RSA® announces intent to acquire Fortscale, expanding RSA Netwiress
April 2018 by Marc Jacob
RSA announced its intent to acquire Fortscale, a pioneer in embedded behavioral analytics. Terms of the deal were not disclosed and are subject to customary closing conditions. RSA’s acquisition of Fortscale is designed to provide customers with new user and entity behavioral analytics (UEBA) capabilities through the RSA NetWitness Platform.
RSA is also unveiling the newest version of RSA NetWitness Platform that helps security teams detect and respond to modern threats, as well as two new offerings, RSA NetWitness UEBA and RSA NetWitness Orchestrator to strengthen the evolved SIEM and threat defense platform, a revolutionary centerpiece of security operations teams.
In an era of ever-expanding attack surface, protecting against threat actors – from commodity malware and insider threats, to state sponsored exploits and hacktivists – has become increasingly complex. Disconnected silos of prevention, monitoring, and investigation technologies are failing to provide the true end-to-end visibility, detection and automated response needed in a modern digital enterprise.
Introducing RSA NetWitness UEBA
RSA’s acquisition of Fortscale will provide customers embedded UEBA capabilities integrated with the Platform. RSA NetWitness UEBA directly addresses and overcomes obstacles that standalone solutions have encountered due to their high cost and high touch requirements. RSA NetWitness UEBA requires minimal customization and no manual tuning. Its patented, three-tier unsupervised machine learning analytics engine automatically finds known and unknown threats that rule-based systems cannot with greater accuracy.
Fortscale facilitates the automatic identification of deviations from normal user behaviors, to uncover risky and previously hard to detect threats. By understanding behavior, Fortscale can highlight potential risks such as shared user credentials, privileged user account abuse, geolocation and remote access anomalies. Organizations are able to find unknown threats that hide among the huge volume of security data that is typical in today’s complex IT environments without heavy installation, maintenance or analyst oversight. Fortscale is designed to:
• Provide fully automatic, unsupervised machine learning;
• Reduce the need for organizations to have big data experts in their analyst team;
• Detect unknown threats (compromised credentials, insider threats, data exfiltration);
• Address malicious behavior in which exploits have received elevated permissions;
• Be dynamic, automatically learning behavior specific to the environment; and,
• Require no customization, rule authoring or ongoing care, tuning, rule creation/adjustment.
Advanced UEBA Technologies
According to Gartner, “the security market is thirsty for advanced analytics that discover insider threats and compromised accounts, which traditional rule-based monitoring systems miss. UEBA technology often fills this gap and addresses three main problems: it detects external attacks and trusted insider threats, it raises high-priority and low-volume alerts, and it reduces the time and effort to investigate and respond1.”
Introducing RSA NetWitness Orchestrator
RSA NetWitness Orchestrator, powered by Demisto, combines orchestration, incident management, and interactive investigation for security operations. It uses machine learning to draw from past analyst interactions and investigations to suggest analyst assignments, enhance playbooks, and identify the best course of action for investigations. Security teams can now modernize their security operations while reducing time to remediation, creating consistent and audited incident management processes, and increasing analyst productivity.
New Features in RSA NetWitness Platform
Each of the new capabilities in RSA NetWitness Platform 11.1 provide distinct value, and is further enhanced when leveraged across a single platform:
• RSA NetWitness Endpoint Insights: a free endpoint agent, it delivers timely insights and reduces the costs of managing endpoints and Windows logs by offering essential endpoint inventory scans paired with Microsoft Windows log forwarding and filtering capabilities.
• RSA NetWitness UEBA Essentials: leverages user, network, and endpoint behavioral profiling powered by static rules, advanced correlation, and statistical analytics to identify deviations from normal user behaviors. Delivered as a content pack, it is available free to all RSA NetWitness Platform customers.
• Dynamic Log Visibility: offers instant log visibility by leveraging “dynamic parsing” technology that enables organizations to parse log data sources and immediately access critical security data.
AVAILABILITY
The new features in RSA NetWitness Platform 11.1, including RSA NetWitness UEBA Essentials, instant log visibility and RSA NetWitness Endpoint Insights, are available now. RSA NetWitness Orchestrator will be available in late April.