NetWitness Platform XDR

RSA Security, LLC

NetWitness Platform XDR for Azure Increases Visibility, Improves Response Efficiency

See Everything.Fear Nothing. By rapidly detecting and responding to today’s targeted attacks

NetWitness is an Evolved SIEM and Open XDR platform that accelerates threat detection and response.It can collect and analyze data across all capture points (Logs, Packets, NetFlow, Endpoint, and IoT) and computing platforms (physical, virtual and cloud), enriching data with threatintelligence and business context.
The NetWitness Platform XDR allows security analysts to prioritize, respond, reconstruct, survey, investigate and confirm information about the threatsin their environment and take the appropriate response—quickly and precisely.

Key Features:

• Unparalleled visibility

  Gives security teams the visibility they need to detect sophisticated threats hiding in today’s complex, hybrid IT infrastructures. Provides real-time visibility into all network traffic with full packet capture, deep packet inspection, along with on-board decryption, allowing you to detect emerging, targeted, and unknown threats as they traverse the network, monitor attackers’ movement, and reconstruct entire network sessions.

• Improved analyst productivity

  Orchestration and automation capabilities make it easier for analysts to prioritize and investigate threats faster and coordinate activities across the entire security team. Empowers analysts to hunt the most advanced threats.

• Faster, more advanced threat detection

  Detects attacks in a fraction of the time of other platforms and connects incidents to expose the full attack scope. Speeds threat detection and investigation by enriching network and endpoint data at capture time with threat intelligence and business context.

• Smarter, faster analytics

  Analytics powered by machine learning with the scale of cloud delivers early detection of anomalies that lead to external and internal threats.

Platform XDR v12.1 Improvements:

Detection:

• Policy Based Centralized Content Management

  A unified approach to find, deploy, manage content and data sources of Event Stream Analysis component through the entire lifecycle based on policies that can be assigned to groups of devices.

• Support for bulk rule deploy operations

  Decoder supports new mergeall command for rules bulk merge operation that allows all the valid rules to be merged and return the list of invalid rules in case of an error. This feature avoids redeploying all rules in case of an error.

• Detections using Yara Rules

  Endpoint agents run Yara rules locally to find malicious files

• Endpoint host/file usability improvements

  Analysts have an option for remediation actions from the endpoint alert details such as file download, hash look-up, change file status etc.

• Improved Log Parsing

  Improvements to Log parsers to handle parsing of structured and unstructured data embedded in variables of structure logs and ability to build regex parse rule that will capture meta anywhere in the log triggered when a specific anchor text appears in the log.

Response:

• Export Incident data

  An analyst can export the Incidents data including alerts and events in JSON format for future analysis and auditing.

Administration:

• Roles of a NetWitness user

  An admin can view user roles for both internal and external users such as Active Directory.

• Password repetition policy

  New option to avoid password repetition has been added to security settings page to enhance password policy.

• Define retention policy for downloaded file

  Admins can define a retention policy to automatically clean-up the downloaded files after X days to avoid any potential disk space issues on the server

Security:

• Security updates

  Addresses latest security vulnerabilities reported against various libraries used by the product

Learn More

• NetWitness XDR White Paper
• NetWitness Resources