NetWitness announced at Black Hat USA 2022 the upcoming availability of NetWitness Platform XDR 12 later this month, the extended detection and response solution.
Developed in response to real customer needs, NetWitness Platform XDR 12 focuses on detection, which is at the heart of effective threat defense. The updated platform provides visibility into all of an organization’s key data planes, including network, logs, endpoints, and Internet of Things (IoT); Security Orchestration, Automation, and Response (SOAR); a Threat Intelligence Platform (TIP); User and Entity Behavior Analysis (UEBA); and asset analysis and prioritization, all visualized in a single interface and unified data model.
“Effective security teams need tools that can pull together information from multiple data sources and deliver comprehensive, actionable alerts,” said Kevin Bowers, director of product management at NetWitness.
“By adopting this principle, NetWitness created the XDR feature long before the term was popularized. This release delivers on the promise of XDR: the ability for security teams to detect attacks on all of an organization’s information assets and infrastructure, and stop them before they cause damage.” , continued Bowers.
The updated NetWitness Platform XDR solution includes scanning capabilities that can find known and unknown threats, to reduce latency and enable response and remediation before adversaries can execute an attack.
NetWitness Platform XDR 12 also makes it easier for users to deploy and manage threat detection content sets that target specific threat categories, verticals, and use cases, providing threat coverage.
NetWitness began as a government-sponsored research project to inspect network packets for cyber threats and to develop the tools to detect and respond to them. Since then, the technology has continued to evolve in actual use to combat attacks. NetWitness now offers fully integrated components for network, log, endpoint, and IoT detection and response.
NetWitness Platform XDR integrates directly with deployed tools, as well as many solutions.
“XDR concepts aren’t new, but they’re extremely important,” said Bill Hart, senior product manager for NetWitness Platform XDR.
“We have long integrated the major data planes – network, endpoint, log and IoT – into a unified data model enabling advanced detection capabilities independent of the data source. Others who have recently adopted an XDR strategy are still analyzing different types of data in silos and trying to correlate at the alert level; this leaves visibility gaps. Sophisticated multi-vector attack detection requires holistic data-level integration and analysis,” Hart continued.