Security & Behavioral Analytics
RSA NetWitness® Logs and Packets | RSA NetWitness® Endpoint
Security tools create so much data that it’s tough to uncover leading indicators of a real cyber attack. Enter security and behavioral analytics, which help to make sense of all that data and provide analysts with powerful capabilities for rapidly discovering advanced persistent threats.
- “Best Big Data Analytics Solution” – 2015 GSN Homeland Security Award
- “An opportunity for security organizations to propel their operations forward." - EMA
Leads to significant reductions in cyber threat detection, investigation, response and remediation times.
Detects both the “covert channels” attackers use to deliver malware to victims as well as communication between command-and-control (C2) sites and compromised hosts. This helps security teams spot advanced persistent threats earlier in the attack cycle, thereby reducing the amount of time those threats lurk on the network and greatly mitigating their impact.
Slashes the number of incidents to investigate from the thousands to low dozens while yielding more accurate alerts, minimizing false positives and eliminating the “noise” stemming from traditional security monitoring systems.
Alleviates resource burdens on under-staffed security teams by automating cyber threat detection.
Processes Data from Multiple Sources
Fully integrated with RSA NetWitness Logs and Packets and RSA NetWitness Endpoint. Inspects every network, packet session, log event and endpoint for threat indicators at time of collection and enriches this data with threat intelligence and business context.
Real-Time and Historical Analysis
Collects and examines multiple pieces of data in real time and over extended periods of time to determine the full scope of a cyber attack.
Statistical Analysis and Machine Learning
Applies statistical analysis to all data and uses modular machine learning techniques to speed cyber threat detection and response. Identifies suspicious activity in a number of ways, by looking for specific threat indictors and by distinguishing deviations from normal network and endpoint behavior.
Includes more than 300 advanced rules and data science models that analysts can use out of the box or customize. Requires no advanced knowledge of specific attacks and does not rely on signatures, rules or analyst tuning. Easily incorporates YARA rules and STIX data.
Rapidly scores and flags suspicious endpoint and network behavior using an intelligent risk-scoring algorithm that combines advanced machine learning techniques, behavioral indicators and aggregated cyber threat intelligence. Prioritizes incidents and provides a clear visual indication of their threat level.
Advanced Threat Detection
RSA NetWitness Logs and Packets detects threats and discovers cyber attacks that evade log-centric SIEM and signature-based tools. The only solution on the market that correlates full network packets with other security data, RSA NetWitness Logs and Packets allows security teams to better understand and reconstruct attacks, which in turn helps security operations teams implement more effective remediation plans.
RSA NetWitness Endpoint is an endpoint security tool that continuously monitors desktops, laptops, servers and other endpoints on and off your network. It collects full endpoint inventories and profiles in minutes, with no discernible impact on end-user productivity. Instead of relying on fallible signatures and rules to detect threats, RSA NetWitness Endpoint leverages behavioral analytics capabilities to identify new, unknown and targeted attack methods.
Advanced persistent threats don’t openly advertise themselves. They hide among all the other activities taking place in today’s complex IT environments and are built off the assumption that security teams lack both the tools and time to discover them. Prove attackers wrong with the security analytics capabilities of RSA NetWitness Logs and Packets.
Payroll and benefits processing provider ADP manages highly sensitive personal and financial information for millions of employees worldwide. Roland Cloutier, ADP’s Global Chief Security Officer, explains why he relies on RSA NetWitness Logs and Packets to protect that information, and he describes the capabilities he gets from it that traditional security technologies can’t provide.