NetWitness® Informer
RSA NetWitness® Informer sets a new standard for network security analytics. Informer is the application for enterprise-wide visualisation, alerting, reporting and real-time situational awareness. Informer outperforms traditional network security products on the market because it highlights critical areas of concern that are blind spots to traditional security products.
By having every session, communication, service, application and user’s activity recorded, reconstructed and exposed for analysis, the possibilities are endless as to what can be done in Informer. Zero day malware, botnets, policy evasion tactics, intentional data exfiltration, anomalous communications, compliance gaps, and other trends occurring on your network can become quickly apparent through Informer’s rules-based approach and dashboard. Informer uses a fully interactive and intuitive web-based user interface (UI) for viewing alerts, charting and tiled views, and employing the hundreds of standard reports and alerts.
">The UI also enables users of any skill level to quickly build their own custom alerts, queries, reports and rules. Informer is designed to immediately integrate into your existing security operations processes and deliver a level of real-time situational awareness that was previously unachievable.
NetWitness® Investigator
Investigator is based upon more than 10 years of development and deployment experience in some of the most demanding and complex customer environments. RSA NetWitness Investigator is the primary interactive analysis application of the NetWitness appsuite. Investigator provides unprecedented free-form contextual analysis on massive volumes of information exposed by the NetWitness NextGen infrastructure. Over 50,000 security professionals in 5,000 organizations across 179 countries rely upon NetWitness Investigator for answers.
When you need clarity and definitive answers to the most challenging questions, you need a level of fine-grained detail and the agility to quickly and efficiently examine application layer sessions in a way that is easy to comprehend. Unlike other products that display network traffic in the context of confusing network nomenclature and force an IP-centric view of the world, Investigator uses the NextGen Metadata Framework. The framework is a lexicon of nouns, verbs and adjectives - characteristics of the actual application layer content and context parsed by NextGen during session reconstruction at the time of capture. With its customisable user interface and unprecedented analytics, Investigator lets users analyse their network traffic in unlimited dimensions for complete situational awareness.
NetWitness® Spectrum
Zero-day and targeted malware is successfully compromising your network and evading existing signature-based security technologies, including preventative tools.
Why? Modern malware is designed to behave like legitimate traffic and communicate undetected. RSA NetWitness developed Spectrum in response to demand from security professionals for a tool that identifies and puts context around the attacks that tools looking for “known bad” miss.
RSA NetWitness Spectrum is an analytical workbench that revolutionises the identification, analysis, and prioritisation of malware-based threats to enterprise networks. Advanced security analysts understand that no tool can block all attacks. Spectrum helps enable security operations centres to identify and mitigate serious problems missed by both traditional and modern approaches to malware protection.
What makes Spectrum unique is its ability to see the full spectrum of attacks and analyse all the data in a network utilising four distinct investigation techniques that an advanced analyst would use to investigate and prioritise events. Spectrum automatically analyses every executable going across the network, and can answer questions about the behavior of files within the full context of an organisation’s network. This unique approach permits the security operation centre analysts to better determine “Which files are suspect? How malicious is it? What is it trying to do? Where else is it on the network? Which files deserve my attention more than others?”
|
NetWitness® Visualize
Visualize presents application and user content in a revolutionary way. Visualize is an extremely powerful analytical capability that enables a user (e.g. an analyst, incident responder, investigator) to zoom in and out of collected traffic using their mouse or fingers (if equipped with a multi-touch monitor) and to drill down and see exactly what transpired over the course of time.
Users can quickly and efficiently scan through large volumes of objects such as audio, documents, images and video captured by NextGen, render a visual timeline of an event, deeply interrogate all the activity (e.g. communications, data sent and received, audio transmissions, etc.), and understand all the rich context associated with each object. Visualize enables users to leverage all the rules, keyword searches, and other filters created in Informer to further refine and process the presented information. This capability drives efficiency and accuracy into many security use cases.
Visualize is provided at no additional cost with NetWitness Informer
NetWitness® Live
As the threat landscape evolves, what’s the best way to directly leverage the collective intelligence and analytical skills of the worldwide security community to ensure that you have the most current visibility into attack vectors?
Attack methodologies and exploit frameworks are evolving at staggering rates. The advanced threat intelligence available to information security professionals increases by the day, but can be overwhelming and often lacks prioritisation or a means of direct operational implementation. Proactive threat management also requires the use of parsers and queries that consider zero-day attack vectors, but many security teams do not have the time or the training to create this custom content.
RSA NetWitness Live is the one threat intelligence delivery system that escalates your security operations centre to another level by optimising the time it takes to identify, assess and respond to incidents. NetWitness has partnered with the most trusted and reliable providers in the security community, including our own research team to deliver, correlate and illuminate the most pertinent information relevant to your organisation and fuses it with your network data in real-time.
Unlike other services which focus on single source intelligence, NetWitness Live enables users to tailor their sources received and the ability to employ their own intelligence according to their unique environment and threat profile. Altogether, NetWitness provides the most dynamic and comprehensive threat intelligence service available.
NetWitness Panorama
Today's security threats are dynamic, multi-faceted and highly complex initiatives,often times drawn out over long periods of time. The current security tools are simply not designed to identify and investigate these types of advanced threats. In order to defend against these challenges security analysts and IT professionals require a comprehensiveand interactive view into their entire infrastructure.
Panorama, a new module in the RSA NetWitness family, delivers innovation in security analytics through the fusion of hundreds of log data sources with external threat intelligence. Combined with existing RSA NetWitness network monitoring products, Panorama can now provide enterprises with extraordinarily broad and robust high-speed visibility into the critical information needed to help detect targeted, dynamic and stealthy attack techniques.
|
