Network Monitoring & Forensics
RSA NetWitness® Suite
Can your SIEM do this? When the clock is ticking with a cyber attack, you need to go beyond logs with packet capture and endpoint monitoring. You want a network monitoring tool that illuminates suspicious activity across your organization and captures detailed data about potential incidents to speed forensic investigations. With RSA NetWitness Suite, you get award-winning technology:
- Frost & Sullivan 2016 Global Network Security Forensics Enabling Technology Leadership Award.
- Best SIEM – 2015 & 2016 – American Security Today Homeland Security Award.
- Best Endpoint Threat Detection and Response Solution – 2015 GSN Homeland Security Award.
Gives analysts deep insight and visibility into their entire environment, from on-premise to cloud, to provide definitive answers to the questions: How did it happen? How long has it been on our network? How bad is it?
Automates detection of both command-and-control communications and attackers’ attempts to move laterally across your network.
Empowers your security team with intuitive workflows that guide Tier 1 analysts to be more productive and enhance Tier 3 analysts’ threat hunting activities.
Accelerates detailed reconstruction of cyber attacks across both network and endpoint during forensic investigations so analysts can more quickly grasp the full scope of an attack. Armed with these insights, analysts can implement more effective remediation plans.
Identifies high-risk indicators (e.g., advanced persistent threat domains, suspicious proxies, malicious networks, malware behaviors) and new cyber attack methods.
Preserves digital evidence and provides a detailed record of a cyber attack to assist legal teams and law enforcement in prosecution.
The Best Data for Early Threat Detection
Captures full network packets, NetFlow, logs (access, network security and systems performance/monitoring), and endpoint telemetry and enriches this data with threat intelligence and business context.
Extensive Threat Intelligence
Enriches raw packet, log and endpoint data at time of capture with threat intelligence from RSA’s research, engineering and incident response teams, the RSA customer community, and external sources.
Flexible, Scalable Architecture
Offering maximum deployment flexibility, the RSA NetWitness Suite can be scaled and deployed incrementally according to an organization’s needs and security priorities—whether with a single appliance or dozens, partial or fully virtualized deployments, on premise or in the cloud, with full endpoint visibility or more focused deployments on high-risk assets.
Faster Data Retrieval
Raw data is parsed into metadata and sessionized at capture time to support security analytics and event reconstruction. A highly intuitive and blazing fast user interface speeds data retrieval during investigations.
Security and Behavioral Analytics
Real-time behavioral analytics engine uses modular machine learning techniques to observe network traffic, baseline “normal” network and endpoint behavior and identify anomalies.
RSA NetWitness Logs & Packets detects threats and discovers cyber attacks that evade log-centric SIEM and signature-based tools. The only solution on the market that correlates full network packets with other security data, RSA NetWitness Logs & Packets allows security teams to better understand and reconstruct attacks, which in turn helps security operations teams implement more effective remediation plans.
RSA NetWitness Endpoint is an integral component of the RSA NetWitness Suite that provides organizations with deep visibility into endpoint behavior and threats. This visibility is transformed into powerful metadata, which allows security teams to see all processes, executables, and events along with network telemetry in one single workflow.
You might think logs provide more than enough information to detect cyber threats, but they only reveal what preventative controls have detected. In contrast, packets offer complete network visibility, and with RSA NetWitness Logs & Packets you get the best of both worlds, plus a behavioral analytics engine that processes huge volumes of data for analysts in real time.
RSA NetWitness Logs & Packets provides full visibility into the network traffic associated with Dynamic DNS, a method for hosting IP addresses that attackers frequently exploit to evade detection while stealing sensitive data. See how RSA NetWitness Logs & Packets helps to identify data exfiltration attempts that leverage Dynamic DNS in this brief report.
A WebShell is a piece of code that runs on a server to enable remote administration. While often used for legitimate purposes, WebShells are a favorite tactic of attackers, who use them to gain control of web servers. Once in control, attackers can disrupt services and steal data while quickly moving across a company’s network. Unlike traditional network security tools, RSA NetWitness Logs & Packets provides full visibility into all stages of a WebShell attack.
For Grupa Azoty, Poland’s largest chemical manufacturer, protecting its chemical information and intellectual property from falling into the wrong hands is of paramount importance. The company chose RSA NetWitness Logs & Packets for the visibility it provides into cyber threats and because it complements existing security infrastructure.