RSA NetWitness
Platform is an innovative, unified and evolved SIEM, complete with threat
detection and response. The number of digital risks businesses face continues
to grow, mandating a better means of closing blind spots between business
functions. RSA NetWitness’ focus on integrated security addresses threats
earlier in the attack lifecycle, reducing the impact of these threats and
driving faster action.RSA NetWitness
provides broad visibility because of the information it ingests from logs,
networks, packets and endpoints. It then parses, enriches and indexes this data
with contextual information to create metadata that security teams can filter
and query for optimal efficiency.Once the
platform contextualizes the data it collects, the UEBA, an
unsupervised-learning system, compares it to threat intelligence and
correlation capture rules to detect suspicious behaviors and determine risk
scores. Leveraging machine-learning here eliminates the need for security teams
to build or configure rules manually.Dashboards have
twenty-one customizable dashlet (widgets) options that offer a quick and
holistic view of an environment. Users can create an unlimited number of
dashboards to give a variety of views that they can then share and customize
with others. The default dashboard has a monitor tab that does function
adequately but is rather average in design. Though not tremendously outdated,
it is not as modern as the dashboards in other products. However, the bland
aesthetic has little impact on usability.The platform
streamlines threat investigation with live queries and robust filtering
capabilities that show only relevant data. It also auto-defines incident
numbers and shows important information like incident status, the name of the
incident investigator and more. Event streams show step-by-step log information
for an event so security analysts can get a big picture idea of what has
occurred along an event timeline. If there are notable correlations or
similarities with other alerts, the system will chain them together, thus
increasing response time, reducing alert fatigue and making the job of security
analysts much easier.Analysts can now
respond quickly to more complicated events, thanks to automated and guided
remediation. For automated responses, runbooks and playbooks integrate basic
management functions directly. This modular platform offers a robust set of
pick-and-choose remediation options for easy deployment. Subscribers may even
choose to aggregate some of the threat detection and response data contained in
its large repository of out-of-the-box reports, including daily configurable
reports.RSA NetWitness
Platform arms security teams with a multitude of native data sources that layer
in endpoint data and provide threat detection and response across an
environment. The automation and orchestration in this platform optimize threat
detection and response and dramatically reduce security team burdens.RSA did not
provide any general starting price. Given the sometimes arduous and complex
nature of SIEMs, we were surprised to find there is no basic, free support
offered. 8/5 and 24/7 phone, email and website support options are available
for a fee and come with access to a knowledgebase and FAQ list. Tested by: Matthew Hreben
Content
RSA Security NetWitness Platform 11.4
Product title
RSA Security NetWitness Platform 11.4
Product info
Vendor: RSA Security, a Dell Technologies Business
Contact: www.rsa.com
Price: No minimum provided
Strength
This modular platform offers a robust set of pick-and-choose remediation options for easy deployment.
Weakness
Given the sometimes arduous and complex nature of SIEMs, we were surprised to find there is no basic, free support offered.
Verdict
RSA NetWitness Platform arms security teams with a multitude of native data sources that layer in endpoint data and provide threat detection and response across an environment.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds