NetWitness Community

Summary:

RSA NetWitness® Platform (NWP) v11.3 continues to expand Platform-wide Detection capabilities, focusing on expanded visibility and detection from the Endpoint by integrating RSA’s Endpoint Detection and Response (EDR) solution, RSA NetWitness Endpoint, natively into the Platform. With this release, NW Endpoint Customers also benefit from the overall Platforms capabilities including Reporting, Dashboarding, Expanded Investigation capabilities and native Incident Management.

To take advantage of our latest Endpoint improvements, current RSA NetWitness Endpoint customers will need to migrate from their current architecture to v11.3. All current NW Endpoint 4.4 customers with active maintenance contracts can migrate to this new platform for no additional software cost.

Highlights:

RSA NetWitness Endpoint now available in the Platform. This release introduces native platform support for RSA NetWitness Endpoint’s EDR capabilities – enabling RSA NetWitness Endpoint 4.4 current customers to migrate to a consolidated Platform solution and architecture. This native EDR capability equips security analysts with industry-leading detection, investigation, and incident response capabilities, via the Endpoint, to augment and complement both their SIEM and Network (Packet) Investigations use of RSA NetWitness Platform.

• Expanded Detection of Threats. v11.3 expands detection of threats targeting the endpoint to include those threats that leverage Microsoft Windows native commands (for example, powershell.exe or cmd.exe) to evade detection.
• On-Demand Process Visualization. A new visual process viewer that highlights malicious processes, along with the detailed network, registry, and file actions to help analysts quickly understand the nature of a suspicious process.
• Performance and Stability Agent Improvements. Agent has been optimized to reduce footprint and dependencies on Microsoft Kernel updates. Additionally, it now offers expanded threat visibility and improved agent protections to mitigate attackers from disabling the agent.
• Improved Group Policy Management. Administrators can now manage groups of agents, their policy configurations and logging configurations.
• Improved Scale and Reduced TCO. Expanded support for large Enterprise environments and eliminates the need for 3rd party Microsoft SQL Server licenses.

• Expanded UEBA capabilities. v11.3 introduces new machine learning models designed to detect unusual process executions and registry changes that could indicate suspicious attacker activity. This advanced analytics capability can rapidly detect anomalies in user’s behavior and uncover unknown, abnormal, and complex evolving threats. 

For More Information:

For details on migrating from RSA NetWitness Endpoint 4.4.x to v11.3, Customers should review the Migration Guide for more details on the process.
See the RSA NetWitness Platform 11.3 Update Instructions and Release Notes available on RSA Link before you update

For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.