RSA NetWitness® Suite
RSA NetWitness Suite is a security monitoring solution that combines log and network traffic analysis with endpoint-based visibility and automated threat intelligence to detect and investigate sophisticated cyber-attacks.
RSA is a computer and network security company headquartered in Bedford, Massachusetts, USA. Founded in 1982 by Ron Rivest, Adi Shamir and Len Adleman – the developers of the RSA public key cryptography algorithm, the company has strong roots in cryptography and is probably best known for RSA SecurID®, one of the most popular hardware token-based methods of two-factor authentication. In 2006, RSA was acquired by EMC Corporation and has been operating as a division within EMC. After the acquisition of EMC by Dell was finalized in September 2016, it has been announced that RSA became a direct subsidiary of Dell Technologies and will continue operating with enough autonomy to keep maintaining their own product ecosystem.
With over 1300 employees and regional offices in over 70 countries, RSA has a strong global presence, serving more than 30000 customers worldwide across all major industry verticals, including government and defense, financial services, utilities and many others. RSA Conference, an annual event organized by the company, is recognized as one of the leading conferences in the field of information security. Currently, the company offers a wide range of technology and business solutions in such areas as identity assurance, GRC (governance, risk and compliance), fraud detection and information protection, as well as security analytics and operations. In addition, the company provides consulting and advisory services.
With the continued adoption of mobile and cloud services and the profound impact of digital technologies on business models and processes (the notorious Digital Transformation), organizations are finding it increasingly difficult to protect their IT systems from attacks. As the very notion of the corporate perimeter has almost eroded, traditional security controls are no longer able to detect the increasingly sophisticated methods cyber criminals are using to mimic normal user behavior and to infiltrate corporate networks. Even worse, many of those criminals may, in fact, be malicious insiders.
All this has led to a massive paradigm shift in information security from perimeter protection towards monitoring and detecting malicious activities within networks in real time. A new generation of security analytics tools has emerged recently, utilizing machine learning and Big Data analytics to correlate large amounts of security data collected across the corporate infrastructure and enrich them with additional context data and external threat intelligence. In the end, a security researcher can deal with a manageable number of relevant security incidents, ranked by severity and enriched with valuable forensic information. As opposed to traditional log-centric SIEM solutions or signature-based antimalware tools, these Real-Time Security Intelligence solutions provide a unified real-time overview of the corporate security posture across endpoints, networks and services and enable early detection and mitigation of cyber-attacks to minimize the damage.
RSA has been active in this market segment for quite some time, offering a complete security analytics solution recently rebranded as RSA NetWitness Suite. The product provides a unified platform for log, network packet and NetFlow analytics recently expanded to include endpoints and to support incident remediation workflows. Provided as fixed high-performance hardware appliances, consumption-based appliances or software only versions, suitable for both hardware independent or virtual machine deployments, the solution is capable of meeting the most demanding scalability and high availability requirements regardless of the deployment model.