NetWitness Community

RSA NetWitness® Platform (NWP) v11.3 continues to expand Platform-wide Detection capabilities, focusing on expanded visibility and detection from the Endpoint by integrating RSA’s Endpoint Detection and Response (EDR) solution, RSA NetWitness Endpoint, natively into the Platform.    Security analysts will also benefit from improvements to search, investigations, incident management (through Respond) and threat aware authentication to enable rapid detection, understanding, and response to advanced threats. 

Highlights:  

• RSA NetWitness Endpoint now available in the Platform.    This release introduces native platform support for RSA NetWitness Endpoint’s EDR capabilities – enabling RSA NetWitness Endpoint 4.4 current customers to migrate to a consolidated Platform solution and architecture.   This native EDR capability equips security analysts with industry-leading detection, investigation, and incident response capabilities, via the Endpoint, to augment and complement both their SIEM and Network (Packet) Investigations use of RSA NetWitness.
  
• Expanded Detection of Threats.   V11.3 expands detection of threats targeting the endpoint to include those threats that leverage Microsoft Windows native commands (for example, powershell.exe or cmd.exe) to evade detection. 
• On-Demand Process Visualization.   A new visual process viewer that highlights malicious processes, along with the detailed network, registry,and file actions to help analysts quickly understand the nature of a suspicious process.  
• Log Collection for Windows via either the Advanced or Insights Endpoint Agent.    Simplifies log collection from Windows devices across the enterprise to remove dependencies on 3^rdparty agents or WMI.   Includes capability to customize logging policies as needed for groups of endpoints. 
• Performance and Stability Agent Improvements.    Agent has been optimized to reduce footprint and dependencies on Microsoft Kernel updates. Additionally, it now offers expanded threat visibility and improved agent protections to mitigate attackers from disabling the agent. 
• Improved Group Policy Management.   Administrators can manage groups of agents, their policy configurations and logging configurations.
• Improved Scale and Reduced TCO.    Expanded support for large Enterprise environments and eliminates the need for 3^rdparty Microsoft SQL Server licenses. 
• Expanded UEBA capabilities.   For customers leveraging RSA NetWitness Endpoint and UEBA, v11.3 introduces new machine learning models designed to detect unusual process executions and registry changes that could indicate suspicious attacker activity.  This advanced analytics capability can rapidly detect anomalies in users' behavior and uncover unknown, abnormal, and complex evolving threats. 
• Threat Aware Authentication.    RSA NetWitness Platform provides RSA SecurID Access with visibility and insight into suspicious user activity across the enterprise, enabling security operations teams to take immediate action against user accounts requiring stronger authentication. 
• Improved Search Experience.    Expanded query returns, faster queries leveraging new caching, improved query builder (in the Event Analysis view), and detailed status of a query added to the query bar to reveal warnings, errors, and performance by Broker and Concentrator.
• Flexible syslog collection to support non-UTF encoded logs.    
• Support for PKI Authentication.
• Improved HA Failover capabilities for NW Server Host.
• Plus a lot more usability improvements!    For a full list of improvements introduced with v11.3, please see the RSA NetWitness Platform 11.3 Release Notes. 

For More Information:  

• Please review the RSA NetWitness® Platform 11.3 Update Instructions and Release Notes available here on RSA Link before you update.
  

For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.