RSA announces the release of RSA Web Threat Detection 6.5 

Document created by RSA Product Team Employee on Feb 6, 2019Last modified by RSA Product Team Employee on Feb 6, 2019
Version 2Show Document
  • View in full screen mode

What’s New in This Release

This release of RSA Web Threat Detection consists of the following changes and enhancements:

GDPR Compliance

The General Data Protection Regulation (GDPR) is a new law effective on 25th May 2018 that establishes a single set of rules for every European Union (EU)
Member State to protect personal data of an EU data subject (e.g. a consumer). Under the GDPR, companies processing personal data must continue to have
proper controls on how personal data is stored, kept up to date, accessed, transferred and deleted; and appropriate technical and organizational security
measures in place. GDPR affects how four types of data are used in an application:

Data at Rest

Data at rest includes information that is stored in an application database or in the application file system. To protect data at rest, the data must be
encrypted or hashed. In RSA Web Threat Detection, personal information includes the IP address and username.

  • RSA Web Threat Detection 6.5 encrypts or hashes all personal information, and this data cannot be read by customers.
  • The logcrypt utility script included in the installation package now supports the encryption and decryption of the indexer & mitigator report files in addition to log files. The logcrypt utility will also support encryption and decryption of individual files. The UIServer will also be able to decrypt and read those files for rendering data. For more information, see the System Administration Guide.
  • As part of the workflow, some component information is stored in logs.Therefore, logs may contain some data that could be considered sensitive. While in previous versions this data could enter the DEBUG logger, to comply with GDPR, RSA Web Threat Detection 6.5 includes a new sensitive log security level, with maximum security.

Data in Motion

In RSA Web Threat Detection 6.5, system components communicate with each other using the more secure TLS 1.2 protocol.

 

VLAN and VNTAG Packet Support

The SilverTap now captures traffic that contains stacked VLAN packets and VNTAG packets.

 

Enhanced Recryptor Script

This recryptor script included in the installation package, now accepts two additional arguments to indicate which month's log files to convert. The

  • "-m <month>": indicates the name of the month.
  • "-n <number of months>": indicates the number of months.

The script executes on all log files for "n" number of months starting from "m" month. For more information, see the System Administration Guide.

 

SilverTap Enhancements

  • The SilverTap configuration now includes a configurable snapshot length (snaplen), indicating the size of the packet to be captured. By capturing only
    the part of the packet that is needed instead of the whole packet, transactions may require less CPU time to copy the packet to your
    application, less disk and network bandwidth to write the packet data to a file, and less disk space to save the packet. The snaplen can be set to any value
    between 1KB and 256KB. The default value is 64K.
  • By considering both the client IP and port, the traffic distribution across SilverTap worker thread is improved, reducing packet drop during capture,
    and providing better SilverTap performance.
  • The SilverTap can now be configured to retrieve the client IP from the first IP in the X-Forwarded-For (XFF) header. By default, the last IP is taken from the
    XFF header to populate the Client IP. The SilverTap section of Configuration Manager includes a new PickupFirstIPFromXff checkbox. If the checkbox is
    enabled, the first IP will be picked up from the XFF header. By default the checkbox is unchecked, and the last IP in the XFF header is used for the
    Client IP.

Documentation Enhancements for Kafka Broker Configuration

Documentation is included describing how to set up multiple Kafka brokers on a single or multiple machines. For more information, see the Installation and Upgrade Guide.

 

 

 

 

For additional documentation, downloads, and more, visit the RSA Web Threat Detection page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Attachments

    Outcomes