WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
See the complete list of top threat intelligence companies.
RSA was founded in 1982 and acquired by EMC in 2006. EMC was acquired by Dell in 2016 and became a Dell Technologies business.
- RSA NetWitness Suite is a threat detection and response platform that allows security teams to rapidly detect and understand the scope of a compromise by leveraging logs, packets, NetFlow, endpoints and threat intelligence.
- By aligning business context with security risks, it can analyze, prioritize, and investigate threats, a process that improves security analysis by three-fold. Threat Intelligence is included as part of ongoing support at no additional charge.
- RSA Live provides customers access to over two dozen feeds as part of their maintenance and support agreement. These intelligence feeds are populated from RSA's FirstWatch team, direct inputs from RSA's Incident Response activities, and threat research and open source intelligence.
- The suite also allows customers to create or import their own relevant intel into the system to generate alerts and provide further insight for analysts. RSA Live Connect, a community-based threat intelligence crowdsourcing platform, enables organizations to share anonymized threat intelligence with the broader user community in real time.
"A Threat Intelligence Platform should enable organizations to aggregate, correlate and analyze threat intelligence data from across multiple, disparate data sources in real time," said Mike Adler, Vice President of Products, NetWitness, RSA. "It should be able to be consumed by other technologies so that security teams can identify how relevant the threat is to their organization."
RSA NetWitness Logs and Packets is agentless. There is an endpoint detection and response capability in the suite, RSA NetWitness Endpoint, which is an agent server architecture.
Markets and Use Cases
RSA protects millions of users around the world and helps more than 90% of the Fortune 500. Its top 3 industry verticals are financial institutions, governments and oil/gas/energy/telcos.
It is rated to sustain log ingest of 30,000 EPS per system, to sustain packet ingest up to 10 Gbps per system and to support up to 100,000 endpoints per system. Each of these systems can be scaled out and there is no limit to how much can be collected across the Enterprise.
The suite is EAL2+, is accredited by the U.S. government, and is recognized via the Common Criteria certification. It supports running in "FIPS mode" so that only FIPS-approved crypto algorithms and methods are used.
Features machine learning, behavioral analysis, and advanced threat intelligence. It provides role-based orchestration and workflow. A streaming analytics engine performs analysis on network, log and endpoint events.
It can function on premises, in private clouds, on virtual machines, or in the public cloud.
Throughput Perpetual license: RSA NetWitness Logs and Packets each have 5 tiers that start at $27,800 per throughput unit per year (50 GB/day for Logs, 1 TB/day for Packets). Subscription license: RSA NetWitness Logs (and Packets) has 10 tiers that start at $919 per throughput unit per month (50 GB/day for Logs, 1 TB/day for Packets). Threat intelligence is included at no extra charge.
Free Security Resources
Detect and Investigate Malicious IP Activities in SIEM with Predictive Threat Intelligence
You already know how good Splunk is at correlating and analyzing operational data. But did you know that when you combine real-time, predictive threat intelligence with your IP logs, Splunk can actually alert you to perimeter attacks and accelerate the discovery and response to advanced online attacks?
- Continuously monitor and analyze over 4.3 billion IP addresses and affiliated IPs, URLs, files and mobile apps for highly accurate, actionable, real-time intelligence
- Identify IPs with a history of malicious behavior and predict which IPs pose a greater risk of a future attack
- Integration is fast, easy and will help your SIEM deliver greater depth and security insight into threats than you ever imagined possible