End-to-End Security Operations Management
RSA NetWitness is an intelligent suite of SIEM tools companies can use to streamline security operations with minimal human effort.
Integrating critical NOC/SOC modules such as endpoint detection, user and entity behavior monitoring, log collection, and security automation capabilities into a single platform allows security teams to continuously expand their threat intelligence and improve remediation efforts more effectively than ever before.
RSA NetWitness combines advanced threat intelligence capabilities with added business context to gives security analysts deeper visibility into network performances and burgeoning cyber threats.
Unified Security Platform
RSA NetWitness simplifies security operations by powering endpoint detection, network detection, SIEM, UEBA, and security automation capabilities from a single platform and pane of glass.
Security Program Orchestration
RSA NetWitness Orchestrate gives security teams the ability to automate key security operations as well as combine case management and collaborative investigation capabilities to streamline their overall security efforts.
Flexible, Scalable Architecture
RSA NetWitness is available in a number of deployment options, making it a flexible solution for any business regardless of their architecture or deployment requirements.
RSA NetWitness Solution Overview
Endpoint Detection and Response
RSA NetWitness Endpoint’s continuous monitoring and intelligent log collection of company endpoint activity gives security teams the agility and flexibility needed to significantly accelerate threat detection and response times. RSA NetWitness Endpoint leverages behavioral monitoring and machine learning algorithms to accurately analyze and identify advanced and/or non-traditional threats legacy EDR systems may overlook.
Continuous threat-aware authentication
Complete process visualization
Behavior analytics detection algorithms
Customizable risk-scoring engine
Network Detection and Response
To ensure security teams have complete visibility into network traffic at all times, RSA NetWitness Network provides analysts with intelligent and relevant information about the traffic as the network packets are parsed and contextualized in real time. This data analyzation spans the entire network across physical and virtual deployments to give security staff complete insight into the scope of any attack, current or historic.
- Enriched capture data to reduce false positives
- Real-time data visualizations and nodal diagrams
- Context and threat analytics
- Full packet capture
Orchestration and Automation
RSA NetWitness Orchestrate provides security teams with a suite of automation and collaboration tools that allow analysts to quickly and confidently respond to security threats with minimal human input. Automatically detect threats, log detailed event data, and carry out remediation scripts to maximize the effectiveness of your security efforts without the need to add skilled security personnel.
Intelligent automation capabilities:
Machine learning powered security “chatbot”
SLA tracking and metrics
Customizable map of related incidents across time
Evidence collection and journaling
Log Monitoring and Management
RSA NetWitness Logs automatically monitors and logs extensive network data across deployments and environments--ensuring security teams get the relevant and contextual details they need to make UEBA, regulatory compliance, threat mitigation, and incident forensics operations as quick and accurate as possible.
- Centralized log management
- Pre-defined and customizable compliance reports
- Dynamic log parsing technology
- Parse, enrich, and index data logs at capture
- Log ingestion of over 350 event sources
User and Entity Behavior Analytics
Detecting everything from abnormal user behavior and privileged account abuse to brute force attempts, RSA NetWitness UEBA gives companies the network monitoring and threat intelligence required to stop malicious behavior before it can cause significant damage to company assets. Able to detect threats at any stage in the attack lifecycle in real-time, RSA NetWitness UEBA will automatically alert the appropriate team to give insight into the threat and/or carry out incident response steps as necessary.
- Integrated behavior analytics detection algorithms
- First embedded endpoint-based UEBA
- Process visualization
- Continuous threat-aware authentication
- Single tamper-proof agent for logs, endpoint kernel, and metadata collection
- Innovative and customizable risk-scoring engine