Products and Solutions

Introducing NetWitness Cloud SIEM: All the Power Without the IT

May 26, 2021 | by Arthur Fontaine |
Visualization of Cloud SIEM

Today NetWitness announced the release of NetWitness Cloud SIEM, the newest addition to the platform. NetWitness Cloud SIEM is designed to offer the world-class capabilities of its customer-hosted version, but in a simple subscription license, and without the IT burdens typically required of a server-based solution.

The Cloud Requirement

SIEM logs are a key data source for any cyber-defense effort, and also serve an important role in a strong compliance program. A large, complete, centralized repository for log data is essential to ensuring quality threat detection, regulatory reporting, and compliance functions. That’s why, for most organizations, SIEM is core technology like firewalls and intrusion prevention systems (IPSs).

However, SIEM deployment and management can impose significant demands on IT staff. Data volumes for SIEM can be extremely large, and require careful planning for storage, as well as the deployment of high-end hardware for ingestion and investigation components. Like any server-based solution, SIEM requires IT support for patches and version upgrades, and procurement support for both hardware acquisition and software licenses.

With IT resources stretched in many organizations, customers are seeking to outsource functions where possible. That’s where NetWitness Cloud SIEM comes in -- it delivers world-class SIEM capabilities in a single, usage-based license that’s rapidly deployable, and requires little or no IT involvement.

How is NetWitness Cloud SIEM Different?

You might say, “There are lots of cloud SIEM offerings out there. What makes NetWitness Cloud SIEM different?” The answer is that it doesn’t compromise capability for ease-of-use; it delivers both in one simple package.

NetWitness Cloud SIEM is part of the NetWitness Platform, a leader in enterprise-grade threat detection and response. Corporations and government agencies around the globe use NetWitness to address demanding security requirements. Skilled threat hunters choose NetWitness as their go-to solution, due to its abilities to rapidly analyze and process huge volumes of information from many different sources. And exacting compliance teams have long depended on NetWitness to store vast amounts of data while providing fast access in supporting compliance activities.

Other cloud SIEMs have taken a different approach. Cloud technology has made it easy to stand up a wide array of solutions using standardized componentry, and offload the IT responsibilities to the cloud vendor.

But this approach still requires the creation of application value. As any developer will tell you, that takes time and iteration. What ends up happening with SIEM is that you see a number of undifferentiated search engine-type solutions that let you find things across a SIEM’s big data set, but don’t reflect the time and experience needed to create a truly optimized solution. For full feature and function, you need SIEM technology that has already been hardened and battle-tested through years of real-world use in the most challenging environments. With NetWitness Cloud SIEM you can take advantage of highly evolved threat detection and response analytics, as well as reporting and regulatory compliance features that are still futures for many SIEM vendors.

NetWitness Cloud SIEM also provides the opportunity to build your security and compliance capabilities through integration with other parts of the NetWitness Platform, including the growing number of cloud components. For example, NetWitness Detect AI provides large-scale analytics, and RSA IoT Security Monitor adds Internet of Things devices into your cybersecurity and compliance processes.

Easy to Acquire, Easy to Deploy

NetWitness Cloud SIEM is packaged as a single subscription license, including software, infrastructure, support, and upgrades. Setup is a simple web-based process that can be performed by internal staff or procured as a service from RSA. Support is provided by NetWitness and all patches and upgrades are provided automatically.

Licenses are tiered based on the 90-day retention volume of data ingested by the SIEM, with longer retention periods available as an add-on purchase. Licenses start as small as 50 GB/day and are tiered in 10 GB increments, while discounts grow with volume. Like its on-premises counterpart, NetWitness Cloud SIEM scales to support the largest SIEM data sets in the world.

NetWitness Cloud SIEM is a worldwide offering. For more information, and to get started enjoying the benefits of world-class SIEM without the IT requirements, please contact your NetWitness seller or authorized NetWitness partner.