Singapore.   Also, many customers were impressed by the interactive live demo at the RSA booth at Black Hat 2017 in Vegas. So stay tuned for more opportunities to see RSA NetWitness Suite in action!

© 2022 RSA Security LLC or its affiliates. All rights reserved.