<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

 

Blog

Read or download all Datashield news, reviews, content, and more.

 

All Posts

11 Reason RSA NetWitness 11.x SIEM Enhances Customer Threat Detection & Response

Datashield and RSA have a long history, dating back to 2009. RSA NetWitness continues to be a preferred SIEM solution for many of our clients. The platform is especially powerful for utilizing full packet capture, which allows our analysts to perform in-depth forensic investigations.

The one downside we hear from many is that RSA NetWitness can be challenging to navigate and configure. Our long partnership gives us unparalleled service and knowledge to the clients we serve using the RSA platform.

Over the past 12 months, RSA has made strides in developing the RSA NetWitness Platform into a more evolved and user-driven SIEM that provides security monitoring, detection, and investigation tools under a single unified platform. RSA has released new innovative capabilities, a redesigned user experience, and invested more in the core functionality to increase the speed of detection and response to threats.

If you already have RSA NetWitness

If you use NetWitness currently but are not on v11.x, this is an encouragement to upgrade your solution.

You are Evaluating a SIEM Solution

Should you be looking to implement RSA NetWitness either as a new piece of technology or a replacement for a different SIEM; view this list as a road map for why RSA NetWitness might be the right solution for your organization. We have helped many enterprise organizations implement full-stack RSA and, over the past few years, have adopted a pared-down licensing model to allow us to implement full packet capture to the mid-market. See our Security Appliance page to learn more about our RSA NetWitness Mid-Market Solution.

11 Reasons to Love the RSA NetWitness Platform 11.x Evolved SIEM

5d7ab38303d8ce65e7624bbc_rsa-netwitness-11UEBA - RSA NetWitness® UEBA leverages unsupervised machine learning and includes machine learning models based on log data and deep endpoint process data, to rapidly detect anomalies in users' behavior and uncover unknown, abnormal and sophisticated evolving threats.


ENDPOINT - The RSA endpoint detection and response (EDR) solution, RSA NetWitness® Endpoint, is fully integrated with the RSA NetWitness Platform to provide additional context for detection and response, and a free RSA NetWitness Endpoint Insights Agent to capture static endpoint data and Microsoft Windows logs.
ORCHESTRATION & AUTOMATION - Native response workflows and SOAR capability in RSA NetWitness® Orchestrator. RSA NetWitness Orchestrator is a force multiplier for security operations centers (SOCs) to standardize, scale, measure, and continuously adapt its security operations.


A REDESIGNED AND INTUITIVE UI - Easy to use for both experts and less experienced analysts.


NODAL VIEW - Visual representation of threats to speed recognition of threat dynamics and identify the full scope of the attack.


AUTOMATED AND DYNAMIC LOG IDENTIFICATION - Forget about the days of unknown devices and unparsed logs when using the new out-of-the-box log parsing capabilities.


CLOUD SECURITY - Provides cloud visibility by capturing data from third-party cloud providers such as Amazon Web Services, Azure vTAP, and many others.
DECODE - Ability to find and decode base64 and hex, and deep dive into network sessions with redesigned network investigations.


INSIGHTS INTO ENCRYPTED TRAFFIC - Inbound SSL decryption, parsing of compressed webpages, and entropy measurements to help organizations gain valuable insight and metadata into encrypted traffic; without this visibility, the attacker has a clear advantage.


BUSINESS CONTEXT - Delivered in both Respond and Investigate workflows, with asset criticality from RSA Archer® Suite and threat-aware authentication with RSA SecurID® Suite, to help analysts prioritize their investigations and drive more informed authentication decisions.


THE ABILITY TO RUN ANYWHERE - Ability to run on RSA appliances, customer-provided hardware, virtual environments, and in the cloud. Now with expanded HA failover capabilities for RSA NetWitness® Platform server host as well as a seamless backup and restore process for your entire environment.


For a downloadable version of this article, click here.

About RSA

RSA delivers a unified, business-driven approach to managing digital risk—uniting stakeholders, integrating technologies and transforming risk into reward.

Learn more about the NetWitness Platform (link)

Topics from this Article

RSA NetWitness, SIEM, Endpoint Detection and Response

Justin Bahr
Justin Bahr
Justin Bahr is one of Product Managers at Datashield focused on technology partnerships, analytics and business intelligence.

Related Posts

Lumifi Cyber Acquires Datashield to Deliver Next-Generation Managed Detection and Response

Combines AI and Machine Learning-Based Software with MDR Services to Provide Fortune 500-Grade Security to Companies of All Sizes Palm Desert, CA and Scottsdale, AZ — May 3, 2022 — Lumifi Cyber, Inc., a next-generation managed detection and response (MDR) cybersecurity software provider, today announced its acquisition of Datashield, Inc., an end-to-end cybersecurity resilience services provider, to deliver Fortune 500-grade security to companies of all sizes for an affordable monthly price.

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

The Difference Between Cybersecurity & Network Security

The Difference Between Cybersecurity & Network Security