RSA NetWitness® Logs & Packets
If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint and NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at RSA NetWitness Logs & Packets.Get the Data Sheet Watch the Screencast
SIGN UP FOR DEMO
Organizations can deploy RSA NetWitness Logs & Packets across diverse network typologies and geographies, and scale it according to their data capture and performance requirements.
Automated behavior analytics provides insight into attacker tactics, techniques and procedures as they execute their attacks. Detect Command and Control (C2) lateral movement for logs and packets.
Improve investigation and threat prioritization with security, risk and business context.
Recreates full sessions (web browsing, FTP, email, etc.) so that analysts can literally see what happened during an attack (including what was stolen during an exfiltration) and identify root causes.
Accelerate investigations with breath of visibility across logs and packets and depth of threat analytics.
Flexible, Scalable Architecture
Consists of three components which can be deployed virtually, on premise, in the cloud (AWS and AZURE) or using a hybrid approach: The capture infrastructure, which consists of a highly configurable Decoder that captures and stores raw log and packet data; a Concentrator that stores and indexes metadata for fast queries and retrieving raw data; and a broker that facilitates queries across a multisite deployment of Concentrators and Decoders. The Event Stream Analysis (ESA) module is a powerful analytics and alerting engine that enables correlation across multiple event types. Archivers manage long-term data storage
Identifies Advanced Threats
Looks for a myriad of behavioral indicators to identify attacks that evade signature- and rules-based monitoring tools.
Multiple Use Cases
Integrated platform which provides advanced cyber threat detection, incident forensics, breach response, compliance reporting and basic security monitoring.
No Stone Unturned
Inspects every network, packet session and log event for threat indicators at time of collection and enriches this data with threat intelligence and business context.
Real-Time and Historical Analysis
Collects and examines multiple pieces of data in real time and over extended periods of time, detects deviations from normal behavior, and creates a probability-weighted risk score for alerts based on these results.
RSA NetWitness allows us to take proactive steps in protecting our customers’ data before anything happens. It has helped us reduce our response times dramatically. We’re now able to provide our product managers, our product teams and management teams with much better answers in a much shorter period of time.
Manager of Security Operations Group, Adobe @ Adobe