Call a Specialist Today! 800-886-5369

RSA NetWitness Platform for Threat Defense
Advanced Persistent Threat Detection


RSA NetWitness Platform for Threat Defense

Overview:

The RSA NetWitness Platform for threat defense applies the most advanced technology to detect, prioritize and automate the response to threats in a fraction of the time of other platforms.

  • Detects intrusions that have bypassed log-centric SIEMs and preventative controls as they’re happening, so you can contain business impact
  • Exposes the full scope of advanced persistent threats, so you know exactly how to respond
  • Orchestrates and automates investigation and response, tripling the impact of your team

Threat Detection for Advanced Persistent Threats

An advanced persistent threat, also known as an APT, is a sophisticated cyberattack designed to evade traditional, signature-based security tools and linger in an organization’s environment undetected. Advanced persistent threats can go undetected for months or more; during that time, attackers become intimately familiar with an organization’s network, its security controls and the location of its sensitive data. APTs typically result in data theft.

The RSA NetWitness Platform for threat defense applies a unique combination of network traffic analysis, behavioral analysis, endpoint analysis, data science techniques and threat intelligence to detect advanced persistent threats and other targeted attacks and to automate threat response. It exposes the full scope of APTs and other attacks by providing unparalleled network and endpoint visibility, connecting incidents over time, and delivering deeper insights to analysts through automation and machine learning.

RSA NetWitness Platform Evolved SIEM

Features:


Rapid and Automated Investigations

Rapid and Automated Investigations

By analyzing data from across your organization’s entire IT infrastructure (both on premises and in the cloud), the RSA NetWitness Platform for threat defense allows analysts to natively and visually reconstruct network attacks and data exfiltration attempts in their entirety.

Integrated Threat Intelligence and Business Context

Integrated Threat Intelligence and Business Context

The RSA NetWitness Platform for threat defense automatically weaves threat intelligence and business context into the incident management lifecycle, making it far easier to prioritize threats based on their potential impact to your businesses.

Automated User and Entity Behavior Analytics (UEBA)

Automated User and Entity Behavior Analytics (UEBA)

Our unique advanced analytics engine looks for potentially malicious issues across disparate data sets and correlates data across full network packets and endpoints, all prime attack vectors for today’s advanced persistent threats.

Pervasive Visibility

Pervasive Visibility

The only solution that combines threat detection analytics, automated response and pervasive visibility across your network and endpoints in a single platform. The RSA NetWitness Platform for threat defense eliminates your security team’s blind spots and allows you to see far beyond what your log-centric SIEM can detect.

Faster Data Retrieval

Faster Data Retrieval

Raw data is parsed into metadata and sessionized at capture time to support security analytics and event reconstruction. A highly intuitive and blazing fast user interface speeds data retrieval during investigations.


Benefits:

Proactive Threat Detection

Provides visibility across all internal and external network traffic, all the way down to individual endpoint processes, so that you can detect and respond to threats before they disrupt your business. Identifies high-risk indicators of compromise (e.g., advanced persistent threat domains, suspicious proxies, malicious networks and malware behaviors) and new attack methods.

Detailed Attack Reconstruction

Accelerates detailed reconstruction of attacks occurring across your network and endpoints so that analysts can more quickly grasp the full scope of an attack campaign. Armed with these insights, security teams can implement more effective remediation and response plans.

Proactive Endpoint Protection

Makes it easy to find active intrusions inside your network so that you can catch them before these attacks reach your endpoints.

Comprehensive Threat Tracking

Allows you to persistently track threats across all phases of the attack cycle, without blind spots.