RSA NetWitness® Logs & Packets
If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.Get the Data Sheet Watch the Screencast
SIGN UP FOR DEMO
Organizations can deploy the solution across diverse network typologies and geographies, and scale it according to their data capture and performance requirements.
Automated behavior analytics provides insight into attacker tactics, techniques and procedures as they execute their attacks.
Recreates full sessions (web browsing, FTP, email, etc.) so that analysts can literally see what happened during an attack (including what was stolen during an exfiltration) and identify root causes.
Flexible, Scalable Architecture
Consists of three components which can be deployed virtually, on premise, in the cloud or using a hybrid approach: The capture infrastructure, which consists of a highly configurable Decoder that captures and stores raw log and packet data; a Concentrator that stores and indexes metadata for fast queries and retrieving raw data; and a broker that facilitates queries across a multisite deployment of Concentrators and Decoders. The analysis and retention infrastructure, which is made up of an Archiver that manages long-term data storage and an Event Stream Analysis (ESA) engine that processes high volumes of disparate event data and executes machine learning algorithms in real time. The security analytics server.
Identifies Advanced Threats
Looks for myriad behavioral indicators to identify attacks that evade signature- and rules-based monitoring tools.
Multiple Use Cases
Integrated platform which provides advanced cyber threat detection, incident forensics, breach response, compliance reporting and basic security monitoring.
No Stone Unturned
Inspects every network, packet session and log event for threat indicators at time of collection and enriches this data with threat intelligence and business context.
Real-Time and Historical Analysis
Collects and examines multiple pieces of data in real time and over extended periods of time, detects deviations from normal behavior, and creates a probability-weighted risk score for alerts based on these results.
RSA NetWitness allows us to take proactive steps in protecting our customers’ data before anything happens. It has helped us reduce our response times dramatically. We’re now able to provide our product managers, our product teams and management teams with much better answers in a much shorter period of time.
Manager of Security Operations Group, Adobe @ Adobe