Datashield and RSA have a long history, dating back to 2009. RSA NetWitness continues to be a preferred SIEM solution for many of our clients. The platform is especially powerful for utilizing full packet capture, which allows our analysts to perform in-depth forensic investigations.
The one downside we hear from many is that RSA NetWitness can be challenging to navigate and configure. Our long partnership gives us unparalleled service and knowledge to the clients we serve using the RSA platform.
Over the past 12 months, RSA has made strides in developing the RSA NetWitness Platform into a more evolved and user-driven SIEM that provides security monitoring, detection, and investigation tools under a single unified platform. RSA has released new innovative capabilities, a redesigned user experience, and invested more in the core functionality to increase the speed of detection and response to threats.
If you already have RSA NetWitness
If you use NetWitness currently but are not on v11.x, this is an encouragement to upgrade your solution.
You are Evaluating a SIEM Solution
Should you be looking to implement RSA NetWitness either as a new piece of technology or a replacement for a different SIEM; view this list as a road map for why RSA NetWitness might be the right solution for your organization. We have helped many enterprise organizations implement full-stack RSA and, over the past few years, have adopted a pared-down licensing model to allow us to implement full packet capture to the mid-market. See our Security Appliance page to learn more about our RSA NetWitness Mid-Market Solution.
11 Reasons to Love the RSA NetWitness Platform 11.x Evolved SIEM
UEBA - RSA NetWitness® UEBA leverages unsupervised machine learning and includes machine learning models based on log data and deep endpoint process data, to rapidly detect anomalies in users' behavior and uncover unknown, abnormal and sophisticated evolving threats.
ENDPOINT - The RSA endpoint detection and response (EDR) solution, RSA NetWitness® Endpoint, is fully integrated with the RSA NetWitness Platform to provide additional context for detection and response, and a free RSA NetWitness Endpoint Insights Agent to capture static endpoint data and Microsoft Windows logs.
ORCHESTRATION & AUTOMATION - Native response workflows and SOAR capability in RSA NetWitness® Orchestrator. RSA NetWitness Orchestrator is a force multiplier for security operations centers (SOCs) to standardize, scale, measure, and continuously adapt its security operations.
A REDESIGNED AND INTUITIVE UI - Easy to use for both experts and less experienced analysts.
NODAL VIEW - Visual representation of threats to speed recognition of threat dynamics and identify the full scope of the attack.
AUTOMATED AND DYNAMIC LOG IDENTIFICATION - Forget about the days of unknown devices and unparsed logs when using the new out-of-the-box log parsing capabilities.
CLOUD SECURITY - Provides cloud visibility by capturing data from third-party cloud providers such as Amazon Web Services, Azure vTAP, and many others.
DECODE - Ability to find and decode base64 and hex, and deep dive into network sessions with redesigned network investigations.
INSIGHTS INTO ENCRYPTED TRAFFIC - Inbound SSL decryption, parsing of compressed webpages, and entropy measurements to help organizations gain valuable insight and metadata into encrypted traffic; without this visibility, the attacker has a clear advantage.
BUSINESS CONTEXT - Delivered in both Respond and Investigate workflows, with asset criticality from RSA Archer® Suite and threat-aware authentication with RSA SecurID® Suite, to help analysts prioritize their investigations and drive more informed authentication decisions.
THE ABILITY TO RUN ANYWHERE - Ability to run on RSA appliances, customer-provided hardware, virtual environments, and in the cloud. Now with expanded HA failover capabilities for RSA NetWitness® Platform server host as well as a seamless backup and restore process for your entire environment.
For a downloadable version of this article, click here.