RSA NetWitness Suite Respond in Minutes, Not Months

Similar documents
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

THE EVOLUTION OF SIEM

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

MITIGATE CYBER ATTACK RISK

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

TRUE SECURITY-AS-A-SERVICE

SIEM Solutions from McAfee

RSA Security Analytics

Un SOC avanzato per una efficace risposta al cybercrime

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

CyberArk Privileged Threat Analytics

FOR FINANCIAL SERVICES ORGANIZATIONS

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

The New Era of Cognitive Security

RSA ADVANCED SOC SERVICES

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

GDPR: An Opportunity to Transform Your Security Operations

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Building Resilience in a Digital Enterprise

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

WHITEPAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESSDRIVEN SECURITY DETECTING AND RESPONDING TO THE THREATS THAT MATTER MOST TO THE BUSINESS

Security. Risk Management. Compliance.

Security. Made Smarter.

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Incident Response Agility: Leverage the Past and Present into the Future

CYBER RESILIENCE & INCIDENT RESPONSE

WHITE PAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESS-DRIVEN SECURITY THREAT DETECTION & RESPONSE OPTIMIZED SIEM

Behavioral Analytics A Closer Look

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

CloudSOC and Security.cloud for Microsoft Office 365

4/13/2018. Certified Analyst Program Infosheet

esendpoint Next-gen endpoint threat detection and response

Popular SIEM vs aisiem

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Traditional Security Solutions Have Reached Their Limit

Managed Endpoint Defense

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

Reducing the Cost of Incident Response

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Sustainable Security Operations

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

with Advanced Protection

Building a Threat-Based Cyber Team

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

RSA IT Security Risk Management

MANAGED DETECTION AND RESPONSE

Are we breached? Deloitte's Cyber Threat Hunting

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Operationalizing the Three Principles of Advanced Threat Detection

What matters in Cyber Security

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

deep (i) the most advanced solution for managed security services

align security instill confidence

Readiness, Response & Resilence:

AKAMAI CLOUD SECURITY SOLUTIONS

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

RSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Compare Security Analytics Solutions

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

White Paper. How to Write an MSSP RFP

BUILDING AND MAINTAINING SOC

Speed Up Incident Response with Actionable Forensic Analytics

Power of the Threat Detection Trinity

Whitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

RiskSense Attack Surface Validation for IoT Systems

NEXT GENERATION SECURITY OPERATIONS CENTER

CTI Capability Maturity Model Marco Lourenco

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Transcription:

RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations Report, as well as many other reports, highlights the fact that attackers are regularly outpacing the defenders. In fact, in the Verizon report, the attackers generally took days or less to compromise an organization and the defenders generally took much longer to discover those same attacks. The bottom line is that the attackers are generally winning. Why are attackers so successful? There are several reasons: Attackers are becoming more sophisticated and targeted, they have larger attack surfaces to exploit and organizations existing security controls are failing. Against this backdrop, organizations need to take their security incident detection, investigation and response capabilities or their Security Operations Centers (SOCs) to the next level. There are three areas of focus to most effectively improve these capabilities: people, process and technology. The RSA NetWitness Suite provides the foundation with pervasive visibility, enabling improved detection, investigation and recognize threats before the adversary can cause damage. RSA NetWitness Endpoint provides visibility into your endpoints at the user and kernel level to flag anomalous activity, provide machine/endpoint suspect scores and block/quarantine the process. RSA NetWitness SecOps Manager provides a solution to help better prioritize, investigate and respond to security incidents by automating and orchestrating your people, process and technology in a repeatable way. RSA Advanced Cyber Defense Practice provides services to assess and develop your SOC strategy, readiness and resilience. RSA Incident Response (IR) Practice provides services to help organizations detect and investigate incidents and breaches in order to identify root causes and develop containment and remediation plans. No matter where your organization is with respect to your security operations capabilities, you can leverage the RSA NetWitness Suite and take your organization to the next level to better detect, investigate and respond to security incidents. and response to security incidents. The RSA NetWitness Suite consists of individual technologies and services solutions that are integrated to provide a more comprehensive solution. RSA NetWitness Logs and Packets provides security visibility into your infrastructure from onpremise to public cloud services by ingesting in real-time logs, network packets and NetFlow data and analyzing this data using event stream analysis and behavior analysis models to detect Current Situation Threat actors are persistent and are leveraging open source methodologies to gain access and compromise organizations. It is simple and there is tremendous return on investment for attackers to collaborate and use previously engineered exploits. The open source methodologies are being used by cyber criminals, nation states and hacktivists for financial gains and to gain access to intellectual property (IP) or personally identified information (PII). Tools, Techniques and Procedures (TTPs) are the ways the attackers work to target, exploit and compromise an organization. In recent years, attacker TTPs have become more sophisticated, mimicking normal user and enterprise behavior, and undetectable by preventative, perimeter-based security controls. For example, phishing attacks typically use covert channels to deliver malware to victims, making it difficult to spot delivery SOLUTION BRIEF

of a malicious payload. Organizations are at a crossroads right now, having invested in perimeter-based, preventative controls and log-centric Security Incident and Event Management (SIEM) systems. Attackers are getting past the preventative controls and are going undetected by the SIEM by using valid user credentials, trusted access paths and new exploits that look like normal user behavior. Traditional perimeter-based security and SIEMs are not detecting the sophisticated attacker TTPs. As show in the diagram below, there is a white space where attackers are successful with their attack campaigns. data sources to detect and recognize sophisticated attacks before the attacker achieves their objective. By providing behavior analytics models, ESA is able to rapidly spot and understand attack behaviors without advanced knowledge of the attack or reliance on signatures, rules, or analyst tuning. For example, ESA can recognize sophisticated threat actors utilizing Command and Control (C2) well in advance of exfiltration of data by detecting anomalies in behavior of domains. RSA NetWitness Logs and Packets The first step in detecting and recognizing sophisticated attacks is to have complete, pervasive visibility with real-time behavior analytics. Visibility needs to be across: Data Sources Full Packet Capture, NetFlow and Logs Threat Vectors Endpoint, Network and Cloud RSA NetWitness Logs and Packets provides pervasive visibility across data sources and threat vectors, enriching the raw data with security context at time of capture and making it valuable for security analysts during detection and investigation of security incidents. Enrichment content is provided by RSA Live. RSA Live is the platform which delivers threat intelligence, business context and out-of-the-box content for parsing data sources, defining alert rules and reporting. Customers can get quick time to value by leveraging what others have already found with RSA Live. Event Stream Analysis (ESA) is the analytics engine for RSA NetWitness Logs and Packets. It correlates across RSA NetWitness Logs and Packets is a comprehensive solution that is purpose built for detecting and investigating security incidents. Once an attack is discovered in a customer environment, RSA NetWitness Logs and Packets can be leveraged to reconstruct sessions, enhance investigations with context from RSA NetWitness Endpoint and other sources to put an effective remediation plan in place. RSA NetWitness Logs and Packets goes above and beyond a traditional SIEM solution. While a SIEM solution is focused on fast ingest and correlation of logs, RSA NetWitness Logs and Packets provides pervasive visibility and analytics across multiple data sources and threat vectors to detect sophisticated attacks. Traditional SIEM vendors are focused on use cases as compliance or IT operations, while RSA NetWitness Logs and Packets is focused on detecting and investigating advanced security threats. RSA NetWitness Logs and Packets automates threat detection with its foundational capabilities.

For example, a series of attacker actions and a combination of anomalous activities by users and entities could be leading indicators of C2 communications which will require further investigation and counterstrike to stop the attacker. By having access to the right data, profiling attacker TTPs and detecting anomalies utilizing behavior analytics, RSA NetWitness Logs and Packets automates threat detection. RSA NetWitness Endpoint Endpoints such as Windows and Mac devices servers and laptop/desktops are threat vectors that attackers exploit by installing malware, gaining privileged access and exfiltrating sensitive data. It is imperative that organizations have visibility into the endpoints to detect threats that go undetected by traditional signature based solutions. RSA NetWitness Endpoint provides endpoint visibility into attacker exploits and is fully integrated with RSA NetWitness Logs and Packets. When RSA NetWitness Endpoint detects suspicious activity or anomalous endpoint behavior, alerts/events and critical endpoint data is sent to RSA NetWitness Logs and Packets for correlation and visibility into endpoints. Conversely, during security incident investigations, analysts can contextually pivot back and forth between RSA NetWitness Logs and Packets and RSA NetWitness Endpoint to reduce the amount of time spent on forensic analysis. RSA NetWitness Endpoint is a purpose built solution to identify endpoints that are at high risk of being compromised. The risk score of an endpoint is determined by a combination of machine and process behaviors on the endpoint. Risk score is calculated using data and analysis from threat intelligence feeds, behavior of network, process and file anomalies against indicators of compromise, destination IP information and others. If an endpoint is flagged as having a high risk score, it is suspicious and potentially could be compromised by an attacker and will require further investigation by the security analyst. RSA NetWitness SecOps Manager A Security Operations Center (SOC) is comprised of people, process and technology. The orchestration of people, process and technology increases the effectiveness of the overall SOC program. Investing in technology and considering how the three aspects of the SOC work together is an effective strategy. Orchestration and framework can increase the return on investment and maximize the value of resources in a SOC implementation. RSA NetWitness SecOps Manager provides the orchestration and framework for the SOC. It integrates with RSA NetWitness Logs and Packets, RSA NetWitness Endpoint and other third party security monitoring systems, aggregating events/alerts/incidents and managing the overall incident response workflow. The workflow and capturing of incident information is aligned with industry best standards such as NIST, US- CERT, SANS and VERIS. RSA NetWitness SecOps Manager caters to the multiple personas within the SOC from the analysts, incident coordinators, SOC manager and CISO providing a view on the overall effectiveness of the SOC program. By leveraging the Incident Response, Breach Response and SOC Program Management capabilities of RSA NetWitness SecOps Manager, an organization can guarantee that the overall security incident response functionality is being managed as an effective, predictable and consistent process.

RSA ADVANCED CYBER DEFENSE PRACTICE The RSA Advanced Cyber Defense Practice is a set of professional services that helps organizations improve their security maturity and posture, and prepare for and respond to security incidents and evolve with the threat environment. These services also help organizations develop strategies and tactics for building and improving their security operations programs, with a specific focus on the design and optimization of SOCs or incident response teams as well as the effective use of threat intelligence. RSA INCIDENT RESPONSE The RSA Incident Response Practice is a team of experts focused on helping customers investigate, respond and recover from a security incident or a breach. The team consists of an experienced, worldclass staff of incident response practitioners leveraging battle-tested processes and specialized technology that can limit the damage when a security incident is escalated to a breach. RSA IR services can be leveraged multiple ways from detection and response to retainer. INDUSTRY VIEWPOINTS Recently, industry pundits and analysts have published research and articles aligning with the RSA NetWitness Suite strategy. These articles and research highlight the capabilities required to implement an effective security incident detection, investigation and response program. These articles and research mention the following: The Network World Incident Response Fab Five article Required capabilities for an incident detection response program are: 1. Network Forensics 2. Host Forensics 3. Threat Intelligence 4. User, Behavior Monitoring 5. Process Automation Forrester: Security Analytics is the Cornerstone Of Modern Detection and Response Recommendations for Incident Response: 1. Must have security analytics platform 2. Must have comprehensive view of the network 3. Must be able to detect data exfiltration 4. Must be able to detect the unknown 5. Must have dedicated FTEs for incident response functionality The Gartner Technology Overview for MSSP Advanced Threat Detection Defense (April 2015) states: 1. Must perform traffic analysis and forensics 2. Need visibility to endpoint behavior and endpoint forensics RSA ADVANTAGE The RSA NetWitness Suite is a comprehensive set of solutions and services that improve the overall organizational effectiveness of the security incident detection, investigation and response process. From a solution perspective, RSA NetWitness Logs and Packets, RSA NetWitness Endpoint and RSA NetWitness SecOps Manager are fully integrated and can also integrate with third party security monitoring systems to provide comprehensive visibility, detect behavioral anomalies from endpoint to cloud and investigate and reconstruct attacker TTPs. From a service perspective, RSA Advanced Cyber Defense services can proactively help an organization assess the gaps in their security operations program and make recommendations to close the gaps from a people, process and technology perspective. RSA IR services can be leveraged when additional help is needed to investigate and respond to security incidents. RSA is one of few vendors that has the expertise and breadth of solutions and services to take an organization s incident response program to the next level. The RSA NetWitness Suite will provide immediate benefits to your organization if you are dealing with the following concerns: How well prepared do you believe your organization is for an attack and can you investigate in a timely manner? How do you identify which assets are being compromised and what type of data is

involved? What is your strategy for effective incident response and are you able to prove effectiveness to the C-levels? Are you sufficiently skilled and staffed to detect and respond to sophisticated attacks? EMC2, EMC, the EMC logo, RSA, the RSA logo, and Archer are registered trademarks or trademarks of EMC Corporation in the United States and other countries. VMware is a registered trademark or trademark of VMware, Inc., in the United States and other jurisdictions. Copyright 2016 EMC Corporation. All rights reserved. Published in the USA. 2/16 Solution Overview H14902. RSA believes the information in this document is accurate as of its publication date. The information is subject to change without notice.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback