Security Configuration: Secure Maintenance

Tags: Version 11.4

This topic describes some common solutions to help ensure secure maintenance.

Security Patch Management

All security patches for RSA NetWitness Platform originate at RSA and are available for you via the NetWitness Platform User Interface. For more information, see "Manage NetWitness Platform Updates" topic in the System Maintenance Guide .

The following table lists the third‐party components for which patches are needed.

Note: From 2016 onwards, security patches will be part of the product release only and will not be shipped out separately.

Virus Scanning

RSA recommends that you:

• Deploy anti‐virus client software on the deployed servers in accordance with your enterprise requirements.
• Run anti‐virus and anti‐malware tools with the most current definition files on the deployed servers.
• Scan all files/drivers before uploading on the deployed server.
• Follow best practices for patch management and regularly review available patches for all anti‐virus and anti‐malware software.

Ongoing Monitoring and Auditing

As with any critical infrastructure component, RSA NetWitness Platform recommends that you constantly monitor your system and perform periodic and random audits (for example, configuration, permissions, and security logs). You should ensure that the configurations and user access settings match your company policies and needs. For more information, see "Global Audit Logging Configurations Panel" topic in the System Configuration Guide.

Hardware Replacement

If RSA NetWitness Platform hardware fails or is faulty, order a replacement by contacting RSA Customer Support. While awaiting a replacement, the Redundant Array of Independent Disks (RAID) configuration is designed to ensure that there is no data loss due to a hardware failure.

The RAID configuration on NetWitness Platform:

• Hosts are RAID 1.
• Direct Attach Capacity (DAC) disk shelves is RAID 5.