WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
See our complete list of Top 10 SIEM Products.
Company description: RSA was founded in 1982 and acquired by EMC in 2006. EMC was acquired by Dell in 2016 and became a Dell Technologies business.
Product description: The RSA NetWitness Suite is a threat detection and response platform that allows security teams to detect and understand the scope of a compromise by leveraging logs, packets, endpoints, NetFlow and threat intelligence. It features machine learning, behavioral analysis, role-based orchestration and workflow for threat detection. It supports monitoring, alert and incident handling, breach analysis and response, event correlation and posture assessment.
“Our SIEM offering brings together logs, packets and endpoints into a single, holistic platform,” said Mike Adler, Vice President of Products, NetWitness, RSA.
Markets and use cases: Adler said the top industry verticals are financial institutions, governments, oil & gas, energy and telcos.
Metrics: It is rated to sustain log ingest of 30k EPS per system, to sustain packet ingest up to 10Gbps per system, and to support up to 100,000 endpoints per system. Each of these systems can be scaled out.
Security qualifications: It is CC EAL2+, accredited by the U.S. government, and supports running FIPS approved crypto algorithms and methods.
Intelligence: The RSA NetWitness Suite leverages intelligence, automation in analytics and response, along with machine learning behavior analytics. IT can record every network connection and every process executing in the enterprise. A streaming analytics engine known as RSA Event Stream Analysis (ESA) can customize profile-based alerts utilizing input from network sessions and logs. Further intelligence features include event source automatic monitoring, anomaly detection and entropy scores to generate alerts.
Delivery: It can run on premises, virtually, in public clouds or any combination.
Agents: RSA's SIEM is agentless.
Pricing: The primary pricing model is throughput-based, priced in 50 GB increments per day for logs, and 1 TB per day increments for packets. Pricing is structured as tiers, with higher volume tiers offering increasingly reduced prices on per 50 GB or 1 TB increments. The two throughput-based licensing options are:
1. Throughput Perpetual license: RSA NetWitness Logs and Packets each have 5 tiers that start at $27,800 per throughput unit per year (50 GB/Day for Logs, 1 TB/Day for Packets).
2. Subscription license: RSA NetWitness Logs (and Packets) has 10 tiers that start at $919 per throughput unit per month (50 GB/Day for Logs, 1 TB/Day for Packets).