Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

RSA NetWitness Suite within the Security Stack

0 (0 Likes / 0 Dislikes)
Here is the typical architecture of an organization. Firewalls and other perimeter-based technologies are the first line of defense. Behind that, many have placed log centric SIEM technology. But unfortunately, this technology can only prevent and, or detect the known good and bad. Since we can't detect what we don't know, we need tools for advanced threat detection.

The reality is, none of the log detection tools that we see here have the ability to fulfill the need for advanced threat detection. Unfortunately, most compromises are accomplished with stolen or cracked identities and blend-in with user traffic. The logs will look normal. If we were to put a magnifying glass on the network, we would see that we are only collecting a portion of the information that is available by collecting packets and endpoint information. In addition to logs data, we can illuminate threat activity.

RSA NetWitness Suite is an evolved SIEM that lets you pull all of the data from disparate information sources. Including logs, packets, net-flow, and endpoint into a central platform. In fact, it can even ingest logs from existing third-party SIEM tools. Any threat intelligence and business context to analyze the data is another important aspect of advanced threat detection. In order to identify the unknown, we need information about how threat actors work. RSA NetWitness Suite provides an advanced set of intelligence capabilities that identify threat activity across your log, packet, and endpoint data layered with contextual intelligence such as asset criticality, business context, and end-user behavior. Your security teams can detect threat activity prior to an exfiltration. Thus, reducing any negative business impact on your organization. Let's go through some examples where logs alone won't help.

When it comes to breach management, it is crucial to understand the extent of the breach. Chances are the threat actors would leave no trace of the exfiltrated data on internal systems. But we need to know exactly what was taken. Thanks to RSA NetWitness packets, analysts have complete visibility of the data that was exfiltrated. With packet reconstruction, the file contents can be recreated. This enables an analyst to derive inside into the motives of the threat actors. Packets capture everything. Every email and all the files are contained within the packets. And can be reconstructed as part of a forensic activity. If the threat actor encrypts the file, we have an answer for that too. The commands' leverage to encrypt can be gathered with the RSA NetWitness Endpoint Solution. So for breach management, RSA NetWitness Suite provides a complete set of forensic tools to understand the motives of the threat actors.

Another potential scenario involves an employee falling prey to a phishing campaign. With RSA NetWitness Endpoint, the incident response analyst can quickly determine how the compromise occurred and how the specific exploit was installed. With this information, they can pivot in one click to determine if any other users have also been affected. Next, RSA NetWitness Endpoint can block the infected file to ensure additional users are not impacted. Phishing campaigns can be easily and quickly nullified with RSA NetWitness Suite. The benefits of an evolved SIEM like RSA NetWitness Suite are the flexibility to digest all the relevant data while growing and adapting with your business. Business context from a variety of sources can be easily incorporated. Thus, enriching your data, providing visibility. User details from active directory can be added, information regarding critical assets can be imported directly from RSA Archer and other sources for a complete business-driven security solution.

Hopefully, we have shown how log alerts from a traditional SIEM are no longer sufficient to protect your enterprise. An evolved SIEM like RSA NetWitness Suite which can adjust logs, packets, net-flow, and endpoint data is required for advanced threat detection.

Video Details

Duration: 5 minutes and 30 seconds
Country:
Language: English
License: All rights reserved
Genre: None
Views: 6
Posted by: william.duncan on Feb 6, 2018

RSA NetWitness Suite within the Security Stack

Caption and Translate

    Sign In/Register for Dotsub to translate this video.