Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

8/4/2011
04:34 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

RSA NetWitness Rolls Out Panorama

Also announces enhancements to enVision SIEM platform

Black Hat, LAS VEGAS – August 3, 2011 – RSA, The Security Division of EMC (NYSE: EMC), today announced a revolutionary approach to situational awareness for information security with the launch of RSA NetWitness Panorama™ technology and enhancements to its RSA enVision' Security Information and Event Management (SIEM) platform. These improvements are designed to provide customers with the ability to better identify and combat today’s advanced threats.

RSA NetWitness Panorama, a new module in the RSA NetWitness family, delivers innovation in security analytics through the fusion of hundreds of log data sources with external threat intelligence. Combined with RSA NetWitness, enterprises can now have extraordinarily broad and robust high-speed visibility into the critical information needed to help detect today’s targeted, dynamic and stealthy attack techniques. RSA NetWitness Panorama may be deployed in three ways: as an extension to RSA NetWitness installations to combine the diverse information contained in log files with the deep content of full traffic capture, alongside RSA enVision for fast security analytics across the volumes of log data collected by RSA enVision, or as a standalone log analytics module with or without other 3rd party SIEM tools.

“Customers are wrestling with the need to use a variety of data sources both to demonstrate compliance and to combat advanced threats,” said Amit Yoran, Senior Vice President and General Manager, Security Management and Compliance Business, RSA, The Security Division of EMC. “Log management and SIEM technologies are important elements of incident and threat management processes, but have been constrained by a lack of a common lexicon, scalability, and the agility to adapt to the ever-changing threat landscape. Our enhancements to RSA enVision make it a more powerful tool for compliance reporting and also for analysis of log data as part of the security process. And, by providing native, cross-environment visibility and threat-informed analytics across log data and full packet capture, RSA NetWitness Panorama technology offers security teams an unprecedented view of organizational activity across even more of their IT infrastructure.”

RSA NetWitness Panorama Module Delivers Situational Awareness

RSA NetWitness Panorama technology is designed to apply a host of NetWitness innovations to make log data an active part of security operations. Those innovations are engineered to include:

Interactive data-driven analysis of over 200 different enterprise log formats leveraging RSA enVision content definitions

Award-winning, patented, drill-down analysis that works over network sessions and log data

Mature threat intelligence combined with log data for better context of threats, automating a key part of the information sharing process around threats

Data presented the way expert security analysts investigate advanced threats, enabling more insightful analysis

Scalability and speed from the RSA NetWitness platform enabling fast, actionable log analytics

High speed connector from RSA enVision to the RSA NetWitness Panorama module, enabling richer data feeds into RSA NetWitness Panorama in side-by-side deployments

The RSA NetWitness Panorama module can either consume syslog data directly or gain richer data via direct feeds from the RSA enVision SIEM platform to provide even greater context for investigations and incident response.

“Enterprises continue to struggle to achieve adequate visibility into a variety of advanced, targeted and layered threats that evade detection by traditional approaches to incident management,” said Lawrence Pingree, Research Director, Gartner. “Combating these attacks requires security teams to think differently about how they can achieve situational awareness. The ability to understand complete security context is significantly enhanced through the fusion of disparate security events in conjunction with protocol level visualization, and is an essential component to the efficiency of today’s security operations and incident response triage procedures.”

RSA enVision Enhancements Improve Speed of Investigations

Enhancements to the RSA enVision SIEM platform are designed to increase the speed and simplicity of ad-hoc queries against log data, while improving report management capabilities. Customers can now execute queries for investigation and incident response across large volumes of log data with up to 10X improvements in response time over the previous version. RSA enVision 4.1 platform is also engineered to enable RSA enVision ES centralized deployments to be run as a fully virtual machine and offers virtual collectors for RSA enVision LS distributed deployments, making it simpler for customers to implement consistent security and compliance across physical and virtual infrastructures. The performance improvements of ad-hoc queries in the RSA enVision 4.1 platform help deliver the speed and flexibility critical for log-specific investigations and forensics.

RSA NetWitness Panorama is available in Beta Q3, 2011 and will be generally available in Q4, 2011. RSA enVision 4.1 will be generally available in Q3.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing physical, virtual and cloud environments. For more information, please visit www.RSA.com and www.EMC.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18986
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVE-2019-18981
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2019-18982
PUBLISHED: 2019-11-15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVE-2019-18985
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
CVE-2019-18928
PUBLISHED: 2019-11-15
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.