THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Similar documents
SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA NetWitness Suite Respond in Minutes, Not Months

RSA Security Analytics

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

THE EVOLUTION OF SIEM

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

Un SOC avanzato per una efficace risposta al cybercrime

Novetta Cyber Analytics

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Behavioral Analytics A Closer Look

Compare Security Analytics Solutions

Automated Threat Management - in Real Time. Vectra Networks

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

<Partner Name> RSA NETWITNESS Intel Feeds Implementation Guide. Kaspersky Threat Feed Service. <Partner Product>

RSA INCIDENT RESPONSE SERVICES

CloudSOC and Security.cloud for Microsoft Office 365

The Cognito automated threat detection and response platform

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

RSA INCIDENT RESPONSE SERVICES

Incident Response Agility: Leverage the Past and Present into the Future

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

<Partner Name> <Partner Product> RSA NETWITNESS Logs Implementation Guide. Exabeam User Behavior Analytics 3.0

SIEM Solutions from McAfee

Security. Risk Management. Compliance.

SOLUTION BRIEF REMOTE ACCESS: WEBSHELLS SEE EVERYTHING, FEAR NOTHING

Integrated, Intelligence driven Cyber Threat Hunting

CYBER ANALYTICS. An Advanced Network- Traffic Analytics Solution

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Operationalizing the Three Principles of Advanced Threat Detection

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

USE CASE IN ACTION Splunk + Komand

MEETING ISO STANDARDS

Security Operations & Analytics Services

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Enhanced Threat Detection, Investigation, and Response

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

MITIGATE CYBER ATTACK RISK

Top 10 use cases of HP ArcSight Logger

RSA ECAT DETECT, ANALYZE, RESPOND!

Cybowall Solution Overview

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

What matters in Cyber Security

ForeScout Extended Module for Splunk

WHITE PAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESS-DRIVEN SECURITY THREAT DETECTION & RESPONSE OPTIMIZED SIEM

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

Not your Father s SIEM

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

SIEM Product Comparison

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Qualys Cloud Platform

Optimizing Security for Situational Awareness

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Stopping Advanced Persistent Threats In Cloud and DataCenters

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

GDPR: An Opportunity to Transform Your Security Operations

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

McAfee Advanced Threat Defense

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

<Partner Name> RSA NETWITNESS Security Operations Implementation Guide. Swimlane 2.x. <Partner Product>

The Critical Assets Filter for the SOC Focus discovery and analytics to expedite security investigations

SYMANTEC DATA CENTER SECURITY

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

This course incorporates a variety of hands-on lab exercises allowing participants to put the lesson content into action.

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Building Resilience in a Digital Enterprise

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Trend Micro Deep Discovery Training for Certified Professionals

How Vectra Cognito enables the implementation of an adaptive security architecture

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

RSA NetWitness Suite v11.0 Security Target

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Reducing the Cost of Incident Response

Transcription:

THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1

Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security operations Compliance solved, but breaches causing business damage are on the rise Limited detection due to reliance on logs from preventative controls & signatures Weak at investigation & incident response. Hard to find full scope of attack 2

IS YOUR SIEM FINDING THE ATTACKS THAT REALLY MATTER? 3

A LOGS-ONLY APPROACH TO SIEM ISN T WORKING 99% Percent of successful attacks went undiscovered by logs 4

HOW MUST SIEM EVOLVE? 5

AN EVOLVED SIEM SHOULD PROVIDE Full Visibility Deep Analytics Insight into the Attack Scope Eradication of Threats Visibility across Endpoints, Networks, Logs, VMs and the Cloud combined with threat intelligence and business context Multiple sets of analytic techniques: Behavioral, Data Science Modeling and Machine Learning Validation of incidents with Endpoint and Cloud visibility and analysis Enable security teams to act and mitigate the full attack before it can impact the business Consumption and transformation of data into actionable threat metadata Processing of large volumes of data for complete threat detection Accelerate Security Orchestration to understand the full scope of an attack 6

INTRODUCING A NEW TYPE OF SIEM: RSA NETWITNESS SUITE Visibility LIVE Analysis LIVE Action Cloud On Prem PACKETS LOGS ENDPOINT NETFLOW Intelligence & Context Tagging Enrich Real Time Detection LIVE Behavior Analytics Archiving FLEXIBLE INTEGRATION (API) Incident Management Investigation Advanced Analytics Compliance Reporting Session Reconstruction Endpoint Analysis RSA LIVE Threat Intel Biz Context Rules Parsers Reports Feeds Powered by RSA Research, Incident Response, Engineering & Community 7

DIFFERENT DATA == DIFFERENT ANSWERS What was Targeted? LOGS Alerts from Security Tools Windows & Linux Authentications Proxy Logs Did the Attacker Move Internally? Did the Exploit Occur and What Left the Network? NETFLOW PACKETS Lateral Movement Attempts Scanning Internal Network Beaconing and Suspicious Communications Command & Control Traffic Recreate Files that Traversed the Network Enterprise Visibility Does the Attacker Still Have A Foothold? ENDPOINT Time / Date Stomping Indicators about Malicious Files, Code, and Processes Scope of Infection RSA NetWitness Consumes and Normalizes ALL Available Threat Data Before Analyzing to Deliver Faster, More Accurate Results 8

RSA NETWITNESS ARCHITECTURE Capture, Process & Store (Decoder) Index & Query Metadata (Concentrator) Distributed query (Broker) Analytics, Correlation, Alerting (Event Stream Analysis) Alerting, Reporting, Investigation (NetWitness Application Server) 9

REINVENT THE ANALYST EXPERIENCE RESPOND Prioritize Incident Triage & Response with Incident Risk Score Reveal advanced attacks regardless of detection method with Incident Storyline Visual, nodal representation of Incident that Analyst can interact and pivot with. Collaborate with Incident Journal 10

{ { { REINVENT THE ANALYST EXPERIENCE INVESTIGATE Quick extraction of only necessary data Toggle layout including payload compression Toggle through sequential list of events Association between Meta and RAW text Distinguish certain bytes Base64, URL decoding Event List RAW Text Meta Data Single Combined View 11

ATTACKERS QUICKLY TURN COMPROMISES INTO BREACHES Minutes Hours Days Weeks Months Initial compromise Breach Breach Detected Spear Phishing Attack Malware Installed Communicate to External Server (C2) Lateral Movement Discover Critical Assets Data Exfiltration 3 rd Party Detection Breach Detected compromised in 82% MINUTES 99% of exfiltration occurred in DAYS discovered in 64% MONTHS 12

RSA NETWITNESS SUITE: AN ENTERPRISE-CLASS EVOLVED SIEM More than 400 supported devices OOTB Collection methods: syslog, Flat Files, SNMP, ODBC, Windows Agentless Cloud & API collection: VMWare, AWS, Azure, and Office 365 Configurable retention & BYO storage Easily configured correlation rules w/ ESPR support Compliance reporting for: HIPPA, ISO 27002, PCI, and many more Incredibly flexible deployment options w/ Virtual Log Collectors 13

THANK YOU 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback