RSA NetWitness Platform 11.4 on Azure
RSA NetWitness Platform 11.4
RSA, a Dell Technologies Business
NWP version 11.4 introduces new features in UEBA, analyst investigation, Respond, administrative functions, and RSA NetWitness Endpoint, that collectively make security teams more efficient and arm them with the most relevant and actionable security data.
Enhanced Investigation Capabilities:
- The RSA NetWitness Investigate view now includes an improved initial workflow for Analysts that combines the Events and Event Analysis views into a single optimized experience. Analysts can seamlessly integrate meta-key and free-text searches in a query during investigations. These features also use auto-suggestion to help construct relevant queries during an investigation and use built-in profiles to quickly refine investigations.
Smarter Network Threat & Anomaly Detection:
- RSA NetWitness UEBA now uses network packet metadata as a key data source for machine learning and applies this data to anomaly detection models in order to detect malicious attacker activity – minimizing blind spots for security teams. Twenty-four new indicators across multiple network session identifiers provide alerts and risk scores to analysts for a faster response.
Improved Visualization of Incidents:
- RSA NetWitness Respond’s nodal visualization of incidents has been improved to clearly highlight entity relationships, group like-nodes, and layout entities in a more logical manner to improve analysts initial understanding of an incident. Additional enhancements include improvements to search functions in the Alert and Incident views, richer incident notifications, and access restrictions for Incidents.
Expanded Functions for Endpoint Response:
- Analysts can now investigate a suspicious host and rapidly respond to control the spread of an attack by isolating the host from the network. Files can be automatically downloaded to capture attacker executables before they can be deleted and the host process viewer now provides dynamic context about risk scores, event types, process execution, and file properties. Analysts can also download the Master File Table from suspicious hosts to perform additional forensics.
And Even More
- File Collection from Endpoint Agents
- Single Sign-on Capability
- Distributed Analyst User Interfaces
- New Health and Wellness (BETA)
For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.