Developed in response to real-world customer needs, NetWitness Platform XDR 12 is focused on detection, which is at the core of effective threat defense. The updated platform offers visibility into all key data planes across an organization including network, logs, endpoint, and Internet of Things (IoT); Security Orchestration, Automation, and Response (SOAR); a Threat Intelligence Platform (TIP); User and Entity Behavior Analytics (UEBA); and asset analytics and prioritization, all viewed in a single interface and a unified data model.
“Effective security teams need tools that can bring insights together from multiple data sources and deliver comprehensive, actionable alerting,” said Kevin Bowers, Director, Product Management at NetWitness.
“Embracing this principle, NetWitness built XDR functionality long before the phrase was popularized. This release delivers the promise of XDR: the ability for security teams to detect attacks across all an organization’s information assets and infrastructure, and to stop them before they cause damage.”, Bowers continued.
The updated NetWitness Platform XDR solution features analytics capabilities that can find known and unknown threats, to reduce dwell time and allow response and remediation before adversaries can execute attack.
NetWitness Platform XDR 12 also makes it easier for users to deploy and manage threat detection content bundles that target specific threat categories, vertical industries, and use cases, providing threat coverage.
NetWitness began as a government-sponsored research project to inspect network packets for cyberthreats and to develop the tools to detect and respond to them. Since then, the technology has continuously evolved in real-world usage to tackle attacks. NetWitness now features fully integrated components for network, log, endpoint and IoT detection and response.
NetWitness Platform XDR integrates directly with the deployed tools, as well as many solutions.
“XDR concepts aren’t new, but they’re incredibly important,” said Bill Hart, Senior Product Manager for NetWitness Platform XDR.
“We long ago integrated the primary data planes – network, endpoint, log and IoT – into a unified data model allowing for advanced detection capabilities that are independent of the data source. Others that have recently adopted an XDR strategy still analyze different data types in silos and attempt to correlate at the alert level; this leaves visibility gaps. Sophisticated, multi-vector attack detection requires holistic, data level integration and analysis.”, Hart continued.