DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

Similar documents
SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

RSA NetWitness Suite Respond in Minutes, Not Months

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Novetta Cyber Analytics

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SIEM Solutions from McAfee

MITIGATE CYBER ATTACK RISK

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

Un SOC avanzato per una efficace risposta al cybercrime

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

McAfee Endpoint Threat Defense and Response Family

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

GDPR: An Opportunity to Transform Your Security Operations

Power of the Threat Detection Trinity

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Security. Made Smarter.

The Cognito automated threat detection and response platform

RSA ADVANCED SOC SERVICES

Fast Incident Investigation and Response with CylanceOPTICS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

THE EVOLUTION OF SIEM

FOR FINANCIAL SERVICES ORGANIZATIONS

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

McAfee Advanced Threat Defense

Integrated, Intelligence driven Cyber Threat Hunting

Sustainable Security Operations

INTELLIGENCE DRIVEN GRC FOR SECURITY

Imperva CounterBreach

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

Compare Security Analytics Solutions

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

deep (i) the most advanced solution for managed security services

CloudSOC and Security.cloud for Microsoft Office 365

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Sandboxing and the SOC

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

WHITE PAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESS-DRIVEN SECURITY THREAT DETECTION & RESPONSE OPTIMIZED SIEM

McAfee Investigator Product Guide

The Resilient Incident Response Platform

esendpoint Next-gen endpoint threat detection and response

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

SIEMLESS THREAT MANAGEMENT

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

How Vectra Cognito enables the implementation of an adaptive security architecture

McAfee Total Protection for Data Loss Prevention

An All-Source Approach to Threat Intelligence Using Recorded Future

Enhanced Threat Detection, Investigation, and Response

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

Managed Endpoint Defense

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

Defend Against the Unknown

Resolving Security s Biggest Productivity Killer

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Symantec Security Monitoring Services

<Partner Name> RSA NETWITNESS Security Operations Implementation Guide. Secdo Platform. <Partner Product>

A BETTER PATH: Security Enlightened. Security s Shift to the Cloud

PALANTIR CYBERMESH INTRODUCTION

WHITEPAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESSDRIVEN SECURITY DETECTING AND RESPONDING TO THE THREATS THAT MATTER MOST TO THE BUSINESS

SIEM: Five Requirements that Solve the Bigger Business Issues

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

McAfee epolicy Orchestrator

TRUE SECURITY-AS-A-SERVICE

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

The Critical Assets Filter for the SOC Focus discovery and analytics to expedite security investigations

CyberArk Privileged Threat Analytics

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Security. Risk Management. Compliance.

Building Resilience in a Digital Enterprise

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CYBER ANALYTICS. An Advanced Network- Traffic Analytics Solution

Incident Response Agility: Leverage the Past and Present into the Future

A Practical Guide to Efficient Security Response

Reducing the Cost of Incident Response

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Privileged Account Security: A Balanced Approach to Securing Unix Environments

ACTIONABLE SECURITY INTELLIGENCE

The New Era of Cognitive Security

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

TREND MICRO SMART PROTECTION SUITES

Securing Your Digital Transformation

Transcription:

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

KEY ANALYSTS BENEFITS: Gain complete visibility across your network Alleviate pressures from security staff shortages with intuitive workflows Focus on the threats that really matter with relevant context Faster root cause analysis reduces time and cost of incident response and investigation Drastically reduce dwell time by rapidly detecting and investigating threats Increase resolution rate with reduced time-to-remediation for incidents Completely understand the full scope of attacks across logs, packets, endpoints and your entire network with the RSA NetWitness Platform OVERVIEW Today s shortage of qualified security experts is a global security challenge for all enterprises. Having the right information at their fingertips is crucial for security analysts. Companies are confronted with thousands of alerts from multiple security solutions, and a myriad of tools across multiple screens. This can lead to delays in detection, and failure to respond to the real threats to their organization. The RSA NetWitness Platform empowers security teams to detect and understand the full scope of a compromise, because it analyzes data and behavior across an organization. Business and security context enriches data from logs, packets, endpoints, and NetFlow. The RSA NetWitness Platform transforms the data into more useful information through real-time enrichment with business context and threat intelligence delivered from a variety of sources. The Suite utilizes a unified taxonomy across all data sources to accelerate the detection of both known and unknown threats. The RSA NetWitness Platform is designed for analysts who are responsible for protecting valuable assets and networks. The accessibility of both business and security context throughout the user interfaces enables prioritization and results in faster threat detection and response. Whether it is business context such as asset criticality, user information from identity solutions, or threat intelligence, relevant information is easily accessible and highlighted for the analyst. Analysts are at the core of every security team or organization s defense strategy. The RSA NetWitness Platform empowers them with the following capabilities: Automated analytics and sophisticated tools to make every analyst better at what they do. Intuitive workflows to help alleviate pressures from security skills shortage. One of the biggest challenges facing security teams worldwide is How do we effectively prioritize threats? RSA NetWitness Platform answers that question of prioritization paralysis with intuitive interfaces for both initial Response workflow and detailed Investigation. Analysts can smoothly transition between triage activities and investigative activities to immediately gain a more comprehensive view of the metadata behind the incident. Analysts of all levels can increase their productivity with the flexibility to dive into any incident within Respond workflow or from the Investigation workflow. 2

SECURITY AND BUSINESS CONTEXT ACCELERATE THREAT PRIORITIZATION The Context Hub incorporates business and threat information that helps to identify and prioritize threats. The Context Hub provides an enrichment data lookup capability in both the Respond and the Investigation views to expose context data on demand. The sources for enrichment data include asset criticality directly from RSA Archer, Microsoft Active Directory, and threat intelligence sources; Respond or incident management; custom lists; Endpoints and various options for customers to incorporate their own external enrichment data. Context Hub enables relevant threat information such as whitelists, blacklists or custom watchlists to be imported and exported. In addition, Context Hub is integrated with RSA Live Connect service so that a RSA Live Connect Risk Assessment, in the form of a Risk Badge (Unsafe, High Risk, Suspicious, Safe, or Unknown), can show the risk level assigned to the entity by RSA Live Connect and other sources of risk factors. Context Hub Enrichment Sources RSA Archer Incorporate asset criticality with asset information Microsoft Active Directory Respond Custom Lists RSA NetWitness Endpoint Feed user behavior analysis and protect high-profile individuals and user roles Correlate with related incidents and alerts to see patterns and the full scope of an attack Trigger from detail in any CSV file to provide further context Complete the picture with information from RSA NetWitness Endpoint including machines, processes, files, etc. 3 As a result, incident responders and security teams gain unparalleled insights, allowing them to prioritize threats quickly and drastically reduce threat dwell time by focusing their response more effectively to protect their organizations. A FORCE MULTIPLIER FOR SECURITY ANALYSTS AND INCIDENT RESPONDERS The RSA NetWitness Platform concentrates and synthesizes relevant information for easy access by analysts. Toggling between a myriad of disparate tools can be frustrating and confusing, making it easy for an analyst to miss something. By creating visual clues and integrating tools such as a storyline and nodal diagrams for events, the respond process is streamlined. External tools, look-ups and screens are eliminated and therefore reduce the headaches of toggling between multiple tools. The RSA NetWitness Platform interfaces are designed to reduce both eye strain and the cognitive load on analysts.

Based on insights from hundreds of Incident Response situations, RSA NetWitness Platform is designed to streamline triage by providing all the relevant information on a single screen. Each component is designed to add value to and simplify the workflow. Correlated metadata and relevant business context is highlighted and made available to help the analysts to make better decisions. The result is that the workflows facilitate the development of analysts and help improve the productivity of the entire security team. The result is that the workflows facilitate the development of analysts and help improve the productivity of the entire security team. Figure 1 RSA NetWitness Platform RESPOND Interface Nodal View IDENTIFY AND UNDERSTAND THREATS AT A DEEPER LEVEL The flexible analyst interfaces are designed for analysts of all levels. It is a swim at your own level scenario. Analysts have access to tools to go as deep as their skill set enables. The exposure to investigation tools facilitates learning within the platform. Agents can select an incident and then begin to triage in Respond or they can transition to Investigate workflow for a deeper dive. Alternatively analysts can choose to go directly into the Investigate workflow. 4 Once an incident is selected the Respond workflow provides the Incident Details screen where an Overview, Indicators and Events views are available. The Indicators view provides a Storyline of the incident with a Nodal diagram or list view displaying relationships. All related alerts and indicators that generated the Incident are shown. The related indicators can include: Source/Destination IP, Hostname, Username, Domain Name, and Filename for the Indicator that triggered an alert. The Storyline is arranged in chronological order and helps the Analyst understand the full scope of the Incident by identifying other alerts/indicators that may be related but not part of the Incident. From the Storyline, an Analyst should be able to begin understanding what assets or elements of the environment might be affected by this Incident.

RSA NetWitness Platform highlights relevant information with an Interactive Nodal Diagram (in Figure 1) that shows relationships to provide visual insights. The nodal nature incorporates the intensity of connections and the occurrence frequency is revealed by the size of the node. The Nodal diagram paints a picture of what elements (metadata) are involved, and the activity and historical information is described in an easy-to-follow and comprehensive manner in the Storyline (Indicators) component. Analysts can hover and/ or click to reveal the next level of detail and reveal additional relationships. With a visual mapping of what is happening in their environment, analysts are able to respond faster to a wider range of incidents. While analysts still have visibility into the granular details of alerts and indicators within an incident, the nodal diagram provides a quick and easy way for them to visualize what happened during an incident. In addition, they can interact with the nodal diagrams and reveal additional relationships which facilitate interpretation. Analysts can leverage RSA Context Hub for security and business context and RSA Live Connect for crowdsourced, RSA-community-based threat intelligence and hash reputation from peers to aid security analysts in identifying and responding to threats more efficiently. As Analysts investigate an Incident and begin to understand the context of the threat, they can transition to the Investigate interface to explore the raw security data. Within Investigation, analysts can analyze key metadata, view session reconstructions, and explore the raw log events. Coupling the ability to deep dive into the source data, with visibility to related supporting Incident information allows the analyst to understand and explore the full scope and severity of an Incident while revealing relationships that might not be apparent without the visibility available in the RSA NetWitness Platform. SEE THE FULL SCOPE OF WHAT HAPPENED 5 Figure 2 RSA NetWitness Platform INVESTIGATE Interface

The Investigate interface is where deep analysis is enabled. RSA NetWitness Suite offers various methods of displaying the data, filtering the data, querying the data, acting on a drill point, and inspecting specific events. The Investigation workflow is designed for the more experienced analysts who typically would dive immediately into the colder deeper waters. The Investigate workflow encapsulates all the relevant elements to enable investigations by consolidating information for analysts into a single screen. Querying of metadata delivers not only related metadata and related sequential events but also a reconstruction of event analysis to speed investigations. Designed for the more advanced analyst (the Hunter), Event Analysis within Investigation workflow, provides several options for the advanced analyst to dig deeper, reconstruct events, see patterns, find clues in the data, and export artifacts including PCAPs and other information for future reference. Seeing is believing, but understanding builds knowledge. RSA NetWitness Event Analysis encompasses event reconstruction with interactive instruction. Bolstering analysts knowledge and capabilities through investigation provides ways for analysts to learn and perfect their talents as they start to easily sift through mountains of data. Empowering analysts to see the structures and interconnections within the data during triage of an incident or breach or while hunting for threats as they unfold. POWER OF PACKETS Within Investigate workflow, analysts can reconstruct spearfishing emails and fake web sites to aid investigations. This can help identify insider threats or understand the criminality behind threats. The devil is in the detail and powered with RSA NetWitness Packets, the relevant details are organized and presented so that security analysts can discern valuable information and neutralize threats faster. Event Reconstruction is enabled by the power of the details captured by packets and delivers the ultimate visibility to what really happened. Events which can then be reconstructed include Email messages, Web transactions, and IM conversations, just to name a few. This is like Instant Replay or having a security camera constantly monitoring relevant activity in your network. A reconstruction for emails will allow analysts to see the email header, who it was sent to, the sender and the entire body including all malicious components. Event Reconstruction delivers a level of depth for analysis that differentiates RSA NetWitness Packets capabilities for forensic activities. 6 Additional visibility capabilities include the highlighting and revealing of Common File Patterns and shading of HEX Bytes in packet analysis. Even for experts this helps make certain indicators stand out and increases overall efficiency. The shading helps reveal hidden patterns. Reconstruction capabilities, auto detection of common file patterns and the shading HEX Bytes all deliver additional depth of visibility.

See no evil, hear no evil. Stop pretending that ignorance is bliss. The critical part in any investigation is being able to see what actually happened. RSA NetWitness Packets empowers analysts to harness the evidence to determine what transpired in the environment. DIVE IN The RSA NetWitness Platform delivers pervasive visibility and actionable workflows for responding to and investigating incidents that illuminate the full scope of an incident. Since the Suite prioritizes incidents based on business and security context, analysts, regardless of their skill level can dive deeper with greater confidence, knowing they will not drown in alerts. SUPPORT RSA s world-class global support organization can enhance your security solution with a comprehensive support plan that provides important security alerts, valuable upgrades, and access to expert advice. RSA provides the resources you need to quickly and proactively resolve product-related issues and questions to ensure business continuity. For more information about RSA Support and Services, see the RSA Support page. NEXT STEPS For more information about RSA NetWitness Platform, visit rsa.com/domore or contact your RSA Channel Account Manager or Authorized Distributor. 7 2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered trademarks or trademarks of Dell Inc. or its subsidiaries in the United States and other countries. All other trademarks are the property of their respective owners. RSA believes the information in this document is accurate. The information is subject to change without notice. 04/18, Data Sheet, H16413.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback