RSA NetWitness SIEM Suite Updated to Improve Security Operations

New iteration of SIEM platform provides an enhanced user interface to help make it easier for security analysts to handle incident response and investigations.

RSA NetWitness

RSA, a Dell Technologies business, released the latest version of its NetWitness SIEM (Security Information and Event Management) Suite on July 18, providing organizations with a new user-experience that aims to make it easier to conduct security investigations.

The RSA NetWitness Suite is made up of multiple modules, including the Logs and Packets component which is now being updated to version 11. 

"With Logs and Packets 11.0 we're really focused on the security analyst experience," Mike Adler, Vice President of Product, RSA NetWitness Suite, told eWEEK

Adler noted that the data collection from logs is pretty much a solved problem at this point and isn't where the challenge exists. The challenge rather has been on making the most use of data and enabling security analysts to be highly efficient. Adler said that RSA has performed thousands of hours of user studies to fully analyze the human element of understanding and benefitting from log data.

"We put together a brand new user interface, with the power we've always had, in a new experience that lets analysts be more effective with day-to-day tasks," Adler said.

He added that the new user interface also simplifies the workflow so that security analysts are presented with the required information in a dashboard, rather having to search through information. The new release of RSA NetWitness also makes it easier for security analysts to get log insights from the cloud as well, including data from Microsoft Azure and Amazon Web Services (AWS) cloud deployments.

Another key component of the updated SIEM suite is the new RSA NetWitness Endpoint 4.4 module, which enables security analysts to integrate endpoint data into security investigations. Adler said that the endpoint module helps to provide a unified view across an organization's IT assets. The endpoint module uses an agent that is installed on Microsoft Windows, Apple macOS and Linux system, providing visibility and investigative capabilities.

"We've always had EDTR (Endpoint Detection and Threat Response) as part of the portfolio and now what we're doing is bringing the endpoint metadata into the integrated platform," Adler said. "We can correlate data across all of an organization's endpoints to see the relationships that previously were not well understood."

From a security analyst perspective, Adler said that a primary initial task is dealing with incident management and figuring out what alerts need to be addressed. He noted that the NetWitness Suite will organize and prioritize alerts based on business context, helping analysts to understand where they should spend their time.

"We designed our dashboard so a security analyst will get a timeline view of what is happening and see the context of alerts in a single screen," Adler said. "We've spent a tremendous amount of time improving the incident management and investigation workflows, interweaving business context with visibility to allow all types of security analysts to take advantage of the NetWitness Suite."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.