Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

Securing Data in the Cloud with RSA NetWitness Suite

0 (0 Likes / 0 Dislikes)
RSA NetWitness is a solution with an open platform that can support out-of-the-box SIEM integrations. This includes interoperability with Splunk, QRadar, FireEye, ArcSight and a variety of others. If customers are looking to augment their existing logcentric SIEMs by integrating with RSA Netwitness packet solution, it is easy to do so. In addition to this, there is a published rest API that allows any application that needs a way to facilitate integration to HTTP data, to seamlessly integrate into the solution.

A customer can take RSA Netwitness packets and plug it into almost any application. This is an advantage because the customer immediately benefits from both increased analyst efficiency and detection rates over a traditional SIEM alone. Another advantage of RSA Netwitness is the ability to deliver cloud security.

There are two separate areas of concern regarding the cloud. First: Is the monitoring of data in the cloud? As more and more customers are deploying applications into the cloud, how would they have visibility into that cloud infrastructure? How are they monitoring the application or resources that they are moving into that cloud? The second area focuses on enabling customers to deploy RSA Netwitness components in the cloud. RSA Netwitness delivers great visibility when it comes to logs and Office 365, Azure and AWS, as well as packets in AWS. We also enable customers to get visibility into virtulaized environments. Customers need to be able to see both the applications running in the cloud and all of the corresponding traffic. RSA Netwitness logs and packets solutions can run anywhere, on-prem or in the cloud and in hybrid environments. This chart may help you to determine what approach to take as you engage with customers. The first factor to determine is whether or not the customer already has a logcentric SIEM, and if so, are they happy with it? Questions like-What tools do you currently have in place or what is your primary source of incidents and alerts today will help you to determine whether they are focused on prevention, detection, or both.

If they are looking for a new SIEM, you should ask: Why? What is the use case? Compliance only or security as well? If they already have a SIEM, why did you buy it? Is it working for you? As you explore options with customers it will become evident that exclusion or preventative tools will not stop many of the sophisticated attacks. Most SIEMs need to be augmented with additional visibility. So help customers leverage their existing SIEM by adding packets and endpoint solutions so analysts can improve detection, investigation, and response capabilities while getting even more out of their SIEM investment. Here is a customer story, highlighting one of the benefits of augmenting their SIEM with RSA Netwitness packets. A utility company had concerns about phishing attacks.

During a proof of concept with RSA Netwitness packets, users called the IT department about a suspicious email. The customer was able to recreate the sessions for all of the users that had called in and see what happened. Additionally, RSA Netwitness packets discovered three other users that had downloaded the link who had not called the help desk. The administrator was also able to block the link to prevent future contamination of the network. The customer was able to determine that no credentials had been taken and nothing was compromised. As we have seen, RSA NetWitness packets delivers a multitude of advantages and benefits that help the customer maximize their existing SIEM investment and can add value to any SIEM environment.

Video Details

Duration: 4 minutes and 27 seconds
Language: English
License: All rights reserved
Genre: None
Views: 8
Posted by: william.duncan on Feb 6, 2018

Securing Data in the Cloud with RSA NetWitness Suite

Caption and Translate

    Sign In/Register for Dotsub to translate this video.