Skip to main content
Products & Solutions

Moving the XDR Industry Forward with NetWitness Platform XDR 12

  • by Arthur Fontaine

It’s true eXtended Detection and Response now –  and for your organization’s future.

Today Netwitness announced the imminent availability of its newest major release, NetWitness Platform XDR 12. This state-of-the-art solution outpaces rival offerings in important areas of visibility, integration, performance, and effectiveness. While others talk about XDR as a future, or market it today atop different, un-integrated XDR products, NetWitness delivers true XDR today and the most future-proof XDR roadmap.

eXtended Detection and Response, commonly abbreviated to XDR, is a relatively new term for the tooling required in a first-rate security operations center (SOC). As the volume of data – and attacks – has grown over the last decades, thousands of security point products have been introduced to defend against specific threats, including various virus scanners, intrusion prevention systems, firewalls, and spam filters. While useful – any attack thwarted by one of these tools is a win — these tools by themselves are insufficient to protect from the sophisticated attacks we see today.

NetWitness foresaw this state in the early 2000s, when it began integrating its heritage network detection and response (NDR) capabilities with log detection and response (LDR) capabilities. Later added were endpoint detection and response (EDR), and the ability to perform detection and response for internet of things (IoT) devices. During this time, an explosion of vendors emerged touting one or another of these approaches, while NetWitness focused on integrating them into a single platform for security analytics.

The key to this approach is to have a common analytics engine acting against a unified data model. As data of all types – network packets, system and application logs, endpoint activity, and IoT outputs – are ingested into the high-performance NetWitness XDR analytics engine, it is enriched with metadata and normalized into a unified data set for automated analysis and correlation. NetWitness Platform XDR 12 also offers full security orchestration, automation, and response (SOAR); a complete threat intelligence platform (TIP); user and entity behavior analytics (UEBA); and new asset analytics and prioritization capabilities to act as a “force multiplier” for SOCs struggling to hire and retain enough skilled staff.

This radical visibility makes it very difficult for attackers to hide. Subtle signals across data sets, that would historically have been overlooked as noise, suddenly are exposed to security analysts and threat hunters. As the tagline says, “See Everything. Fear Nothing.”

The promise of XDR is exactly this: simplify the spectrum of processes – administratively and operationally – to the point where a security-conscious organization, on its own or through a service provider, can effectively protect against cyberthreats and suppress the risks imposed by these attacks. Read more in the NetWitness XDR White Paper.

The emphasis on XDR, of course, isn’t the only thing delivered in NetWitness Platform XDR 12.

As a major release, NetWitness Platform XDR 12 includes hundreds of enhancements across the product, including:

• New threat intelligence content system with redesigned content workflows and centralized management makes it easy to deploy and manage content across the platform and its components

• Out-of-the-box and continuously updated “content bundles” consolidate atomic detection content into logical units for specific use cases, industries, threat types, geographies, threat actors, etc.; this approach provides a simple and fast way to analyze for, and protect against, specific categories of threats

• Investigation enhancements for faster and easier detection of threats, including the ability to save queries as rules and dashboards

• Rich support for industry standards and frameworks including MITRE ATT&CK

• New and enhanced metrics and reporting, including mean times to detect (MTTD), acknowledge (MTTA), and respond (MTTR) to attacks

• Scores of customer-voted improvements to user experience including simplified time range selection, enhanced endpoint management, and automated deployment

• Enhanced and additional support for technologies and standards, including SaaS services, Secure Access Service Edge (SASE) and Cloud Access Security Broker (CASB) vendors, as well as ARM processors and Windows Server 2022 on endpoints

Summing it up
With the release of NetWitness Platform XDR 12, security teams can reap the benefits promised by XDR. Years of innovation, integration, and iteration have created a true XDR platform that’s available now. We’re already hard at work on the next wave of XDR themes including NetWitness Vision XDR, a pure SaaS solution that continues the intelligent evolution which has been the hallmark of NetWitness since its beginning.

NetWitness Platform XDR 12 will be available for customer download in the coming days. Contact your NetWitness representative for more information or to schedule a demo.