RSA NetWitness

Organizations can deploy RSA NetWitness Logs & Packets across diverse network typologies and geographies, and scale it according to their data capture and performance requirements. It recreates full sessions (web browsing, FTP, email, etc.) so that analysts can literally see what happened during an attack (including what was stolen during an exfiltration) and identify root causes. Its automated behavior analytics provides insight into attacker tactics, techniques and procedures as they execute their attacks. RSA NetWitness Logs & Packets is Flexible, Scalable Architecture that Consists of three components which can be deployed virtually, on premise, in the cloud or using a hybrid approach: The capture infrastructure, which consists of a highly configurable Decoder that captures and stores raw log and packet data; a Concentrator that stores and indexes metadata for fast queries and retrieving raw data; and a broker that facilitates queries across a multisite deployment of Concentrators and Decoders. The analysis and retention infrastructure, which is made up of an Archiver that manages long-term data storage and an Event Stream Analysis (ESA) engine that processes high volumes of disparate event data and executes machine learning algorithms in real time. The security analytics server. It promises No Stone Unturned because it inspects every network, packet session and log event for threat indicators at time of collection and enriches this data with threat intelligence and business context. It Identifies Advanced Threats because it looks for myriad behavioral indicators to identify attacks that evade signature- and rules-based monitoring tools. It also provides Real-Time and Historical Analysis.