RSA, the security division of EMC Corp., announced Tuesday new capabilities for RSA NetWitness Spectrum, an analytical workbench that revolutionizes the identification, analysis and prioritization of malware-based threats to enterprise networks. The new capabilities in RSA NetWitness Spectrum provide support for real-time analysis of an expanded list of content types associated with many of the most critical advanced threat vectors.
RSA also has added a host of new intelligence partners, expanding the multi-source community of expertise from which RSA NetWitness Spectrum draws its situational awareness. These advanced capabilities in RSA NetWitness Spectrum are engineered to enable security operations centers to identify and mitigate serious problems missed by both traditional and modern approaches to malware protection.
"The days of signatures, blacklists and purpose-built security defenses alone are gone," said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. "At best, these products provide baseline protection. What's needed is an approach that looks beyond basic patterns, models the subtle ebbs and flows of network activity, then analyzes how content and behavior should be judged based upon anomalies and business policies. RSA is one of the vendors that truly understands this and is delivering an advanced level of situational awareness in advanced malware detection."
RSA NetWitness Spectrum is built upon RSA NetWitness network security monitoring platform which is designed to enable enterprises to record and analyze all network traffic. RSA NetWitness Spectrum leverages the power of the RSA NetWitness architecture to re-use the captured data and apply four distinct techniques that an advanced analyst would use to investigate and prioritize malware-related events. RSA NetWitness Spectrum is engineered to automatically analyze all executable content going across the network by automatically answering thousands of questions about the behavior of files within both the full context of an organization's network and its relationship to security intelligence across an ecosystem of content providers. This approach permits the security operation center to better determine "Which files are suspect? Why might it be malicious? What is it trying to do? Where else is it on the network? Which files deserve my attention more than others?" much faster and with more accuracy than in the past.
RSA NetWitness Spectrum is also designed to extend the core RSA NetWitness enterprise security platform, enabling organizations to leverage existing investments in RSA NetWitness, as well as complement RSA's other security technologies, by providing richer context around additional alerts and events. RSA NetWitness is a core component of the RSA security management portfolio that is designed to enable advanced security operations centers to identify, investigate and resolve a wide range of IT security risks.
"In today's threat environment, no form of malware prevention can guarantee adequate protection of an organization's most valuable information assets," said Amit Yoran, senior vice president and general manager, Security Management and Compliance, RSA. "With these new innovations in RSA NetWitness Spectrum, we are providing enterprises a content-rich and agile workbench that automates many of the most complex malware analysis and prioritization tasks. RSA NetWitness Spectrum helps close the gap between where the effectiveness of malware protection drops off, and where the true battle lines of detecting advanced networks threats begin."
RSA NetWitness Spectrum 1.1 has added support for Adobe PDF, Microsoft Office documents and JAR archive to its analysis engine. As targeted attacks using PDFs as an infection vehicle grow, RSA NetWitness Spectrum is engineered to subject all PDF, Microsoft Office documents and JAR files to the same investigative rigor as every executable, combining four distinct investigation techniques including sandboxing, community intelligence, file content and network behavior analysis to deliver the most comprehensive risk-based results directly into the hands of security operations centers.
Additionally, RSA has added new partners to the extensive community of threat intelligence and sandboxing providers. From these partners, RSA NetWitness Spectrum draws situational awareness and offers customers the ability to select and use an array of intelligence and content providers. The new partners include out-of-the-box integration with dynamic malware analysis from ThreatGRID as well as GFI SandBox.
RSA NetWitness Spectrum 1.1 will be generally available in the fourth quarter of this year.