Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

8/4/2011
04:34 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

RSA NetWitness Rolls Out Panorama

Also announces enhancements to enVision SIEM platform

Black Hat, LAS VEGAS – August 3, 2011 – RSA, The Security Division of EMC (NYSE: EMC), today announced a revolutionary approach to situational awareness for information security with the launch of RSA NetWitness Panorama™ technology and enhancements to its RSA enVision' Security Information and Event Management (SIEM) platform. These improvements are designed to provide customers with the ability to better identify and combat today’s advanced threats.

RSA NetWitness Panorama, a new module in the RSA NetWitness family, delivers innovation in security analytics through the fusion of hundreds of log data sources with external threat intelligence. Combined with RSA NetWitness, enterprises can now have extraordinarily broad and robust high-speed visibility into the critical information needed to help detect today’s targeted, dynamic and stealthy attack techniques. RSA NetWitness Panorama may be deployed in three ways: as an extension to RSA NetWitness installations to combine the diverse information contained in log files with the deep content of full traffic capture, alongside RSA enVision for fast security analytics across the volumes of log data collected by RSA enVision, or as a standalone log analytics module with or without other 3rd party SIEM tools.

“Customers are wrestling with the need to use a variety of data sources both to demonstrate compliance and to combat advanced threats,” said Amit Yoran, Senior Vice President and General Manager, Security Management and Compliance Business, RSA, The Security Division of EMC. “Log management and SIEM technologies are important elements of incident and threat management processes, but have been constrained by a lack of a common lexicon, scalability, and the agility to adapt to the ever-changing threat landscape. Our enhancements to RSA enVision make it a more powerful tool for compliance reporting and also for analysis of log data as part of the security process. And, by providing native, cross-environment visibility and threat-informed analytics across log data and full packet capture, RSA NetWitness Panorama technology offers security teams an unprecedented view of organizational activity across even more of their IT infrastructure.”

RSA NetWitness Panorama Module Delivers Situational Awareness

RSA NetWitness Panorama technology is designed to apply a host of NetWitness innovations to make log data an active part of security operations. Those innovations are engineered to include:

Interactive data-driven analysis of over 200 different enterprise log formats leveraging RSA enVision content definitions

Award-winning, patented, drill-down analysis that works over network sessions and log data

Mature threat intelligence combined with log data for better context of threats, automating a key part of the information sharing process around threats

Data presented the way expert security analysts investigate advanced threats, enabling more insightful analysis

Scalability and speed from the RSA NetWitness platform enabling fast, actionable log analytics

High speed connector from RSA enVision to the RSA NetWitness Panorama module, enabling richer data feeds into RSA NetWitness Panorama in side-by-side deployments

The RSA NetWitness Panorama module can either consume syslog data directly or gain richer data via direct feeds from the RSA enVision SIEM platform to provide even greater context for investigations and incident response.

“Enterprises continue to struggle to achieve adequate visibility into a variety of advanced, targeted and layered threats that evade detection by traditional approaches to incident management,” said Lawrence Pingree, Research Director, Gartner. “Combating these attacks requires security teams to think differently about how they can achieve situational awareness. The ability to understand complete security context is significantly enhanced through the fusion of disparate security events in conjunction with protocol level visualization, and is an essential component to the efficiency of today’s security operations and incident response triage procedures.”

RSA enVision Enhancements Improve Speed of Investigations

Enhancements to the RSA enVision SIEM platform are designed to increase the speed and simplicity of ad-hoc queries against log data, while improving report management capabilities. Customers can now execute queries for investigation and incident response across large volumes of log data with up to 10X improvements in response time over the previous version. RSA enVision 4.1 platform is also engineered to enable RSA enVision ES centralized deployments to be run as a fully virtual machine and offers virtual collectors for RSA enVision LS distributed deployments, making it simpler for customers to implement consistent security and compliance across physical and virtual infrastructures. The performance improvements of ad-hoc queries in the RSA enVision 4.1 platform help deliver the speed and flexibility critical for log-specific investigations and forensics.

RSA NetWitness Panorama is available in Beta Q3, 2011 and will be generally available in Q4, 2011. RSA enVision 4.1 will be generally available in Q3.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing physical, virtual and cloud environments. For more information, please visit www.RSA.com and www.EMC.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.