SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

NetWitness enhances cybersecurity with AI & SASE updates

Wed, 27th Nov 2024

NetWitness has unveiled a significant update to its cybersecurity platform with the release of version 12.5 - introducing a range of enhancements designed to improve threat detection, response, and investigation.

These updates align with the company's mission to address the evolving challenges faced by modern Security Operations Centres (SOCs) while tackling the global cybersecurity skills shortage.

The 12.5 release reflects NetWitness's ongoing efforts to enhance visibility, integrate automation, and streamline user experiences within SOC environments.

Central to this strategy is the platform's capability to deliver comprehensive threat coverage across on-premises, cloud, and hybrid infrastructures, supported by deeper integrations with partner technologies.

Originally founded in 1997 as a government-funded intelligence project - NetWitness has evolved into a sophisticated cybersecurity solution serving global enterprises and government agencies.

Following its establishment as an independent company in 2020, NetWitness has focused on building customer-centric solutions, delivering a platform designed to empower SOCs through improved operational efficiency and resilience.

Enhanced Visibility Through Expanded Integration
One of the standout features of the 12.5 release is its expanded visibility across complex, multi-layered infrastructures. To address challenges posed by encrypted traffic and third-party cloud services, NetWitness has partnered with leading vendors like Palo Alto Networks and Netskope to enhance Secure Access Service Edge (SASE) integrations.

This partnership allows the platform to analyse decrypted traffic packets, offering insights that are otherwise obscured in modern VPN and zero-trust environments.

These developments provide organisations with unparalleled clarity in threat detection, particularly in environments that have adopted advanced endpoint protection and secure cloud strategies.

Automation to Tackle the Skills Gap
With the cybersecurity industry facing a persistent shortage of skilled professionals, automation has become a cornerstone of NetWitness's strategy. The 12.5 release incorporates intelligence-driven automation to reduce analysts' workload and enhance operational efficiency. These tools aim to shorten the time between detection and response, enabling SOCs to mitigate threats faster and with fewer resources.

Advanced detection algorithms and selective retention capabilities allow analysts to focus on high-value tasks while the platform manages routine processes.

This emphasis on automation supports even resource-constrained SOCs in maintaining robust threat detection and investigation capabilities.

A Redesigned, Role-Based Interface
In a move to enhance usability, NetWitness has introduced a reimagined user interface tailored to the distinct needs of SOC personnel.

The new role-based interface provides custom dashboards for analysts, administrators, and executives, ensuring that each group has the tools and information they need to perform their roles effectively. Features such as customisable widgets and an integrated MITRE ATT&CK framework further enhance the platform's utility, encouraging daily engagement rather than reactive use.

This design philosophy underscores NetWitness's commitment to making its platform an indispensable part of SOC operations, fostering greater efficiency and collaboration across teams.

AI-Driven Threat Detection and Natural Language Processing
NetWitness 12.5 integrates artificial intelligence (AI) and natural language processing (NLP) to simplify complex threat detection and rule creation processes.

By enabling analysts to use natural language queries—such as "Alert me on any system outside the U.S. exporting over 1GB of data"—the platform makes advanced cybersecurity operations more accessible, even for junior analysts.

These AI capabilities not only streamline workflows but also prepare SOCs to address emerging AI-driven threats, reinforcing their defences in an increasingly complex cybersecurity landscape.

NWX Hardware Innovations
Complementing its software updates, NetWitness has introduced a hardware innovation through its NWX programme.

This solution integrates compute and storage into a compact unit, reducing hardware footprints by 75% while increasing scalability and storage capacity. Designed specifically for data-heavy operations, the NWX hardware supports the retention of full network packets alongside metadata, delivering a level of visibility unmatched by competitors.

This development provides on-premises customers with a cost-effective solution tailored to their unique threat detection and investigation needs.

Looking Ahead
NetWitness is actively exploring the use of generative AI and machine learning to further enhance its platform. Future developments include NLP tools for creating alerts and conducting precise SOC queries, such as "Show me all FTP communications." These innovations are expected to strengthen the platform's ability to address increasingly sophisticated cyber threats.

Reflecting on the significance of these advancements, Chief Product Officer Will Gragido emphasised, "NetWitness 12.5 empowers organisations to navigate the complex cybersecurity landscape with enhanced visibility, automation, and AI-driven insights."

"By leveraging cutting-edge technologies like SASE and AI, NetWitness is redefining the future of threat detection and response."

With the 12.5 release, NetWitness reinforces its commitment to equipping SOCs with the tools and technologies needed to protect against modern threats while maintaining operational efficiency.

The updates highlight the company's proactive approach to meeting the evolving demands of cybersecurity, ensuring its platform remains at the forefront of the industry.