RSA NetWitness Platform is an innovative, unified and evolved SIEM, complete with threat detection and response. The number of digital risks businesses face continues to grow, mandating a better means of closing blind spots between business functions. RSA NetWitness’ focus on integrated security addresses threats earlier in the attack lifecycle, reducing the impact of these threats and driving faster action.
RSA NetWitness provides broad visibility because of the information it ingests from logs, networks, packets and endpoints. It then parses, enriches and indexes this data with contextual information to create metadata that security teams can filter and query for optimal efficiency.
Once the platform contextualizes the data it collects, the UEBA, an unsupervised-learning system, compares it to threat intelligence and correlation capture rules to detect suspicious behaviors and determine risk scores. Leveraging machine-learning here eliminates the need for security teams to build or configure rules manually.
Dashboards have twenty-one customizable dashlet (widgets) options that offer a quick and holistic view of an environment. Users can create an unlimited number of dashboards to give a variety of views that they can then share and customize with others. The default dashboard has a monitor tab that does function adequately but is rather average in design. Though not tremendously outdated, it is not as modern as the dashboards in other products. However, the bland aesthetic has little impact on usability.
The platform streamlines threat investigation with live queries and robust filtering capabilities that show only relevant data. It also auto-defines incident numbers and shows important information like incident status, the name of the incident investigator and more. Event streams show step-by-step log information for an event so security analysts can get a big picture idea of what has occurred along an event timeline. If there are notable correlations or similarities with other alerts, the system will chain them together, thus increasing response time, reducing alert fatigue and making the job of security analysts much easier.
Analysts can now respond quickly to more complicated events, thanks to automated and guided remediation. For automated responses, runbooks and playbooks integrate basic management functions directly. This modular platform offers a robust set of pick-and-choose remediation options for easy deployment. Subscribers may even choose to aggregate some of the threat detection and response data contained in its large repository of out-of-the-box reports, including daily configurable reports.
RSA NetWitness Platform arms security teams with a multitude of native data sources that layer in endpoint data and provide threat detection and response across an environment. The automation and orchestration in this platform optimize threat detection and response and dramatically reduce security team burdens.
RSA did not provide any general starting price. Given the sometimes arduous and complex nature of SIEMs, we were surprised to find there is no basic, free support offered. 8/5 and 24/7 phone, email and website support options are available for a fee and come with access to a knowledgebase and FAQ list.
Tested by: Matthew Hreben