rsa netwitness for logs - dell emc filersa netwitness for logs seamless fusion of log and full...
Post on 08-Feb-2018
222 Views
Preview:
TRANSCRIPT
-
RSA NETWITNESS FOR LOGS
Seamless fusion of log and full packet data
Data Sheet
THE NEED TO IMPROVE ADVANCED THREAT DISCOVERY AND REMEDIATION
Organizations are wrestling with the need to access and use a variety of data sources
both to reduce the risk of advanced threats and to prove compliance. Log management
and SIEM systems are important elements of incident and threat management processes,
but have been constrained by a lack of a common lexicon, scalability, and agility to adapt
to the ever-changing threat landscape.
RSA NETWITNESS FOR LOGS UNIFIES LOG DATA WITH PERVASIVE NETWORK MONITORING
RSA NetWitness for Logs delivers an innovative fusion of hundreds of log data sources
with external threat intelligence to enterprises enabling extraordinarily broad and high-
speed visibility into the critical information needed to help detect targeted, dynamic and
stealthy attack techniques. NetWitness for Logs enables comprehensive security event
collection as an integrated component of the award-winning NetWitness platform. The
solution offers correlation and analysis of the large volumes of network and system data
needed for effective threat detection.
Benefits
Heightened visibility of threats
within a single product
Correlates log data with real-time
analysis and threat intelligence
to enable improved tracking of
advanced and emerging threats
Respond more rapidly and
effectively to incidents by quickly
determining context around a
specific event
Focus limited resources on
highest-risk issues
Todays security threats are dynamic, multi-faceted and highly sophisticated attacks oftentimes
executed over long periods of time. in order to defend against these challenges, security analysts
and iT professionals require continuous and pervasive visibility into their entire application, plat-
form, and network infrastructures for rapid detection and response.
100% Visibility with Reconstruction Session ID Log Tracking New Alerts Automated Reporting
Investigator Informer
-
EMC2, EMC, the EMC logo, RSA, NetWitness, and the RSA logo are registered trademarks or trademarks of EMC
Corporation in the United States and other countries. All other products or services mentioned are trademarks of their
respective companies. Copyright 2012 EMC Corporation. All rights reserved. Published in the USA.
h9085 netlog ds 0412www.rsa.com
ABOUT RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and
compliance management solutions for business acceleration. RSA helps the worlds
leading organizations solve their most complex and sensitive security challenges.
These challenges include managing organizational risk, safeguarding mobile access
and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key
management, SIEM, data loss prevention, continuous network monitoring, and fraud
protection with industry leading eGRC capabilities and robust consulting services,
RSA brings visibility and trust to millions of user identities, the transactions that they
perform and the data that is generated. For more information, please visit www.RSA.
com and www.EMC.com.
RSA NetWitness for Logs may be deployed in three ways:
As an extension to existing NetWitness deployments to combine the diverse information
contained in log files with the deep content of full traffic capture
Alongside the RSA enVision solution for powerful security analytics across the volumes
of log data collected by enVision
As a standalone log analytics module that can compliment other third-party SIEM tools
NetWitness for Logs leverages RSA enVision event source knowledge and reporting while
augmenting the back-end infrastructure with NetWitness scalable architecture. When
combined with an existing RSA NetWitness network monitoring deployment, complete
visibility into network traffic and enterprise logs is provided in a single, scalable system
no other security provider delivers this today. By combining these network and log
security insights into a reusable and normalized data framework, security analysts can
achieve the situational awareness required to rapidly and effectively respond to
advanced threats. NetWitness for Logs provides a basis for a single, intuitive SIEM user
interface presenting an unprecedented view of organizational activity across even more
of the IT infrastructure.
Features
Interactive data-driven analysis of
over 150 different log formats
Highly scalable sensor and
database architecture
Integrated within NetWitness
Investigator and Informer:
Correlatelogeventsinreal-time
through free-form contextual
analysis
Enablesthecombinedviewof
log and raw network packet
data previously unavailable in a
single product
Displayreportingandalertingof
log data
Rapidlybuildmulti-layered
reports for distribution to
security teams and
management
Drives the discovery of known
attacks through the fusion of
threat intelligence from RSA
NetWitness Livethe threat
intelligence delivery system
High speed connector from the
RSA enVision solution to
NetWitness for Logs enables
richer data feeds and in-depth
analysis
Out-of-the-box support for over
100 compliance and security
related reports
Customizable device type
language (enVision content 2.0)
System Requirements
Microsoft Windows XP, 2003
Server, Vista, Windows 7
Internet Explorer 6+ or Firefox
1 Ethernet Port
RSA NetWitness Investigator &
capture infrastructure
top related