RSA NetWitness Panorama, a new module in the RSA NetWitness family, delivers innovation in security analytics through the fusion of hundreds of log data sources with external threat intelligence. Combined with RSA NetWitness, enterprises can now have extraordinarily broad and robust high-speed visibility into the critical information needed to help detect today’s targeted, dynamic and stealthy attack techniques. RSA NetWitness Panorama may be deployed in three ways: as an extension to RSA NetWitness installations to combine the diverse information contained in log files with the deep content of full traffic capture, alongside RSA enVision for fast security analytics across the volumes of log data collected by RSA enVision, or as a standalone log analytics module with or without other 3rd party SIEM tools.
“Customers are wrestling with the need to use a variety of data sources both to demonstrate compliance and to combat advanced threats,” said Amit Yoran, Senior Vice President and General Manager, Security Management and Compliance Business, RSA, The Security Division of EMC. “Log management and SIEM technologies are important elements of incident and threat management processes, but have been constrained by a lack of a common lexicon, scalability, and the agility to adapt to the ever-changing threat landscape. Our enhancements to RSA enVision make it a more powerful tool for compliance reporting and also for analysis of log data as part of the security process. And, by providing native, cross-environment visibility and threat-informed analytics across log data and full packet capture, RSA NetWitness Panorama technology offers security teams an unprecedented view of organizational activity across even more of their IT infrastructure.”
RSA NetWitness Panorama Module Delivers Situational Awareness
RSA NetWitness Panorama technology is designed to apply a host of NetWitness innovations to make log data an active part of security operations. Those innovations are engineered to include:
Interactive data-driven analysis of over 200 different enterprise log formats leveraging RSA enVision content definitions
Award-winning, patented, drill-down analysis that works over network sessions and log data
Mature threat intelligence combined with log data for better context of threats, automating a key part of the information sharing process around threats
Data presented the way expert security analysts investigate advanced threats, enabling more insightful analysis
Scalability and speed from the RSA NetWitness platform enabling fast, actionable log analytics
High speed connector from RSA enVision to the RSA NetWitness Panorama module, enabling richer data feeds into RSA NetWitness Panorama in side-by-side deployments
The RSA NetWitness Panorama module can either consume syslog data directly or gain richer data via direct feeds from the RSA enVision SIEM platform to provide even greater context for investigations and incident response.
“Enterprises continue to struggle to achieve adequate visibility into a variety of advanced, targeted and layered threats that evade detection by traditional approaches to incident management,” said Lawrence Pingree, Research Director, Gartner. “Combating these attacks requires security teams to think differently about how they can achieve situational awareness. The ability to understand complete security context is significantly enhanced through the fusion of disparate security events in conjunction with protocol level visualization, and is an essential component to the efficiency of today’s security operations and incident response triage procedures.”
RSA enVision Enhancements Improve Speed of Investigations
Enhancements to the RSA enVision SIEM platform are designed to increase the speed and simplicity of ad-hoc queries against log data, while improving report management capabilities. Customers can now execute queries for investigation and incident response across large volumes of log data with up to 10X improvements in response time over the previous version. RSA enVision 4.1 platform is also engineered to enable RSA enVision ES centralized deployments to be run as a fully virtual machine and offers virtual collectors for RSA enVision LS distributed deployments, making it simpler for customers to implement consistent security and compliance across physical and virtual infrastructures. The performance improvements of ad-hoc queries in the RSA enVision 4.1 platform help deliver the speed and flexibility critical for log-specific investigations and forensics.
RSA NetWitness Panorama is available in Beta Q3, 2011 and will be generally available in Q4, 2011. RSA enVision 4.1 will be generally available in Q3.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing physical, virtual and cloud environments. For more information, please visit www.RSA.com and www.EMC.com.