RSA Unveils Industry-Leading Capabilities For Threat Information Sharing

RSA introduces enhancements to the RSA NetWitness Live platform

February 27, 2012

6 Min Read


RSA CONFERENCE 2012 — SAN FRANCISCO, CA — Feb. 27, 2012 — RSA', the Security Division of EMC' (NYSE:EMC), introduced enhancements to the RSA NetWitness Live™ platform that extends the company’s leadership in providing actionable intelligence in the battle against advanced threats. The RSA NetWitness Live service now provides 30 percent more threat content, customized content distribution capabilities and new integration with RSA’s analytics platforms.

“Threat intelligence and related information must be shared faster than ever to defeat today’s cyber adversaries, whose attacks have become increasingly sophisticated and customized,” says Amit Yoran, SVP and General Manager of RSA’s Security Management & Compliance Division. “RSA NetWitness Live has been instrumental to our customers in detecting and defeating advanced threats. By tapping into the collective intelligence and analytical skills of the global security community, the RSA NetWitness Live service helps organizations significantly enhance their situational awareness and shorten their time to respond to potential threats. The latest enhancements and integrations extend our industry-leading capabilities in real-time security analytics and advanced threat detection to give organizations more timely and constructive visibility into potential attack vectors.”

The RSA NetWitness Live service is a cloud-based 24x7 threat intelligence delivery platform that is engineered to aggregate, analyze and spotlight the most relevant security content from approximately 100 trusted sources, including insights derived from RSA’s proprietary threat research. Within the RSA NetWitness' platform, the RSA NetWitness Live service’s carefully curated information is combined and correlated with an organization’s network and log data in real-time. This fusion of data provides actionable insights to security operations centers that can help speed their incident response times and reduce their vulnerability to targeted cyber attacks. RSA Introduces NetWitness Live Enhancements

Three major enhancements to the RSA NetWitness Live service were released today at RSA Conference.

RSA NetWitness Live Manager 2.1 with Content Profiles – RSA NetWitness Live Manager provides a central management console to help organizations tailor their content sources based on their unique environment and threat profile, add their own network monitoring feeds and optimize content flow. RSA NetWitness Live Manager content profiles are engineered to be completely customizable and to empower security teams to more easily organize and distribute RSA NetWitness Live content for virtually any use case or network environment. RSA NetWitness Live Manager and content profiles are designed to allow security analysts to focus on the task of protecting network assets by reducing the time and effort normally required to effectively manage content.

Expanded threat content – The RSA NetWitness Live service merges the best industry threat intelligence with RSA’s Cyber Crime Intelligence data. The RSA N NetWitness Live service now offers 1,000 pieces of content (reports, rules, parsers, etc.) from over 100 distinct threat information sources, tracking more than 5 million IP addresses and domains. Among the newly added data sources are the RSA CyberCrime Intelligence service and RSA eFraudNetwork™, which together aggregate fraud intelligence from 500 million networked devices and 250 million users worldwide. Newly added third-party threat indicator feeds include Verisign' iDefense' Security Intelligence Services and Critical Intelligence Services. RSA NetWitness Live has also integrated intelligence feeds from both Bit9 and ThreatGRID for malware analysis. As with all RSA NetWitness Live content, the service’s new information feeds are encrypted and therefore engineered so that they cannot be read except within the RSA NetWitness appliance. This encryption feature enables organizations to use the service’s threat information while helping to ensure that shared information is protected from leakage.

Broad platform support for new security analytics platforms – The RSA NetWitness Live service added support for two key security analytics solutions: the RSA NetWitness for Logs platform and the RSA NetWitness Spectrum™ malware detection platform. Now, security teams can stream relevant RSA NetWitness Live content directly to these analytics platforms, which are designed to automatically ingest the data to enhance the precision of their threat detection results. RSA Highlights New Concepts in Future Approach to Collaboration

Today at RSA Conference 2012, RSA also will demonstrate a cloud-based framework and proof-of-concept designed to help the global security industry test new ideas and methods for improving threat information sharing and collaboration. The first demonstration of RSA’s conceptual framework facilitates collaboration among organizations and outside security experts in detecting, investigating and remediating advanced threats.

“A shortage of specialized security expertise is a serious challenge for most organizations dealing with advanced threats,” says Bret Hartman, RSA’s chief technology officer. “Collaboration with outside partners is often the most efficient and convenient way to scale advanced threat capabilities and talent. Technology solutions such as RSA’s experimental collaboration platform will help companies with limited experience in advanced threats augment their capabilities, and will enable broader sharing of threat intelligence across the industry. We’d like others in the global security community to join us in exploring new methods, such as this type of framework, to share threat information on a much larger scale.”

RSA’s conceptual framework builds on the RSA NetWitness Live cloud platform and the RSA Archer™ eGRC Suite. Compared to conventional processes for collaborating on threat detection and response, the framework highlights several important advantages RSA believes will be essential for industry-wide collaboration:

Augmentation of in-house security capabilities with on-demand external expertise

Security, policy and data leakage protection

Coordination of workflows for incident handling and response

Automation of routine steps in threat sharing and collaboration

Performance monitoring and trust measures

For more information about RSA’s new conceptual collaborative intelligence sharing platform and other recent advances in threat information sharing, please download the new RSA Security Brief released today, “Breaking down Barriers to Collaboration in the Fight Against Advanced Threats.”

Additional Resources:

Download the RSA Security Brief “Breaking Down Barriers to Collaboration in the Fight Against Advanced Threats” Learn more about RSA NetWitness Live Learn more about Trusted IT from EMC Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights