NetWitness® is a revolutionary network monitoring platform that provides enterprises a precise and actionable understanding of everything happening on the network. NetWitness solutions are deployed in customer environments to solve a wide range of challenging information security problems including: insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data leakage, and continuous monitoring of security controls.
Visualize presents application and user content in a revolutionary way. Visualize is an extremely powerful analytical capability that enables the security professional to zoom in and out of collected traffic using their mouse or fingers, if equipped with a multi-touch monitor, and to drill down and see exactly what transpired over the course of time.
Users can quickly and efficiently scan through large volumes of objects such as audio, documents, images and video captured by NetWitness, render a visual timeline of an event, deeply interrogate all the activity (e.g. communications, data sent and received, audio transmissions, etc.), and understand all the rich context associated with each object. Visualize enables users to leverage all the rules, keyword searches, and other filters created in Informer to further refine and process the presented information. This capability drives efficiency and accuracy into many security use cases such as:
- Exfiltration of Proprietary Information- The ability to monitor and examine all images such as diagrams, schematics, whiteboard drawings, and other images captured by a mobile phone and sent outside the corporate network.
- Employee Investigation - What documents has an employee downloaded, sent or received during the last 6 months? Was there corporate confidential information in any of the documents, such financial information, released before a quarterly announcement? Has an employee’s productivity improved after being placed on performance review probation?
- Data Leakage Monitoring - The ability to create a daily report to inspect every document sent and received over the network during the past 24 hours regardless of port or protocol. Analysts can interrogate for corporate policy violations, Internet usage monitoring or offensive activities.
This information can also be used to spot Advanced Persistent Threats (APT) or malware infections where data is leaving the organisation or compromised devices are communication with command and control servers out on the Internet.
Recent Blog Entries
Why SSL VPN Still matters
In fact, it matters even more.
NetWitness Visualise
Your Network: Know everything, Answer anything.
How would you know that you have been hacked?
Think about it for a minute.
How can you secure ActiveSync traffic?
In the second of our series looking at how to secure mobile workers, we concentrate on the ActiveSync Protocol.
How should you develop a Mobile Security Policy?
For the next couple of weeks, we are going to focus on the move towards mobile working and explore the impact that this could have on existing security processes.
Is AntiVirus software really the answer?
AV Signature as Standalone Defence - Failure No Matter Where You Put It