Advanced Threat Detection Solution Series

The following use cases show how the RSA NetWitness® Suite helps organizations detect and respond to specific advanced threats including WebShells, Dynamic DNS, drive-by downloads, remote access Trojans and more.

The Latest Attacker Tools, Tactics and Procedures

Justin Grosfelt, an incident responder with RSA, discusses the ways in which adversaries target, compromise and exploit organizations. By understanding attackers' motives and modus operandi, organizations can better defend against, detect and respond to cyber threats.

Remote Access: Webshells

WebShells are a favorite tactic of attackers, who use them to access organizations' networks. RSA NetWitness Logs & Packets provides full visibility into all stages of a WebShell attack.

Dynamic DNS: Data Exfiltration

RSA NetWitness Logs & Packets provides full visibility into the network traffic associated with Dynamic DNS, a method for hosting IP addresses that attackers frequently exploit to evade detection and steal sensitive data.

Malicious Protocols: Gh0st RAT

Gh0st RAT is a remote access Trojan that attackers frequently use to control infected endpoints, log users’ keystrokes, download and upload files, and more. RSA NetWitness Endpoint can uncover and exorcise the Gh0sts haunting your machines.

Spear Phishing

Learn how RSA NetWitness Suite provides full visibility into all stages of a spear phishing attack, from delivery and exploit/installation to C2 beaconing, lateral movement and data exfiltration.

Drive-by Download

Drive-by downloads are a common technique attackers use to install malware on victims' computers. Early detection depends on having visibility into the network, log, netflow and endpoint activity that RSA NetWitness provides.

See It In Action

Cyber attacks target weak links and continue to bypass traditional security tools such as log-only SIEM systems, firewalls and intrusion detection systems. To proactively detect threats before they do damage, you need full visibility across logs, network, endpoint and the cloud. Request a live, use case-based demo of the RSA Advanced SOC solution.

Want a Demo?

Sign up for a free demo today and watch our products in action.

Ready to Buy?

It's easy. Speak with an RSA expert anytime to request a quote.