Bigdata
Now Reading
RSA NetWitness
0
Review

RSA NetWitness

Overview
Synopsis

Integrated platform which provides advanced cyber threat detection, incident forensics, breach response, compliance reporting and basic security monitoring.The analysis and retention infrastructure, which is made up of an Archiver that manages long-term data storage and an Event Stream Analysis (ESA) engine that processes high volumes of disparate event data and executes machine learning algorithms in real time.

Category

Security Information and Event Management Software

Features

• Flexible, Scalable Architecture
• No Stone Unturned
• Real-Time and Historical Analysis
• Identifies Advanced Threats and Multiple Use Cases

License

Proprietary

Price

Contact for Pricing

Pricing

Subscription

Free Trial

Available

Users Size

Small (<50 employees), Medium (50 to 1000 Enterprise (>1001 employees)

Company

RSA NetWitness

PAT Rating™
Editor Rating
Aggregated User Rating
Rate Here
Ease of use
7.6
6.3
Features & Functionality
7.6
9.4
Advanced Features
7.6
9.5
Integration
7.6
3.6
Performance
7.6
5.1
Training
7.2
Customer Support
7.6
0.0
Implementation
0.0
Renew & Recommend
Bottom Line

Collects and examines multiple pieces of data in real time and over extended periods of time, detects deviations from normal behavior, and creates a probability-weighted risk score for alerts based on these results.

7.6
Editor Rating
5.1
Aggregated User Rating
5 ratings
You have rated this

Organizations can deploy RSA NetWitness Logs & Packets across diverse network typologies and geographies, and scale it according to their data capture and performance requirements. It recreates full sessions (web browsing, FTP, email, etc.) so that analysts can literally see what happened during an attack (including what was stolen during an exfiltration) and identify root causes. Its automated behavior analytics provides insight into attacker tactics, techniques and procedures as they execute their attacks. RSA NetWitness Logs & Packets is Flexible, Scalable Architecture that Consists of three components which can be deployed virtually, on premise, in the cloud or using a hybrid approach: The capture infrastructure, which consists of a highly configurable Decoder that captures and stores raw log and packet data; a Concentrator that stores and indexes metadata for fast queries and retrieving raw data; and a broker that facilitates queries across a multisite deployment of Concentrators and Decoders. The analysis and retention infrastructure, which is made up of an Archiver that manages long-term data storage and an Event Stream Analysis (ESA) engine that processes high volumes of disparate event data and executes machine learning algorithms in real time. The security analytics server. It promises No Stone Unturned because it inspects every network, packet session and log event for threat indicators at time of collection and enriches this data with threat intelligence and business context. It Identifies Advanced Threats because it looks for myriad behavioral indicators to identify attacks that evade signature- and rules-based monitoring tools. It also provides Real-Time and Historical Analysis.

Filter reviews
User Ratings





User Company size



User role





User industry





Ease of use
Features & Functionality
Advanced Features
Integration
Performance
Training
Customer Support
Implementation
Renew & Recommend

What's your reaction?
Love It
0%
Very Good
0%
INTERESTED
0%
COOL
0%
NOT BAD
0%
WHAT !
0%
HATE IT
0%