The RSA NetWitness Live service is a cloud-based 24x7 threat intelligence delivery platform that is engineered to aggregate, analyze and spotlight the most relevant security content from approximately 100 trusted sources, including insights derived from RSA's proprietary threat research.
Within the RSA NetWitness platform, the service's carefully curated information is combined and correlated with an organization's network and log data in real-time.
Three major enhancements to the RSA NetWitness Live service were released at RSA Conference:
- RSA NetWitness Live Manager 2.1 with content profiles – RSA NetWitness Live Manager provides a central management console to help organizations tailor their content sources based on their unique environment and threat profile, add their own network monitoring feeds and optimize content flow. RSA NetWitness Live Manager content profiles are engineered to be completely customizable, easy to organize and distribute. RSA NetWitness Live Manager and content profiles are designed to allow security analysts to focus on the task of protecting network assets by reducing the time and effort normally required to effectively manage content.
- Expanded threat content – The RSA NetWitness Live service merges the best industry threat intelligence with RSA's Cyber Crime Intelligence data. The service now offers 1,000 pieces of content (reports, rules, parsers, etc.) from over 100 distinct threat information sources, tracking more than 5 million IP addresses and domains. Among the newly added data sources are the RSA CyberCrime Intelligence service and RSA eFraudNetwork, which together aggregate fraud intelligence from 500 million networked devices and 250 million users worldwide. Newly added third-party threat indicator feeds include Verisign iDefense Security Intelligence Services and Critical Intelligence Services. RSA NetWitness Live has also integrated intelligence feeds from both Bit9 and ThreatGRID for malware analysis. As with all RSA NetWitness Live content, the service's new information feeds are encrypted and therefore engineered so that they cannot be read except within the RSA NetWitness appliance. This encryption feature enables organizations to use the service's threat information while helping to ensure that shared information is protected from leakage.
- Broad platform support for new security analytics platforms – The service added support for two key security analytics solutions: the RSA NetWitness for Logs platform and the RSA NetWitness Spectrum malware detection platform. Now, security teams can stream relevant RSA NetWitness Live content directly to these analytics platforms, which are designed to automatically ingest the data to enhance the precision of their threat detection results.