Sydney, AUSTRALIA — 6 April, 2018 — RSA , a global cybersecurity leader delivering Business-Driven Security™ solutions to help manage digital risk, announced its intent to acquire Fortscale, a pioneer in embedded behavioural analytics. Terms of the deal were not disclosed and are subject to customary closing conditions. RSA’s acquisition of Fortscale is designed to provide customers with new user and entity behavioural analytics (UEBA) capabilities through the RSA NetWitness Platform.
RSA is also unveiling the newest version of RSA NetWitness Platform that helps security teams detect and respond to modern threats, as well as two new offerings, RSA NetWitness UEBA and RSA NetWitness Orchestrator to strengthen the evolved SIEM and threat defence platform, a revolutionary centrepiece of security operations teams.
“The RSA NetWitness Platform has helped our team increase their visibility, detect threats with higher fidelity, and automate response to the threats that pose the greatest risk to our organisation” said John Byers, Senior Vice President, Information Security and CISO, IBC Bank. “Our security analysts cite RSA NetWitness Platform as the technology that marks the biggest impact on their effectiveness, making the process of identifying and intelligently responding to threats more streamlined and efficient.”
In an era of ever-expanding attack surface, protecting against threat actors – from commodity malware and insider threats, to state sponsored exploits and hacktivists – has become increasingly complex. Disconnected silos of prevention, monitoring, and investigation technologies are failing to provide the true end-to-end visibility, detection and automated response needed in a modern digital enterprise.
“Adding more security monitoring and prevention tools is a common response to the growing digital risk environment, but too often, the influx of data creates unattended alerts, overwhelming analysts,” said Michael Adler, Vice President, RSA NetWitness Platform. “The new UEBA and orchestration capabilities in RSA NetWitness Platform provide heightened visibility and analytics, allowing analysts to keep up with their SIEM data, investigate issues, and automate threat responses, all on a single integrated platform.”
Introducing RSA NetWitness UEBA
RSA’s acquisition of Fortscale will provide customers embedded UEBA capabilities integrated with the Platform. RSA NetWitness UEBA directly addresses and overcomes obstacles that standalone solutions have encountered due to their high cost and high touch requirements. RSA NetWitness UEBA requires minimal customisation and no manual tuning. Its patented, three-tier unsupervised machine learning analytics engine automatically finds known and unknown threats that rule-based systems cannot with greater accuracy.
Fortscale facilitates the automatic identification of deviations from normal user behaviours, to uncover risky and previously hard to detect threats. By understanding behaviour, Fortscale can highlight potential risks such as shared user credentials, privileged user account abuse, geolocation and remote access anomalies. Organisations are able to find unknown threats that hide among the huge volume of security data that is typical in today’s complex IT environments without heavy installation, maintenance or analyst oversight. Fortscale is designed to:
· Provide fully automatic, unsupervised machine learning;
· Reduce the need for organisations to have big data experts in their analyst team;
· Detect unknown threats (compromised credentials, insider threats, data exfiltration);
· Address malicious behaviour in which exploits have received elevated permissions;
· Be dynamic, automatically learning behaviour specific to the environment; and,
· Require no customisation, rule authoring or ongoing care, tuning, rule creation/adjustment.
Advanced UEBA technologies
According to Gartner, “the security market is thirsty for advanced analytics that discover insider threats and compromised accounts, which traditional rule-based monitoring systems miss. UEBA technology often fills this gap and addresses three main problems: it detects external attacks and trusted insider threats, it raises high-priority and low-volume alerts, and it reduces the time and effort to investigate and respond1.”
Introducing RSA NetWitness Orchestrator
RSA NetWitness Orchestrator, powered by Demisto, combines orchestration, incident management, and interactive investigation for security operations. It uses machine learning to draw from past analyst interactions and investigations to suggest analyst assignments, enhance playbooks, and identify the best course of action for investigations. Security teams can now modernise their security operations while reducing time to remediation, creating consistent and audited incident management processes, and increasing analyst productivity.
New features in RSA NetWitness Platform
Each of the new capabilities in RSA NetWitness Platform 11.1 provide distinct value, and is further enhanced when leveraged across a single platform:
“Managing digital risk in the modern enterprise requires customers to rethink the capabilities of their Security Operations Centre. RSA believes that a core capability is an evolved SIEM that can detect incidents from a variety of sources – including user behaviour,” said Grant Geyer, Senior Vice President, Products, RSA. “Detecting suspicious user behaviour isn’t just essential to enabling the SOC to spot insider threats and compromised credentials – it also aids in the Identity and Access Management team’s authentication of risky users – ensuring that they are who they claim to be. By tying together the domains of security exclusion and security inclusion with UEBA capabilities, customers can manage the risk associated with their digital transformation more effectively.”
The new features in RSA NetWitness Platform 11.1, including RSA NetWitness UEBA Essentials, instant log visibility and RSA NetWitness Endpoint Insights, are available now. RSA NetWitness Orchestrator will be available in late April.
 Gartner, Forecast Snapshot: User and Entity Behavior Analytics, Worldwide, 2017; Avivah Litan; 03 March 2017.
RSA, a Dell Technologies business, offers business-driven security solutions that uniquely link business context with security incidents to help organisations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and, reduce business risk, fraud, and cybercrime. RSA protects millions of users around the world and helps more than 90% of the Fortune 500 companies thrive in an uncertain, high-risk world. For more information, go to rsa.com .
© 2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered trademarks or trademarks of Dell Inc. or its subsidiaries in the United States and other countries. All other trademarks are the property of their respective owners. RSA believes the information in this document is accurate. The information is subject to change without notice.
# # #
Espresso Communications for RSA
Amy Rathbone/Daphne Lin
+61 2 8016 2200
Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.
If your last access-control update was even a few years ago, you’re probably more exposed to fraud and exploitation than you’d like to be.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem