Document 241552

In today’s rapidly evolving threat environment, how do you know what is really happening on your network?
With the ability to record and analyze everything (every session, communication, service, application and
user), you can always know with clarity and definitive answers what did or did not occur on your network,
and obtain an unprecedented level of situational awareness and continuous monitoring.
RSA NetWitness NextGen Infrastructure
Network security monitoring platform
RSA NetWitness® NextGen™ is the single core security platform that makes this capability a reality through three core
components: Decoder, Concentrator and Broker. Decoder is the cornerstone and the frontline component of an enterprise-wide
network data recording and analysis
infrastructure. Decoder is a highly
configurable network appliance that
enables the real-time collection, filtering,
and analysis of all network data.
Unlike any other packet capturing or
network monitoring product on the
market, Decoder fully reassembles and
globally normalizes network traffic at
every layer of the OSI model for realtime, full session analysis. The
appliances can be operated in
continuous capture mode or tactically to
consume network traffic from any source. Decoder’s patented technology represents a breakthrough in network monitoring that
dynamically creates a complete ontology of searchable metadata across all network layers and user applications.
RSA NetWitness Informer & Visualize
Automated Threat Reporting, Alerting and Integration
RSA NetWitness® Informer sets a new standard for network security analytics. As part of the NetWitness AppSuite, Informer is the
application for enterprise-wide visualization, alerting, reporting and real-time situational awareness. Informer outperforms
traditional network security products on the market
because it highlights critical areas of concern that are
blind spots to traditional security products.
By having every session, communication, service,
application and user’s activity recorded, reconstructed
and exposed for analysis, the possibilities are endless as
to what can be done in Informer. Zero day malware,
botnets, policy evasion tactics, intentional data
exfiltration, anomalous communications, compliance
gaps, and other trends occurring on your network can
become quickly apparent through Informer’s rulesbased approach and dashboard. Informer uses a fully
interactive and intuitive webbased user interface (UI) for viewing alerts, charting and tiled views, and employing the hundreds of
standard reports and alerts.
The UI also enables users of any skill level to quickly build their own custom alerts, queries, reports and rules. Informer is
designed to immediately integrate into your existing security operations processes and deliver a level of real-time situational
awareness that was previously unachievable.
Visualize presents application and user content in
a revolutionary way. Visualize is an extremely
powerful analytical capability that enables a user
(e.g., an analyst, incident responder, investigator)
to zoom in and out of collected traffic using their
mouse or fingers (if equipped with a multi-touch
monitor) and to drill down and see exactly what
transpired over the course of time.
Users can quickly and efficiently scan through large
volumes of objects such as audio, documents,
images and video captured by NextGen, render a
visual timeline of an event, deeply interrogate all
the activity (e.g., communications, data sent and received, audio transmissions, etc.), and understand all the rich context
associated with each object. Visualize enables users to leverage all the rules, keyword searches, and other filters created in
Informer to further refine and process the presented information. This capability drives efficiency and accuracy into many
security use cases.
RSA NetWitness Investigator
Freeform Analytics for Investigations and Real-time Answers
Investigator is based upon more than 10 years of development and deployment experience in some of the most demanding and
complex customer environments. RSA NetWitness Investigator is the primary interactive analysis application of the NetWitness
AppSuite. Investigator provides unprecedented free-form contextual analysis on massive volumes of information exposed by the
NetWitness NextGen infrastructure. Over 50,000 security professionals in 5,000 organizations across 179 countries rely upon
NetWitness Investigator for answers.
When you need clarity and definitive answers to the
most challenging questions, you need a level of finegrained detail and the agility to quickly and efficiently
examine application layer sessions in a way that is
easy to comprehend. Unlike other products that
display network traffic in the context of confusing
network nomenclature and force an IP-centric view
of the world, Investigator uses the NextGen
Metadata Framework. The framework is a lexicon of
nouns, verbs and adjectives — characteristics of the
actual application layer content and context parsed by
NextGen during session reconstruction at the time of
capture. With its customizable user interface and
unprecedented analytics, Investigator lets users
analyze their network traffic in unlimited dimensions
for complete situational awareness.
Analysis that previously took days, now only takes minutes to perform. Users of Investigator can easily perform automated and
interactive analyses of complex security problems. In addition, Investigator can be launched with one-click to provide forensic
confirmation or refute any event triggered in an existing IDS or SIEM console by using NetWitness’ SIEMLink, a utility application
that transparently provides direct access to NetWitness analytics. With the fusion of NetWitness Live, the extent and magnitude
of a situation can be further illuminated to achieve the definitive accuracy required in today’s business environment.
RSA NetWitness Spectrum
Automated Malware Analysis and Prioritization
Zero-day and targeted malware is successfully compromising your network and evading existing signature-based security
technologies, including preventative tools. Why? Modern malware is designed to behave like legitimate traffic and communicate
undetected. RSA NetWitness developed Spectrum in response to demand from security professionals for a tool that identifies and
puts context around the attacks that tools looking for
“known bad” miss.
The top concern today for most security
organizations is how to combat advanced and
targeted attacks. A majority of investigated cases
related to data leakage, financial loss, APT, or other
network breach involve some form of undetected
malicious executable (e.g., customizable commercial
malware or “designer malware”) that has been used
to maintain a foothold into compromised networks.
Obfuscation techniques are evolving at an increasing
rate and traditional security tools cannot keep up.
The current threat environment demands a fresh,
agile approach to the identification and analysis of
RSA NetWitness Spectrum is an analytical workbench
that revolutionizes the identification, analysis, and
prioritization of malware-based threats to enterprise
networks. Advanced security analysts understand
that no tool can block all attacks. Spectrum helps enable security operations centers to identify and mitigate serious problems
missed by both traditional and modern approaches to malware protection.
What makes Spectrum unique is its ability to see the full spectrum of attacks and analyze all the data in a network utilizing
four distinct investigation techniques that an advanced analyst would use to investigate and prioritize events. Spectrum
automatically analyzes every executable going across the network, and can answer questions about the behavior of files within
the full context of an organization’s network. This unique approach permits the security operation center analysts to better
determine “Which files are suspect? How malicious is it? What is it trying to do? Where else is it on the network? Which files
deserve my attention more than others?” much faster and with more accuracy than in the past.
RSA NetWitness for Logs
Seamless Fusion of Log and Full Packet Data
Today’s security threats are dynamic, multi-faceted and highly sophisticated attacks oftentimes executed over long periods of
time. In order to defend against these challenges, security analysts and IT professionals require continuous and pervasive visibility
into their entire application, platform, and network infrastructures for rapid detection and response.
Organizations are wrestling with the need to access and use a variety of data sources both to prove compliance and to reduce the
risk of advanced threats. Log management and SIEM systems are important elements of incident and threat management
processes, but have been constrained by a lack of a common lexicon, scalability, and agility to adapt to the ever-changing threat
NetWitness for Logs delivers an innovative fusion of hundreds of log data sources with external threat intelligence to
enterprises enabling extraordinarily broad and high-speed visibility into the critical information needed to help detect
targeted, dynamic and stealthy attack techniques. NetWitness for Logs enables comprehensive security event collection as an
integrated component of the award-winning NetWitness platform. NetWitness for Logs offers correlation and analysis of the
large volumes of network and system data needed for effective threat detection.
NetWitness for Logs leverages RSA enVision event source knowledge and reporting while augmenting the backend
infrastructure with NetWitness’ scalable architecture. When combined with an existing RSA NetWitness network monitoring
platform, NetWitness for Logs provides complete visibility into network traffic and enterprise logs in a single, scalable system –
no other security provider delivers this today. By combining these network and log security insights into a reusable and
normalized data framework, security analysts can achieve the situational awareness required to rapidly and effectively respond
to sophisticated threats. NetWitness for Logs provides a basis for a single, intuitive SIEM user interface presenting an
unprecedented view of organizational activity across even more of the IT infrastructure.
RSA NetWitness Live
Worldwide Security Intelligence
As the threat landscape evolves, what’s the best way to directly leverage the collective intelligence and analytical skills of the
worldwide security community to ensure that you have the most current visibility into attack vectors?
frameworks are evolving at staggering
rates. The advanced threat intelligence
professionals increases by the day, but can
be overwhelming and often lacks
prioritization or a means of direct
operational implementation. Proactive
threat management also requires the use of
parsers and queries that consider zero-day
attack vectors, but many security teams do
not have the time or the training to create
this custom content.
RSA NetWitness Live is the one threat intelligence delivery system that escalates your security operations center to another
level by optimizing the time it takes to identify, assess and respond to incidents. NetWitness has partnered with the most
trusted and reliable providers in the security community, including our own research team to deliver, correlate and illuminate the
most pertinent information relevant to your organization and fuses it with your network data in real-time.
About RSA NetWitness
RSA, The Security Division of EMC, is the premier provider of security, compliance and risk management solutions for business
acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges.
These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and
securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key
management, network analysis, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and
robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the
data that is generated. For more information, please visit and