In today’s rapidly evolving threat environment, how do you know what is really happening on your network? With the ability to record and analyze everything (every session, communication, service, application and user), you can always know with clarity and definitive answers what did or did not occur on your network, and obtain an unprecedented level of situational awareness and continuous monitoring. RSA NetWitness NextGen Infrastructure Network security monitoring platform RSA NetWitness® NextGen™ is the single core security platform that makes this capability a reality through three core components: Decoder, Concentrator and Broker. Decoder is the cornerstone and the frontline component of an enterprise-wide network data recording and analysis infrastructure. Decoder is a highly configurable network appliance that enables the real-time collection, filtering, and analysis of all network data. Unlike any other packet capturing or network monitoring product on the market, Decoder fully reassembles and globally normalizes network traffic at every layer of the OSI model for realtime, full session analysis. The appliances can be operated in continuous capture mode or tactically to consume network traffic from any source. Decoder’s patented technology represents a breakthrough in network monitoring that dynamically creates a complete ontology of searchable metadata across all network layers and user applications. RSA NetWitness Informer & Visualize Automated Threat Reporting, Alerting and Integration RSA NetWitness® Informer sets a new standard for network security analytics. As part of the NetWitness AppSuite, Informer is the application for enterprise-wide visualization, alerting, reporting and real-time situational awareness. Informer outperforms traditional network security products on the market because it highlights critical areas of concern that are blind spots to traditional security products. By having every session, communication, service, application and user’s activity recorded, reconstructed and exposed for analysis, the possibilities are endless as to what can be done in Informer. Zero day malware, botnets, policy evasion tactics, intentional data exfiltration, anomalous communications, compliance gaps, and other trends occurring on your network can become quickly apparent through Informer’s rulesbased approach and dashboard. Informer uses a fully interactive and intuitive webbased user interface (UI) for viewing alerts, charting and tiled views, and employing the hundreds of standard reports and alerts. The UI also enables users of any skill level to quickly build their own custom alerts, queries, reports and rules. Informer is designed to immediately integrate into your existing security operations processes and deliver a level of real-time situational awareness that was previously unachievable. Visualize presents application and user content in a revolutionary way. Visualize is an extremely powerful analytical capability that enables a user (e.g., an analyst, incident responder, investigator) to zoom in and out of collected traffic using their mouse or fingers (if equipped with a multi-touch monitor) and to drill down and see exactly what transpired over the course of time. Users can quickly and efficiently scan through large volumes of objects such as audio, documents, images and video captured by NextGen, render a visual timeline of an event, deeply interrogate all the activity (e.g., communications, data sent and received, audio transmissions, etc.), and understand all the rich context associated with each object. Visualize enables users to leverage all the rules, keyword searches, and other filters created in Informer to further refine and process the presented information. This capability drives efficiency and accuracy into many security use cases. RSA NetWitness Investigator Freeform Analytics for Investigations and Real-time Answers Investigator is based upon more than 10 years of development and deployment experience in some of the most demanding and complex customer environments. RSA NetWitness Investigator is the primary interactive analysis application of the NetWitness AppSuite. Investigator provides unprecedented free-form contextual analysis on massive volumes of information exposed by the NetWitness NextGen infrastructure. Over 50,000 security professionals in 5,000 organizations across 179 countries rely upon NetWitness Investigator for answers. When you need clarity and definitive answers to the most challenging questions, you need a level of finegrained detail and the agility to quickly and efficiently examine application layer sessions in a way that is easy to comprehend. Unlike other products that display network traffic in the context of confusing network nomenclature and force an IP-centric view of the world, Investigator uses the NextGen Metadata Framework. The framework is a lexicon of nouns, verbs and adjectives — characteristics of the actual application layer content and context parsed by NextGen during session reconstruction at the time of capture. With its customizable user interface and unprecedented analytics, Investigator lets users analyze their network traffic in unlimited dimensions for complete situational awareness. Analysis that previously took days, now only takes minutes to perform. Users of Investigator can easily perform automated and interactive analyses of complex security problems. In addition, Investigator can be launched with one-click to provide forensic confirmation or refute any event triggered in an existing IDS or SIEM console by using NetWitness’ SIEMLink, a utility application that transparently provides direct access to NetWitness analytics. With the fusion of NetWitness Live, the extent and magnitude of a situation can be further illuminated to achieve the definitive accuracy required in today’s business environment. RSA NetWitness Spectrum Automated Malware Analysis and Prioritization Zero-day and targeted malware is successfully compromising your network and evading existing signature-based security technologies, including preventative tools. Why? Modern malware is designed to behave like legitimate traffic and communicate undetected. RSA NetWitness developed Spectrum in response to demand from security professionals for a tool that identifies and puts context around the attacks that tools looking for “known bad” miss. The top concern today for most security organizations is how to combat advanced and targeted attacks. A majority of investigated cases related to data leakage, financial loss, APT, or other network breach involve some form of undetected malicious executable (e.g., customizable commercial malware or “designer malware”) that has been used to maintain a foothold into compromised networks. Obfuscation techniques are evolving at an increasing rate and traditional security tools cannot keep up. The current threat environment demands a fresh, agile approach to the identification and analysis of malware. RSA NetWitness Spectrum is an analytical workbench that revolutionizes the identification, analysis, and prioritization of malware-based threats to enterprise networks. Advanced security analysts understand that no tool can block all attacks. Spectrum helps enable security operations centers to identify and mitigate serious problems missed by both traditional and modern approaches to malware protection. What makes Spectrum unique is its ability to see the full spectrum of attacks and analyze all the data in a network utilizing four distinct investigation techniques that an advanced analyst would use to investigate and prioritize events. Spectrum automatically analyzes every executable going across the network, and can answer questions about the behavior of files within the full context of an organization’s network. This unique approach permits the security operation center analysts to better determine “Which files are suspect? How malicious is it? What is it trying to do? Where else is it on the network? Which files deserve my attention more than others?” much faster and with more accuracy than in the past. RSA NetWitness for Logs Seamless Fusion of Log and Full Packet Data Today’s security threats are dynamic, multi-faceted and highly sophisticated attacks oftentimes executed over long periods of time. In order to defend against these challenges, security analysts and IT professionals require continuous and pervasive visibility into their entire application, platform, and network infrastructures for rapid detection and response. Organizations are wrestling with the need to access and use a variety of data sources both to prove compliance and to reduce the risk of advanced threats. Log management and SIEM systems are important elements of incident and threat management processes, but have been constrained by a lack of a common lexicon, scalability, and agility to adapt to the ever-changing threat landscape. NetWitness for Logs delivers an innovative fusion of hundreds of log data sources with external threat intelligence to enterprises enabling extraordinarily broad and high-speed visibility into the critical information needed to help detect targeted, dynamic and stealthy attack techniques. NetWitness for Logs enables comprehensive security event collection as an integrated component of the award-winning NetWitness platform. NetWitness for Logs offers correlation and analysis of the large volumes of network and system data needed for effective threat detection. NetWitness for Logs leverages RSA enVision event source knowledge and reporting while augmenting the backend infrastructure with NetWitness’ scalable architecture. When combined with an existing RSA NetWitness network monitoring platform, NetWitness for Logs provides complete visibility into network traffic and enterprise logs in a single, scalable system – no other security provider delivers this today. By combining these network and log security insights into a reusable and normalized data framework, security analysts can achieve the situational awareness required to rapidly and effectively respond to sophisticated threats. NetWitness for Logs provides a basis for a single, intuitive SIEM user interface presenting an unprecedented view of organizational activity across even more of the IT infrastructure. RSA NetWitness Live Worldwide Security Intelligence As the threat landscape evolves, what’s the best way to directly leverage the collective intelligence and analytical skills of the worldwide security community to ensure that you have the most current visibility into attack vectors? Attack methodologies and exploit frameworks are evolving at staggering rates. The advanced threat intelligence available to information security professionals increases by the day, but can be overwhelming and often lacks prioritization or a means of direct operational implementation. Proactive threat management also requires the use of parsers and queries that consider zero-day attack vectors, but many security teams do not have the time or the training to create this custom content. RSA NetWitness Live is the one threat intelligence delivery system that escalates your security operations center to another level by optimizing the time it takes to identify, assess and respond to incidents. NetWitness has partnered with the most trusted and reliable providers in the security community, including our own research team to deliver, correlate and illuminate the most pertinent information relevant to your organization and fuses it with your network data in real-time. About RSA NetWitness RSA, The Security Division of EMC, is the premier provider of security, compliance and risk management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, network analysis, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
© Copyright 2020