In the battle against new and aggressive threats, one thing has become abundantly clear: the more efficient a security team is, the better the opportunity it has at minimizing the impact of threats—or avoiding them all together.
And with this mission of visibility and efficiency, NetWitness introduces the release of NetWitness Orchestrator 6.3.
Why NetWitness Orchestrator 6.3 Matters
NetWitness Orchestrator 6.3 delivers two critical features:
- New threat groupings that improve the categorization of threats within the threat library.
- Workflow Metrics that measure how effectively organizations are detecting and resolving issues, while also reporting on the ratio of false positives vs. actual indicators of compromise.
Both of these key threat and response features can drive both your organizational efficiency and improve your SOC effectiveness, making security orchestration automation response more measurable and impactful.
Expanded Security Threat Group Types of NetWitness Orchestrator
In the past, analysts were somewhat limited in how they could categorize certain threat types within NetWitness Orchestrator. They would often rely on general categorization or have to place threat data in categories that didn’t make sense, where information didn’t match up and important threat data and fields were being dropped.
The addition of new Group Objects fixes this problem.
Instead of trying to determine if a group is a malware family, a MITRE ATT&CK technique, or a threat actor group, security analysts can now rapidly see and clearly understand the security information they are viewing.
Over time, STIX has become the standard to categorization of threat intelligence. These new group objects allow NetWitness Orchestrator to better align to the STIX taxonomy and allows organizations to better map and manage their threat library.
- New Group Objects include:
- Attack Pattern
- Malware
- Vulnerability
- Tactic
- Tool
- Course of Action
These new groups enable NetWitness Orchestrator to map to STIX objects more effectively and builds the foundation needed to expose more data from the Collective Analytics Layer (CAL) in the future. Ultimately, this helps to ensure that the Threat Library within NetWitness Orchestrator is approachable, collated, and equipped to help security teams when they need it most.
Workflow Metrics of NetWitness Orchestrator
Security teams are constantly trying to grow their efficiency. But without the ability to measure results, it’s difficult to understand where improvements must be made. That is why NetWitness Orchestrator 6.3 has added Workflow Metrics. These reports provide valuable insight into how well security operations address threats by measuring the following:
- Mean Time to Detect: The average time it takes to discover a security threat or incident
- Mean Time to Respond: The average time it takes to control and remediate a threat
- False Positive Ratio: The percentage of alerts that upon investigation are revealed to be not valid threats
We know team leads and managers often need more granular information about the tools, processes, and people in their environment to define clear and realistic short-term/long-term strategies. These metrics as part of the 6.3 release help organizations identify whether tools, processes, and automation that are in place are delivering their expected results.
Driving SOC Efficiency with NetWitness Orchestrator 6.3
New Group Types and Workflow Metrics are designed to categorize threat data and improve operational efficiency so your security operations can effectively detect and resolve threats more efficiently.
With NetWitness Orchestrator 6.3, teams gain smarter categorization, measurable workflows, and more impactful Security Orchestration, Automation and Response (SOAR) across the enterprise.
For more information, visit our NetWitness Orchestrator page.