SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Similar documents
RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

MITIGATE CYBER ATTACK RISK

FOR FINANCIAL SERVICES ORGANIZATIONS

RSA INCIDENT RESPONSE SERVICES

THE EVOLUTION OF SIEM

RSA INCIDENT RESPONSE SERVICES

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

WHITE PAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESS-DRIVEN SECURITY THREAT DETECTION & RESPONSE OPTIMIZED SIEM

CyberArk Privileged Threat Analytics

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

WHITEPAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESSDRIVEN SECURITY DETECTING AND RESPONDING TO THE THREATS THAT MATTER MOST TO THE BUSINESS

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Un SOC avanzato per una efficace risposta al cybercrime

Security. Made Smarter.

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

SIEM Solutions from McAfee

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

MEETING ISO STANDARDS

RSA Security Analytics

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Reducing the Cost of Incident Response

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Office 365 Buyers Guide: Best Practices for Securing Office 365

THE ACCENTURE CYBER DEFENSE SOLUTION

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

CloudSOC and Security.cloud for Microsoft Office 365

Best Practices in Securing a Multicloud World

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Building Resilience in a Digital Enterprise

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

A Risk Management Platform

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

The Cognito automated threat detection and response platform

Sustainable Security Operations

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

The Resilient Incident Response Platform

NEXT GENERATION SECURITY OPERATIONS CENTER

Securing Your Digital Transformation

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Behavioral Analytics A Closer Look

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Privileged Account Security: A Balanced Approach to Securing Unix Environments

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

GDPR: An Opportunity to Transform Your Security Operations

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Integrated, Intelligence driven Cyber Threat Hunting

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Defend Against the Unknown

Traditional Security Solutions Have Reached Their Limit

Sandboxing and the SOC

Security by Default: Enabling Transformation Through Cyber Resilience

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Managed Endpoint Defense

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Transforming Security from Defense in Depth to Comprehensive Security Assurance

McAfee Endpoint Threat Defense and Response Family

IDENTITY: A KEY ELEMENT OF BUSINESS-DRIVEN SECURITY

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

McAfee Total Protection for Data Loss Prevention

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

PALANTIR CYBERMESH INTRODUCTION

deep (i) the most advanced solution for managed security services

Fast Incident Investigation and Response with CylanceOPTICS

RiskSense Attack Surface Validation for IoT Systems

Are we breached? Deloitte's Cyber Threat Hunting

Imperva CounterBreach

Compare Security Analytics Solutions

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

esendpoint Next-gen endpoint threat detection and response

Operationalizing the Three Principles of Advanced Threat Detection

Microsoft Security Management

Power of the Threat Detection Trinity

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

SOLUTION BRIEF REMOTE ACCESS: WEBSHELLS SEE EVERYTHING, FEAR NOTHING

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

The New Era of Cognitive Security

Transcription:

RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

OVERVIEW Information security has been a major challenge for organizations since the dawn of the digital era. Today, however, a number of factors have combined to make security more challenging than ever before: The rapid industry transition to virtualized and cloud-based infrastructure has effectively broken the traditional perimeter-based security approach. Years of security best practices are swept aside, as data and processes can now reside anywhere, inside or outside the organization. Attackers are employing tools, techniques and procedures (TTPs) that are more sophisticated and impactful than ever before. No longer the purview of script kiddies and amateurs, cyber threats have been commercialized for mass use, most recently taking advantage of exploits originating in nation-state intelligence organizations. Business leadership no longer regards cybersecurity as a hygiene activity to be left to the IT department. Breaches and data leaks are causing lasting financial and reputational harm to organizations in every region and industry, getting the attention of C-suite and board members. Managing cyber risk has been elevated to a core business responsibility, not just an IT problem. RSA recognizes and understands these challenges, and offers evolved SIEM and threat defense tools and services that help organizations rapidly detect and respond to threats in this continuously evolving environment. RSA NETWITNESS PLATFORM The RSA NetWitness Suite provides pervasive visibility across a modern IT infrastructure, enabling better and faster detection of security incidents, with full automation and orchestration capabilities to investigate and respond efficiently. RSA NetWitness Platform takes security beyond SIEM, extending the traditional log-centric, compliance-focused approach to security to include state-of-the-art threat analytics, including user and entity behavior analytics (UEBA), and visibility into cloud, network and endpoints. PACKETS LOGS ENDPOINT NETFLOW THREAT INTELLIGENCE Ethernet connections Top Level Domain Content Type Browser Access Criticality File Fingerprints User Agent Mac Address Alias Non Standard Sql Query File Packers IP Src/Dst URL in Email 200+ User Name Country Src/Dst metadata Email Address Cookie Referrer fields Hostname Credit Cards IP Alias Forwarded Protocol Fingerprints Client/Server Application Embedded Objects HTTP Headers Ports Attachments Crypto Type Database Name URL PDF / Flash Version SSL CA/Subject Language Directory Connecting the Dots for Understanding of Full Attack Scope and Complete Investigations Failed Windows Login attempt Detected 22 Host Malware Detected 77 Lateral Movement Detected 57 Suspicious Beaconing 66 Prioritized True Cyber Threat Actual of 92 2 Figure 1: RSA NetWitness Platform Architecture

RSA NETWITNESS LOGS AND RSA NETWITNESS NETWORK RSA NetWitness Logs and RSA NetWitness Network provide security visibility across your infrastructure, from on-premises data centers to public cloud services. It captures real-time data from logs and network packets, as well as NetFlow data, and applies deep analytics, machine learning, UEBA and threat intelligence. Correlating alerts and indicators of compromise (IoCs) across an organization s IT infrastructure empowers security analysts to detect and recognize threats before the attacker can cause the intended damage. RSA NETWITNESS ENDPOINT RSA NetWitness Endpoint provides visibility into IT endpoints at the user and kernel level, to flag anomalous activity, provide machine/endpoint suspect scores and block/quarantine malicious processes. It provides its own free-standing analytics server, or endpoint data can be integrated with RSA NetWitness Logs & Packets to provide unmatched visibility across your IT infrastructure. RSA also makes a free RSA Endpoint Insights agent available for licensed RSA NetWitness Platform customers, to offer endpoint data collection including Windows logs. RSA NETWITNESS ORCHESTRATOR RSA NetWitness Orchestrator is a comprehensive security operation and automation technology that combines full case management, intelligent automation and orchestration, and collaborative investigation capabilities. RSA NetWitness Orchestrator enables security operations center (SOC) analysts to have consistent, transparent and documented threat investigation and threat-hunting capabilities by leveraging playbook-driven automated response actions, automatic detection and machine-learning powered insights for quicker resolution and better SOC efficiency. RSA NetWitness Orchestrator acts as the connective tissue not only for the RSA NetWitness Platform but across a SOC s entire security arsenal. RSA NETWITNESS UEBA ESSENTIALS RSA NetWitness UEBA Essentials extends the breadth of analytics to identify advanced threats. Leveraging user, network and endpoint behavioral profiling powered by static rules, advanced correlation, machine learning intelligence and statistical analytics, RSA UEBA Essentials identifies deviations from normal user behaviors. Attack vectors such as compromised credentials, abuse or misuse of privileged user accounts, insider threat, brute force and account manipulation are among detection indicators included. RSA NetWitness UEBA Essentials is available via RSA Live to all RSA NetWitness Platform customers, and extend the analytic capabilities that empower RSA customers to rapidly identify today s known and unknown threats. 3

RSA CYBERSECURITY SERVICES In addition to market-leading security technology, RSA offers advanced professional services to help organizations design effective security systems and processes, and to respond to security incidents including data breaches. RSA services utilize RSA NetWitness Platform (and other) tools when performing customer engagements. While RSA NetWitness Platform provides a powerful toolset for RSA professional services, their use of the platform creates a virtuous feedback loop, where continuous encounters with real-world threats inform both product development and threat intelligence activities. RSA ADVANCED CYBER DEFENSE (ACD) PRACTICE RSA Advanced Cyber Defense (ACD) Practice provides services to assess, design and implement an organization s SOC strategy. ACD services focus on readiness and resilience, helping customers implement world-class security. RSA INCIDENT RESPONSE (IR) PRACTICE RSA Incident Response (IR) Practice provides services to help organizations detect and investigate incidents and breaches. IR services are designed to identify root causes and guide customers in developing containment and remediation plans. VISIBILITY, PRODUCTIVITY AND BUSINESS-DRIVEN SECURITY What makes RSA NetWitness Platform different from other security platforms? There are several factors, including RSA s 36 years of leadership as a technology security company. The power of RSA NetWitness Platform delivers advantages in three critical areas: VISIBILITY To effectively combat sophisticated attacks, you need pervasive visibility across both data sources (packets, NetFlow and logs) and threat vectors (endpoint, network and virtualized/cloud-based infrastructure). Modern IT infrastructures simply don t follow the classic data center model. Virtualization and cloud strategies create real benefits, including lower costs and higher flexibility. Unfortunately, these things tend to make security much more challenging. It s a dynamic tension that falls upon the SOC to manage. RSA NetWitness provides the needed visibility into all components of your IT infrastructure, not just the traditional parts. Unlike companies that focus on logs, or network, or endpoints, or cloud, RSA NetWitness sees the full environment. 4 Why is this so important? Modern sophisticated threats are designed precisely to defeat traditional, perimeter-based defenses. They attack different resources and hide among normal traffic. Even if a risk event is

triggered in one control, it s increasingly likely that an attack features the use of multiple data sources and threat vectors. Pervasive visibility is the raw material for effective threat hunting. This allows analysts to see the full scope of an attack, and to respond decisively. PRODUCTIVITY RSA NetWitness Platform is designed to optimize the productivity of SOC personnel of all skill levels, from new security analysts to the most experienced threat hunters. It starts with the pervasive visibility discussed above; that s the raw material upon which a world-class SOC is based. The paradox is that collecting so much data exacerbates a primary problem of modern IT: the ever-increasing amount of data generated by applications and security controls makes it nearly impossible to find the threats hiding within. RSA NetWitness Platform solves this problem with powerful analytic capabilities. Its modular architecture handles massive amounts of raw data, enriching it with security context at time of capture. It then applies a set of sophisticated analysis tools, including machine learning, UEBA and public as well as RSA community threat intelligence. This process correlates disparate events and alerts into discrete investigations, automatically scoring each according to the likelihood that they represent an attack or exploit. This empowers security analysts to do their jobs better and faster. Level one analysts can quickly work through the prioritized investigation queue, distinguishing between benign alerts and true threats. They can tune the system to ignore alerts and processes that generate false positives, greatly increasing productivity. 5 Figure 2: RSA NetWitness Platform Respond Visualization Screen

Threat hunters become much more productive as well, with a rich toolset and an intuitive user experience that presents the information visually, and lets them drill down or pivot on any data point. In this manner, threat hunters can quickly evaluate and understand the full scope of an attack, and respond with confidence. As a byproduct of its threat detection and response capabilities, RSA NetWitness Platform enables security personnel to report on all security activity, both in the form of standard compliance reports as well as incident response outcomes. With governments worldwide enacting laws requiring breach notification and risk evaluation, having the power to show exactly what an attack exposed can be the difference between a public breach announcement and a contained incident. RSA NetWitness Orchestrator is a force multiplier for SOCs to standardize, scale, measure and continuously adopt security operations in an everexpanding threat landscape environment. It automates repetitive incident response tasks, adds context-rich metadata and empowers security analysts to respond faster with higher efficiency and reduce MTTR to a compromise. BUSINESS-DRIVEN SECURITY The focus on visibility and productivity makes RSA NetWitness Platform a great choice for any organization looking to deploy a world-class threat detection and response capability. Business context is the third major differentiator. The constant drumbeat of publicly exposed exploits and breaches makes it clear how expensive and damaging they can be. Business leaders now understand that IT risk is one of the most critical risks to be managed. RSA believes that the most effective security strategy is business-driven. RSA NetWitness Platform reflects this by uniting business risk and IT risk with a common language and framework, and integrating business risk data into the threat detection process. For example, RSA NetWitness Platform features the ability to integrate asset criticality data from various sources including RSA Archer. Good risk management leverages the fact that a CISO s laptop is more critical to an organization than a web server that hosts a company s cafeteria menus. By integrating this type of risk-based assessment into the data being fed through the analytics engine, risk scores can reflect both the threat being seen and its effect on the organization if it succeeds. This approach provides the bridge to the long-standing problem that IT and risk teams don t typically collaborate closely. RSA NetWitness Platform automates the process and puts focus on the threats that carry real business risk. 6 There are additional benefits to a business-driven approach, because it opens up the threat detection and response data set to drive other IT controls. For

example, RSA NetWitness Platform can use data to trigger identity platforms such as RSA SecurID. If unusual login or data transfer activity is detected from a particular user account, indicating possible credential compromise, RSA NetWitness Platform will be able to command the identity platform to activate step-up authentication. Any malicious activity is stopped in its tracks, while legitimate use is not affected. SUMMARY Organizations are experiencing a rapidly changing threat environment, and they need tools and services that can keep up with the changes. RSA NetWitness Platform is designed to offer the maximum amount of visibility, with automated analysis and prioritization, and in context of the real business risk of a threat. In this way, RSA NetWitness users can be sure they are seeing, and responding to, the threats that matter to their organizations. For more information about RSA NetWitness Suite, visit rsa.com/domore or contact your RSA Channel Account Manager or Authorized Distributor. 7 2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered trademarks or trademarks of Dell Inc. or its subsidiaries in the United States and other countries. All other trademarks are the property of their respective owners. RSA believes the information in this document is accurate. The information is subject to change without notice. 03/18, Solution Brief, H17051.