Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

RSA NetWitness Suite - Evolved SIEM Sales Scenario

0 (0 Likes / 0 Dislikes)
RSA NetWitness Suite delivers an evolved SIEM, that is far beyond traditional log-centric SIEMs. The discussion begins with the customer requirements. In many cases, our offering can augment an existing log-centric SIEM. The first question you need to ask your SIEM customer is, are you finding the attacks that matter with your current log-centric SIEM? For many SIEM customers, the log-centric approach isn't working at all. In fact, 99% of all successful attacks went undiscovered by logs alone.

Many SIEMs were designed to meet compliance requirements, but they have limited visibility and detection capabilities. The threat landscape has shifted to business driven security, creating the need to find threats before business damage occurs. Take a look at Gartner’s priorities and what they have called out as the top three use cases for SIEM. There’s a focus on more basic security monitoring, advanced threat detection, forensics and incident response. Gartner knows that our traditional log-centric SIEM can only address basic security monitoring. So customers need additional capabilities to augment traditional log-centric SIEMs. Customers need an evolved SIEM that has deep visibility and the ability to detect advanced threats, perform forensics, and drive incident response. We addressed all three use cases with RSA NetWitness packets. Packets prioritize what matters by ingesting both threat intelligence and business context. They use this intelligence to tag metadata and use an analytics engine to prioritize incidence for security analysts. Analysts can answer the following questions immediately. What's the asset criticality? Have we seen this threat before? Analysts can now be laser focused with the remediation activities.

RSA packets enable analyst teams to answer the questions how bad was it? And what did an attacker get away with? Here is an example of how this all comes together with increased visibility. Logs are good for identifying if an incident has occurred. Perhaps, there has been an intrusion attempt where the attacker was trying to exploit a known web vulnerability. Logs, in the traditional SIEM use case, can quickly identify known exploits through standard rules for security monitoring. However, teams are then left struggling to identify the details of what actually occurred and determine the full scope of what’s happening across the enterprise. This is where packets comes into play. Packets can help the organization understand what actually occurred. This is where customers can get into the details of the steps the attacker took, reconstruct the sessions and replay the attack from all the relevant angles.

Here is a quote from one of our financial customers. Our log files contain 70 million lines per day. Of that 70 million, identifying those that might be Trojan communications was previously a very difficult undertaking. Using RSA NetWitness packets we were able to immediately zero in on malicious traffic cutting days of work out of our process. RSA NetWitness Suite can also ingest netflow. Netflow indicates lateral movement across the infrastructure. If an attacker establishes a foothold, packet visibility with netflow can identify east-west communication. Where the attacker is looking, or moving to, and determine if the attacker has moved across the environment to find valuable assets.

RSA NetWitness Endpoint Solution is rich with data and reveals the extent to which threats have infiltrated the environment. Endpoint answers the questions of where and how far has the attacker gone? Were other endpoints infected? And helps customers understand the full scope of the infection. RSA NetWitness Packets gives customers the value of session reconstruction in conjunction with business context and up to date threat intelligence. Since RSA NetWitness Packets gives analyst a complete story of what happened during an attack on the network. Packets are critical component of any threat detection and response campaign.

Video Details

Duration: 5 minutes and 9 seconds
Language: English
License: All rights reserved
Genre: None
Views: 6
Posted by: william.duncan on Feb 6, 2018

RSA NetWitness Suite - Evolved SIEM Sales Scenario

Caption and Translate

    Sign In/Register for Dotsub to translate this video.