RSA has announced its intent to acquire Fortscale, a pioneer in embedded behavioral analytics. Terms of the deal were not disclosed and are subject to customary closing conditions. RSA’s acquisition of Fortscale is designed to provide customers with new user and entity behavioral analytics (UEBA) capabilities through the RSA NetWitness Platform.
RSA is also unveiling the newest version of RSA NetWitness Platform that helps security teams detect and respond to modern threats, as well as two new offerings, RSA NetWitness UEBA and RSA NetWitness Orchestrator to strengthen the evolved SIEM and threat defense platform, a revolutionary centerpiece of security operations teams.
“The RSA NetWitness Platform has helped our team increase their visibility, detect threats with higher fidelity, and automate response to the threats that pose the greatest risk to our organization” said John Byers, Senior Vice President, Information Security and CISO, IBC Bank. “Our security analysts cite RSA NetWitness Platform as the technology that marks the biggest impact on their effectiveness, making the process of identifying and intelligently responding to threats more streamlined and efficient.”
In an era of ever-expanding attack surface, protecting against threat actors – from commodity malware and insider threats, to state sponsored exploits and hacktivists – has become increasingly complex. Disconnected silos of prevention, monitoring, and investigation technologies are failing to provide the true end-to-end visibility, detection and automated response needed in a modern digital enterprise.
“Adding more security monitoring and prevention tools is a common response to the growing digital risk environment, but too often, the influx of data creates unattended alerts, overwhelming analysts,” said Michael Adler, Vice President, RSA NetWitness Platform. “The new UEBA and orchestration capabilities in RSA NetWitness Platform provide heightened visibility and analytics, allowing analysts to keep up with their SIEM data, investigate issues, and automate threat responses, all on a single integrated platform.”
Introducing RSA NetWitness UEBA
RSA’s acquisition of Fortscale will provide customers embedded UEBA capabilities integrated with the Platform. RSA NetWitness UEBA directly addresses and overcomes obstacles that standalone solutions have encountered due to their high cost and high touch requirements. RSA NetWitness UEBA requires minimal customization and no manual tuning. Its patented, three-tier unsupervised machine learning analytics engine automatically finds known and unknown threats that rule-based systems cannot with greater accuracy.
Fortscale facilitates the automatic identification of deviations from normal user behaviors, to uncover risky and previously hard to detect threats. By understanding behavior, Fortscale can highlight potential risks such as shared user credentials, privileged user account abuse, geolocation and remote access anomalies. Organizations are able to find unknown threats that hide among the huge volume of security data that is typical in today’s complex IT environments without heavy installation, maintenance or analyst oversight. Fortscale is designed to:
- Provide fully automatic, unsupervised machine learning;
- Reduce the need for organizations to have big data experts in their analyst team;
- Detect unknown threats (compromised credentials, insider threats, data exfiltration);
- Address malicious behavior in which exploits have received elevated permissions;
- Be dynamic, automatically learning behavior specific to the environment; and,
- Require no customization, rule authoring or ongoing care, tuning, rule creation/adjustment.
Advanced UEBA Technologies
According to Gartner, “the security market is thirsty for advanced analytics that discover insider threats and compromised accounts, which traditional rule-based monitoring systems miss. UEBA technology often fills this gap and addresses three main problems: it detects external attacks and trusted insider threats, it raises high-priority and low-volume alerts, and it reduces the time and effort to investigate and respond1.”
Introducing RSA NetWitness Orchestrator
RSA NetWitness Orchestrator, powered by Demisto, combines orchestration, incident management, and interactive investigation for security operations. It uses machine learning to draw from past analyst interactions and investigations to suggest analyst assignments, enhance playbooks, and identify the best course of action for investigations. Security teams can now modernize their security operations while reducing time to remediation, creating consistent and audited incident management processes, and increasing analyst productivity.
New Features in RSA NetWitness Platform
Each of the new capabilities in RSA NetWitness Platform 11.1 provide distinct value, and is further enhanced when leveraged across a single platform:
- RSA NetWitness Endpoint Insights: a free endpoint agent, it delivers timely insights and reduces the costs of managing endpoints and Windows logs by offering essential endpoint inventory scans paired with Microsoft Windows log forwarding and filtering capabilities.
- RSA NetWitness UEBA Essentials: leverages user, network, and endpoint behavioral profiling powered by static rules, advanced correlation, and statistical analytics to identify deviations from normal user behaviors. Delivered as a content pack, it is available free to all RSA NetWitness Platform customers.
- Dynamic Log Visibility: offers instant log visibility by leveraging “dynamic parsing” technology that enables organizations to parse log data sources and immediately access critical security data.
“Managing digital risk in the modern enterprise requires customers to rethink the capabilities of their Security Operations Center. RSA believes that a core capability is an evolved SIEM that can detect incidents from a variety of sources – including user behavior,” said Grant Geyer, Senior Vice President, Products, RSA. “Detecting suspicious user behavior isn’t just essential to enabling the SOC to spot insider threats and compromised credentials – it also aids in the Identity and Access Management team’s authentication of risky users – ensuring that they are who they claim to be. By tying together the domains of security exclusion and security inclusion with UEBA capabilities, customers can manage the risk associated with their digital transformation more effectively.”