This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Blog
  • RSA Netwitness Platform Evolved SIEM Expanding UEBA Capabilities with Intent to Acquire Fortscale

RSA Netwitness Platform Evolved SIEM Expanding UEBA Capabilities with Intent to Acquire Fortscale

TraceyShell
Employee TraceyShell
Employee
Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
‎2018-04-05 09:31 AM

by Mike Adler, VP Product RSA NETWITNESS

Empowering intelligent SOCs by providing them with the visibility, insights and actions they need—as quickly as possible—is key to a company’s ability to manage digital risk. However, as the number of users, endpoints, and networks accessing company data grows, so does the risk of cyberattacks to a company’s critical assets.

This can often leave SOC analysts overwhelmed with data and alerts, increasing the potential dwell time of a threat, leaving less time to find the threats that matter.  Ironically (and unfortunately), in its attempt to improve enterprise security by deploying more solutions, security professionals create silos of disconnected security information which can open the organization up to more vulnerabilities as these silos add complexity and deliver a very poor user experience for analysts.

This is why, I am pleased to announce RSA is adding Fortscale’s pioneering UEBA technologies to the RSA NetWitness® Platform.  Adding these capabilities natively to the Platform will enable our customers with an integrated approach that simplifies SOC management and security by correlating data to accurately detect and respond to advanced threats using analytics. RSA NetWitness UEBA seamlessly integrates with the Platform’s meta-data model, allowing intelligent processing of data in a single platform with a reduced storage footprint.  By building on the existing data store and analytical capabilities of the Platform, Fortscale’s technology enables RSA NetWitness customers to see anomalies in user behavior alongside other security alerts in the RSA NetWitness respond module.

 

The Fortscale UEBA engine identifies deviations from normal user behaviors and uncovers risky and previously hard-to-detect threats. By understanding behavior, Fortscale highlights potential risks such as shared user credentials, privileged user account abuse, geolocation and remote access anomalies. This allows organizations to find unknown threats hiding among the huge volume of security data found in today’s complex IT environments without heavy installation, maintenance or analyst oversight. The Fortscale UEBA engine is designed to:

  • Provide fully automatic, unsupervised machine learning;
  • Reduce the need for organizations to have big data experts on their analyst team;
  • Detect unknown threats (compromised credentials, insider threats, data exfiltration);
  • Address malicious behavior in which exploits have received elevated permissions;
  • Be dynamic, automatically learning behavior specific to the environment; and,
  • Require no customization, rule authoring or ongoing care, tuning, rule creation/adjustment.

The Fortscale UEBA engine strengthens the RSA NetWitness Platform evolved SIEM allowing our customers to have more capability at their fingertips without stitching together multiple security platforms or tools.  We expect customers will quickly come to value the additional alerts and information detected by the Fortscale UEBA engine and extend their adoption of the RSA NetWitness Platform as the centerpiece of an intelligent SOC.  I am excited to welcome the Fortscale team to RSA and look forward to sharing more details about the integration in the future. 

  • automationa and orchestration
  • NetWitness
  • NW
  • NWP
  • o&a
  • RSA NetWitness
  • RSA NetWitness Endpoint Insights
  • RSA NetWitness Orchestrator
  • RSA NetWitness Platform
  • RSA NetWitness UEBA
  • ueba
2 Likes
Share

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

  • Comment
Latest Articles
  • Agent Tesla: The Information Stealer
  • Threat Analysis: Detecting “Follina” (CVE-2022-30190) RCE Vulnerability with Netwitness Endpoint
  • Introducing NetWitness Vision XDR
  • Introducing NetWitness Platform XDR v12.0
  • Atlassian Confluence Zero-day Vulnerability (0-Zero) CVE-2022-26134: What You Need To Know
  • ‘Follina’ CVE-2022-30190 0-Day: What You Need To Know
  • CVE-2022-1388: BIG-IP iControl REST RCE Vulnerability
  • Ragnar Locker Ransomware: The Rampage Continues…
  • Ransomware Email Attacks: Beware of BazarLoader
  • Detecting Impacket with Netwitness Endpoint
Labels
  • Announcements 54
  • Events 2
  • Features 9
  • Integrations 6
  • Resources 57
  • Tutorials 21
  • Use Cases 21
  • Videos 116
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.