DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill sets, with cybersecurity skills topping the list. This trend is expected to continue for the foreseeable future, particularly when it comes to specific needs, such as advanced threat detection and maximizing the ROI on related technology investments, such as the RSA NetWitness Platform. Organizations seeking to address these challenges and complement in-house resources with additional subject matter expertise can avail of professional services from RSA Threat Detection & Response Practice, including advanced techniques on how to proactively hunt for initial signs of attack and stop the adversaries in their tracks. ADDRESSING THE RESOURCING TREND Technology expertise The RSA Threat Detection and Response Practice enables organizations to maximize the ROI on their RSA NetWitness investment by providing a holistic portfolio of solution fulfillment services. Complementary services addressing incident response and proactive hunting are offered by the Incident Response (IR) Practice. Customer requirements and expectations are best met when product deployments are adequately planned, implemented and maintained with regular upgrades and tuning, coupled with hands on knowledge transfer by our specialist IR team. RSA s range of capabilities and depth of expertise make it the partner of choice for organizations that want to maintain a security posture that evolves with the threat environment: Globally distributed team of practitioners. Trained, accredited and certified security professionals. Experience gained from thousands of engagements across a range of industries in the commercial and government sectors. Enterprise-level solution fulfillment addressing complex solution deployment requirements. Project management services to drive successful outcomes, remediate engagement risks and streamline communications. 2
RSA Solution Fulfillment Framework Services portfolio ranging from requirements analysis and solution design to deployment and go-forward solution management The RSA Threat Detection & Response and IR Practices are part of the RSA Global Services Organization, which provides a variety of additional and complementary information security services including: 3 Advanced Cyber Defense consulting services. Education services from RSA University. Product maintenance and Personalized Support Services, including Designated Support Engineer (DSE)and Technical Account Manager (TAM) from RSA Customer Support. RSA NETWITNESS PLATFORM Respond in minutes, not months The Threat Detection & Response Practice addresses solution fulfillment requirements across each of the RSA NetWitness Platform products: RSA NetWitness Network deployed to gain better network visibility and detect advanced threats and anomalies that bypass traditional defense mechanisms. RSA NetWitness Logs optimized to aggregate and correlate log data from traditional security alerting tools and mechanisms. RSA NetWitness Endpoint configured to highlight anomalies on host systems. RSA NetWitness SecOps Manager tailored to align with organizational structure and workflows while adding business context to prioritize alerting and enhance the protection of critical assets.
The portfolio includes services that accommodate differing requirements and maturity levels: Design and Implementation services to get the solution up and running, achieve early wins and accelerate time-to-value. Subscription services used throughout the year to progress the maturity of the solution and work hand in hand with the customer to identify and implement use case requirements and enhance overall solution effectiveness. The IR Practice also provides subscription services to facilitate hands-on proactive hunting conducted jointly with the customer and to relay deep technical knowledge transfer. Tuning & Optimization services recommended annually to maximize and tune solution performance, conduct minor upgrades of the environment to the latest release and implement additional features and functions such as RSA NetWitness Event Stream Analysis for correlation rules and advanced threat detection with data science modules. Performance Assessment services ongoing periodic (e.g., quarterly) reviews of the health statistics, metrics and usage activities, with recommendations for enhancement. Upgrade services implementation of major version upgrades for environments of all complexity levels. Event source integration services to accommodate the integration of log event sources, which are not otherwise supported out of the box. Custom services tailored consulting for platform migrations, technology integration, high-availability configurations, residencies, expert-on-demand staff augmentation and remote consulting. Offshore services lower-cost solution fulfillment by RSA Virtual Services Delivery (VSD) team. 4 RSA NetWitness Platform The Respond interface of RSA NetWitness is the main dashboard for initial triage, providing analysts with a nodal view and enabling them to assign, escalate and journalize the incident.
Analytic Intelligence services to share techniques that facilitate advanced threat detection. These are complementary services, such as the RSA Jumpstart for Analytic Intelligence, which is delivered by the RSA Risk and Cybersecurity Practice s Incident Response team. Offshore services lower-cost solution fulfillment by RSA Virtual Services Delivery (VSD) team. RSA NetWitness Platform The Endpoint interface displays a machine risk score based on the analysis of suspect files and libraries, which provides the analyst with a valuable tool for the detection and analysis of anomalies that have bypassed traditional defenses. 5 Security Operations Management services to support the integration of RSA NetWitness SecOps Manager with organizational Incident Response and Breach Management requirements. These are complementary services, such as the RSA SecOps Design Service, which is delivered by the RSA Risk and Cybersecurity Practice, Advanced Cyber Defense (ACD) team. Use Case Development services to address the specific threats to each organization (e.g., ransomware), including the development of the processes and procedures required at each stage of the incident management lifecycle, from detection through mitigation and lessons learned. Through a series of interviews, documentation reviews and interactive workshops, the use case objectives, threats, stakeholders, logic and testing requirements are defined and response procedure checklists are developed, providing the analyst with step-by-step instructions. Controlled Attack and Response Exercise services to review and stringently test the response capabilities of the incident response team. In a controlled attack scenario, ACD designs and conducts several capture-theflag exercises based on the customer s existing toolset and IR processes and procedures. Results are scored based on flag difficulty levels and reviewed with the customer to identify areas for improvement.
PUTTING IT ALL TOGETHER RSA targeted attack detection Security teams need to have the tools and skills to help them identify subtle indicators of compromise, because the traditional boundary protection approach has proven to be inadequate. Attackers leave clues at both the network and the host levels. This gives organizations a window of opportunity for remediation, once they have the right capabilities. RSA NetWitness provides those tools, and RSA Cybersecurity Practices provide the solution deployment, knowledge transfer and supporting skills necessary to redress the balance against attackers. In addition to these key technologies and services, customers use RSA NetWitness Live updates to enjoy ongoing access to shared intelligence resources that augment their security posture with a global, community-based world view. 6 RSA NetWitness Platform RSA Live Connect facilitates gathering, analysis and dissemination of community-based threat intelligence, enabling customers to collaborate with peers and stay ahead of adversaries.
ABOUT RSA RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA Global Services capabilities and award-winning products, organizations effectively detect, investigate and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud and cybercrime. RSA Global Services also offers battle-tested expertise from our Risk and Cybersecurity Practice, which includes the Advanced Cyber Defense and Incident Response Practices. Education services are available from RSA University, and product maintenance and Personalized Support Services are available from RSA Customer Support. For more information, go to rsa.com. 7 2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered trademarks or trademarks of Dell Inc. or its subsidiaries in the United States and other countries. All other trademarks are the property of their respective owners. RSA believes the information in this document is accurate. The information is subject to change without notice. 07/18, Data sheet, H15726 W137517.