RSA has been evaluating the impact of the SSL v3 "Poodle Bite" (CVE-2014-3566), Windows Sandworm (CVE-2014-4114), Microsoft .Net (MS14-057) & multiple OpenSSL Vulnerabilities (OpenSSL) on RSA Products.
To obtain the latest assessment, please reference Solution ID a68262 by logging on to SecurCare Online at: https://knowledge.rsasecurity.com
Here at RSA we are excited and pleased to announce the highly anticipated, external joint launch of RSA Security Analytics 10.4 & ECAT 4.0. No other tool on the market today gives you the capability and power to "Be The Hunter".
With this latest release of Security Analytics and ECAT, three words define our mission: Visibility. Analysis. Action. We are providing SOC teams broader visibility, enabling the team to focus on the most important incidents. We’re also enabling rapid analysis and faster investigations of incidents leveraging data from Network Packets, Endpoints, Logs and Netflow all in one platform. That way, they get to understand the true nature, scope, and impact of an incident to take targeted action.
RSA Security Analytics 10.4 overview:
RSA ECAT 4.0 Overview:
Check out the Virtual Event here: RSA Security Analytics 10.4 and RSA ECAT 4.0 Virtual Launch Event. Tell us what you think!
We are pleased to announce the release of our August Content pack in RSA Live for Security Analytics! This release continues last month’s focus on illuminating instances of sensitive data leakage and offers content designed to profile host and user activity. We’ll also be introducing our first batch of correlation rules connecting the dots between what SA is seeing “on the wire” and ECAT’s host-based alerts. Last but not least, this release expands our ability to provide our customers with the tools to detect potential identity theft and abuse.
Detection of Data Exfiltration
ECAT & Security Analytics
Additional Log Support
We are pleased to announce the release of our July Content pack for RSA Live! This release continues last month’s focus on providing “at-a-glance” situational awareness. It also expands on our ability to detect both sensitive data leaving the network and potentially dangerous executable payload.
Reporting capabilities are introduced focusing on enabling our customers to detect suspicious mail traffic patterns commonly associated with Phishing attempts. And lastly we have a released a new parser designed to identify common HTML-based threat indicators.
The above is a subset of the threat detection content were are quietly building behind the scenes to accompany our upcoming 10.4 release of Security Analytics and helps set the stage for providing the most advanced threat detection capability on the market today.
Detection of Data Exfiltration
Enhanced Threat Detection
Additional Log Support
Recently Bit9 announced that its internal systems had been compromised and, as a result, malware had been signed using Bit9’s own digital code-signing certificates: https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/
Does this affect RSA NetWitness Spectrum?
Bit9 has given RSA assurance that we are not one of the customers affected by the security incident. They have also stated that the specific product RSA uses from Bit9 (GSR or Global Software Registry) was not affected by this compromise, directly or indirectly. More specifically, RSA NetWitness Spectrum’s only interaction with Bit9 is to post MD5 hashes of the files we are analyzing and to parse the result to determine the file’s threat level.
In summary, there is no remediation required on behalf of a RSA NetWitness Spectrum customer given the recent Bit9 security incident.
RSA Security Analytics is a game changer - why? RSA Security Analytics at a high level defines a new security product category. It's the new name of our platform that's powered by NetWitness and combines network security monitoring, SIEM, and Big Data Management & Analytics.
But first, we're excited to introduce the new Security Analytics interface. It's awesome with a fresh look and feel. The new GUI unifies all your analytics within a single interface. Your investigative and analytical workflows will all be integrated by this platform independent, browser-based GUI.
This new GUI will first launch as a beta with three analytic modules: Investigation, Live and Administration.
Check out this sneak peek below:
1. The Unified Dashboard - has customizable dashlets that allow for quick investigative actions. The Quick Tasks provide immediate access to popular features with a single click. HTML 5 provides quick response to user input. It's clean and simple.
2. The Investigation module - we've put proven analytics functionality (Investigator) into an O/S independent browser. So now, you have seamless integration between analysis views and Live context. In addition, we introduce a new feature called Meta Groups where you can easily separate and organize investigative focus by use case.
3. The Live module - centralizes threat intelligence and content acquisition so you can continue to centrally manage your distribution of content.
4. The Administration module - manage your environment by grouping devices for administration or data access. Upgrade multiple devices at the same time. New drag and drop capability for adding metrics and timeline charts into historical statistical information.
This is just a summary and we look forward to you navigating Security Analytics yourself and providing feedback!