NetWitness Community

by Mike Adler, VP Product RSA NETWITNESS

Empowering intelligent SOCs by providing them with the visibility, insights and actions they need—as quickly as possible—is key to a company’s ability to manage digital risk. However, as the number of users, endpoints, and networks accessing company data grows, so does the risk of cyberattacks to a company’s critical assets.

This can often leave SOC analysts overwhelmed with data and alerts, increasing the potential dwell time of a threat, leaving less time to find the threats that matter.  Ironically (and unfortunately), in its attempt to improve enterprise security by deploying more solutions, security professionals create silos of disconnected security information which can open the organization up to more vulnerabilities as these silos add complexity and deliver a very poor user experience for analysts.

This is why, I am pleased to announce RSA is adding Fortscale’s pioneering UEBA technologies to the RSA NetWitness® Platform.  Adding these capabilities natively to the Platform will enable our customers with an integrated approach that simplifies SOC management and security by correlating data to accurately detect and respond to advanced threats using analytics. RSA NetWitness UEBA seamlessly integrates with the Platform’s meta-data model, allowing intelligent processing of data in a single platform with a reduced storage footprint.  By building on the existing data store and analytical capabilities of the Platform, Fortscale’s technology enables RSA NetWitness customers to see anomalies in user behavior alongside other security alerts in the RSA NetWitness respond module.

The Fortscale UEBA engine identifies deviations from normal user behaviors and uncovers risky and previously hard-to-detect threats. By understanding behavior, Fortscale highlights potential risks such as shared user credentials, privileged user account abuse, geolocation and remote access anomalies. This allows organizations to find unknown threats hiding among the huge volume of security data found in today’s complex IT environments without heavy installation, maintenance or analyst oversight. The Fortscale UEBA engine is designed to:

• Provide fully automatic, unsupervised machine learning;
• Reduce the need for organizations to have big data experts on their analyst team;
• Detect unknown threats (compromised credentials, insider threats, data exfiltration);
• Address malicious behavior in which exploits have received elevated permissions;
• Be dynamic, automatically learning behavior specific to the environment; and,
• Require no customization, rule authoring or ongoing care, tuning, rule creation/adjustment.

The Fortscale UEBA engine strengthens the RSA NetWitness Platform evolved SIEM allowing our customers to have more capability at their fingertips without stitching together multiple security platforms or tools.  We expect customers will quickly come to value the additional alerts and information detected by the Fortscale UEBA engine and extend their adoption of the RSA NetWitness Platform as the centerpiece of an intelligent SOC.  I am excited to welcome the Fortscale team to RSA and look forward to sharing more details about the integration in the future.