NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Similar documents
Security. Risk Management. Compliance.

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

RSA INCIDENT RESPONSE SERVICES

NEXT GENERATION SECURITY OPERATIONS CENTER

RSA IT Security Risk Management

Un SOC avanzato per una efficace risposta al cybercrime

RSA INCIDENT RESPONSE SERVICES

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

PALANTIR CYBERMESH INTRODUCTION

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

The Resilient Incident Response Platform

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

SIEM Solutions from McAfee

Unlocking the Power of the Cloud

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

MITIGATE CYBER ATTACK RISK

CYBER SOLUTIONS & THREAT INTELLIGENCE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

RSA Security Analytics

Reducing the Cost of Incident Response

SOLUTION BRIEF Virtual CISO

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Industrial Defender ASM. for Automation Systems Management

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Changing face of endpoint security

SIEMLESS THREAT MANAGEMENT

Novetta Cyber Analytics

SIEM: Five Requirements that Solve the Bigger Business Issues

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Help Your Security Team Sleep at Night

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Reinvent Your 2013 Security Management Strategy

Security Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017

Enhanced Threat Detection, Investigation, and Response

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

empow s Security Platform The SIEM that Gives SIEM a Good Name

with Advanced Protection

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Security. Made Smarter.

INTELLIGENCE DRIVEN GRC FOR SECURITY

Traditional Security Solutions Have Reached Their Limit

IPS-1 Robust and accurate intrusion prevention

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Are we breached? Deloitte's Cyber Threat Hunting

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Automated, Real-Time Risk Analysis & Remediation

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Managed Endpoint Defense

Integrated, Intelligence driven Cyber Threat Hunting

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Visual TruView Unified Network and Application Performance Management Focused on the Experience of the End User

Sustainable Security Operations

Carbon Black PCI Compliance Mapping Checklist

esendpoint Next-gen endpoint threat detection and response

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Snort: The World s Most Widely Deployed IPS Technology

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

FOR FINANCIAL SERVICES ORGANIZATIONS

in PCI Regulated Environments

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

CipherCloud CASB+ Connector for ServiceNow

Automating the Top 20 CIS Critical Security Controls

The Future of Threat Prevention

securing your network perimeter with SIEM

Client Health Key Features Datasheet. Client Health Key Features Datasheet

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

The Vectra App for Splunk. Table of Contents. Overview... 2 Getting started Setup... 4 Using the Vectra App for Splunk... 4

SIEM Product Comparison

Automated Threat Management - in Real Time. Vectra Networks

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Building Resilience in a Digital Enterprise

Managed Security Services - Endpoint Managed Security on Cloud

Transcription:

NetWitness Overview 1

The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate Ongoing cycle of purchases of preventative and detective measures where rate of failure = economic or material losses for the organization Threats Today Constantly Evolving Faster than preventative measures Various actors: Insiders, criminals, nation-state Numerous vectors: application-layer, APT, 0day and targeted malware, fraud, espionage, data leakage Commercial and Government Organizations Want Something Better To close these risk gaps And obtain the agility to deal with future changes to their IT needs and the threat landscape 2

NetWitness Is A revolutionary approach to enterprise network monitoring A platform for pervasive visibility into content and behavior Providing precise and actionable intelligence Know Everything. Answer Anything. 3

Know Everything... Answer Anything Invest in We need to better I understand am worried and about manage targeted the malware and APTs On Why What our risks are Certainty. critical high packed associated value threats or with How can I detect new assets, my -- insider how can I fingerprint and how obfuscated We need to Anti-Virus can threats we and executables examine IDS I want variants of Zeus have or certainty are other analyze visibility these activities in that being critical missing? our used incidents security into on end-user our as if we 0day malware on controls my my activity environment? are systems? had an HD video camera functioning and to be exactly alerted recording network? it all as on implemented? certain Invest types in of behavior? Agility. What critical threats my Anti-Virus and IDS are missing? Why are packed or obfuscated executables being used on our systems? I am worried about targeted malware and APTs -- how can I fingerprint and analyze these activities in my environment? We need to better understand and manage the risks associated with insider threats I want visibility into end-user activity and to be alerted on certain types of behavior? On our high value assets, how can we have certainty that our security controls are functioning exactly as implemented? How can I detect new variants of Zeus or other 0day malware on my network? We need to examine critical incidents as if we had an HD video camera recording it all 4

Introducing the NetWitness Network Security Analysis Platform Automated Malware Analysis and Prioritization Automated Threat Reporting, Alerting and Integration Freeform Analytics for Investigations and Real-time Answers Revolutionary Visualization of Content for Rapid Review 5

RSA Security Management Process Infrastructure Event Logs Network Activity State Configuration Identities Sensitive Data Vulnerabilities Collection and Correlation RSA Products Third Party Tools Prioritization Business Objectives Policies Regulations Visualization Investigation Remediation NetWitness is a critical element of the RSA Security Management Process: Collect all network activity Prioritize threats via real-time fusion with advanced intelligence feeds Investigate threats quickly via automated and freeform session analysis Visualize all network traffic in a rapidreview, multi-touch visual experience 6

Security Leaders Leverage NetWitness Security teams in high threat environments: 6 of the Fortune 10 70% of US Federal agencies Over 50,000 security experts around the world NetWitness is a cutting edge vendor for Network Analysis and Visibility. John Kindervag Forrester Research NetWitness is the last security appliance you will ever need to buy. Josh Corman 451 Group Recognize for outstanding performance: #21 in the 2010 Inc. 500, including #1 in the U.S. in enterprise software companies Winner of the SC People s Choice Award and numerous other industry achievements Traditional security measures like firewalls, intrusion detection, patch management, anti-virus, single tier DMZs are not enough to stop the new threats. CISO Major U.S. Federal Agency I rely upon NetWitness to detect and analyze malware that no other product can find. Director of Incident Response NY Health Care Provider 7

NetWitness Applications 8

Signature-Free, Automated Malware Analysis, Prioritization, and Workflow Spectrum Mimics the techniques of leading malware analysts by asking thousands of questions about an object without requiring a signature or a known bad action Leverages NetWitness Live by fusing information from leading threat intelligence and reputation services to assess, score, and prioritize risks Utilizes NetWitness pervasive network monitoring capability for full network visibility and extraction of all content across all protocols and applications Provides transparency and efficiency to malware analytic processes by delivering complete answers to security professionals 9

Automated Analysis, Reporting and Alerting Informer Flexible dashboard, chart and summary displays for unified view of threat vectors Get automatic answers to any question for Network Security Security / HR Legal / R&D / Compliance I/T Operations HTML, CSV and PDF report formats included Supports CEF, SNMP, syslog, SMTP data push for full integration in SIEM and other network event management 10

Getting Answers to the Toughest Questions Investigator Interactive data-driven session analysis of layer 2-7 content Award-winning, patented, port agnostic session analysis Infinite freeform analysis paths and content /context investigation points Data presented as the user experienced (Web, Voice, Files, Emails, Chats, etc.) Supports massive data-sets Instantly navigate terabytes of data Fast analytics - analysis that once took days, now takes minutes Freeware Version used by over 45,000 security experts worldwide 11

A New Way to Look at Everything Visualize Revolutionary visual interface to content on the network Extracts and interactively presents images, files, objects, audio, and voice for analysis Supports multi-touch, drilling, timeline and automatic play browsing Rapid review and triage of content 12

NetWitness Integration Leveraging the Power of NetWitness within Your Existing Infrastructure 13

NetWitness SIEMLink NetWitness SIEMLink - Light-weight Windows utility that generically enables network event interrogation by NetWitness from ANY existing system Compatible with any existing SIEM, IDS/IPS or log console or enterprise network management system Highlight-right-click functionality from any browser-based console Augment and empower interactive contextual analysis around every event your enterprise creates Event Console Get Instant Context via NetWitness Investigator and the NextGen Infrastructure Event: Buffer Overflow IP: 212.2.3.2 @ 11:32PM Tray Utility 14

NetWitness Is Designed to Integrate With Your Existing Investments 15

NetWitness Infrastructure 16

NetWitness Collection Architecture Decoder - Real-time, distributed, highly configurable network recording appliance (full packet) Concentrator - Aggregate and analyze data across multiple capture locations Broker - Request-brokering across entire infrastructure 17

Sample Deployment Options 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback