SAN FRANCISCO - RSA, the Security Division of EMC Corp., updated its RSA NetWitness Live network traffic capture...
platform adding more threat content, customized content distribution capabilities and integration with RSA’s analytics platforms.
The RSA NetWitness Live service adds a cloud-based threat intelligence delivery platform to the NetWitness appliance. It aggregates and analyzes security threat data to produce useable threat insights. It can be applied to about 100 sources, including RSA’s threat intelligence feed.
Version 2.1 includes a new central management console with content profiles that are customizable. They can be tailored to specific sources based on the organization’s network monitoring needs. RSA also merged its Cyber Crime Intelligence data into the platform. Also included is a feed from the RSA eFraudNetwork. The feeds aggregate fraud intelligence from 500 million networked devices and 250 million users worldwide.
RSA also has third-party threat intelligence feeds from VeriSign, Bit9 and ThreatGrid for malware analysis. All of the feeds are encrypted and can’t be read outside the NetWitness appliance. RSA also added an analytics layer, integrating it into its enVision log management platform. The two analytical pieces are called NetWitness for Logs platform and the RSA NetWitness Spectrum.
The company is demonstrating a conceptual cloud-based framework for information sharing that is built on its RSA NetWitness Live cloud platform and its Archer eGRC Suite. The company claims its framework facilitates collaboration among organizations and outside security experts in detecting, investigating and remediating advanced threats.
View all of our RSA 2012 Conference coverage.