SlideShare a Scribd company logo

NetWitness Overview

S
SilvioPappalardo

The document discusses the NetWitness network security platform. It provides situational awareness and deep visibility into network activity to detect advanced threats. When deployed, NetWitness immediately provides insight into what is happening on a network through its NextGen platform. This platform records all network data, filters it, and organizes it into a searchable framework to enable analysis, reporting, and visualization of network traffic. It uses various components and applications to interrogate the data, detect anomalies, and gain intelligence about security issues.

Related slideshows

cyber
cybercyber
cyber
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune System
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
 
1 of 8
Download to read offline
NetWitness Overview
AWARENESS CONFIDENCE ANSWERS Today’s stark reality: the ongoing failure to detect and prevent network intrusions drives a lucrative, global underground information economy supporting financial fraud, intellectual property theft, exfiltration of national secrets, reconnaissance of critical infrastructures and egregious violations of privacy. Despite ever-increasing investments in a variety of point security products, the evidence clearly illustrates that the patience, methods and sophistication of advanced threat actors render these technologies virtually blind. When you deploy NetWitness, you immediately achieve “situational awareness” – the deepest possible visibility into what is happening on your network at any time, and the most accurate insight required to obtain answers to the toughest security questions and enable better risk management and business decisions. 1
SECURITY RISKS ADDRESSED BY NETWITNESS Detection of Advanced Threats: Focusing on rapidly Continuous Security Controls Monitoring: evolving threats evading existing security technologies Evaluating the e cacy of security controls » Botnets » Application and content monitoring » Data exfiltration » Compliance verification » Designer malware » Fraud identification » Insider threats » Zero-day attacks Operational Risk Reduction and Management: Driving down exposure and enabling better management Acceleration of Incident Response Processes: Removing the guesswork and delivering answers » Exposure from broken business processes » eDiscovery support » Bridging gaps in existing technologies » Policy evasion » Improving incident response workflow » Determining incident scope » Knowing precisely what data was compromised
NEXTGEN ™ PLATFORM In order to achieve situational awareness across an entire enterprise, data pertaining to every network session, communication, service, application and user is recorded and indexed for analysis, trending and retrieval. The NetWitness NextGen network security monitoring platform enables this capability through a distributed, highly scalable infrastructure with real-time intelligence, analytics and visualization techniques. NetWitness NextGen is the single core security platform that makes situational awareness a reality through three core components: Decoder, Concentrator and Broker. Unique to NextGen, the platform provides a superior way to organize recorded network tra c into a framework of searchable data – the NextGen Metadata Framework. In the framework, a lexicon of nouns, verbs, and adjectives contain the definitive network and application layer content and context characteristics of your network tra c. Ultimately, the metadata becomes the key to real-time alerting, reporting, and interaction with massive volumes of reconstructed network sessions. 3
Decoder Concentrator Broker A highly configurable network A key component for analytical Used in the most demanding appliance that enables the real-time processing, Concentrator aggregates infrastructures, Broker is the top- recording, filtering and analysis of and indexes metadata produced tier of the hierarchy providing a all network data. Decoder converts by the Decoder(s) across multiple single point of access to all the the masses of raw network tra c capture locations and stores it for NetWitness metadata and is into searchable, usable information. analysis using Investigator, Informer, designed to operate and scale in Multiple NetWitness Decoders may be Visualize and other applications. any network environment. deployed, clustered and distributed on NetWitness Concentrators enable a network to provide high availability, global synchronization of network load balancing and maximize packet visibility, and o ers real-time, rapid capture and processing. query and e ective situational awareness by making the information readily available enterprise-wide. 4
ANALYTICS The interrogation, analysis and visualization of all the data captured by the NextGen infrastructure and organized in the Metadata framework is facilitated by a suite of NetWitness applications and analytics. 5
Informer on all session data within the NextGen Metadata Framework which illuminates the invisible – advanced threats to business An interactive and intuitive web-based dashboard for operations. It brings the Internet security community’s rapidly generating reports and alerts, trending events and visualizing evolving intelligence to your environment in an automated activity unseen with current monitoring technologies. Informer fashion. Live enables users to tailor their sources received includes design features that enable users of any skill level and the Profilers used, and to employ their own intelligence to easily personalize the dashboard and build custom alerts, according to their unique environment and threat profile. queries, reports and rules. Informer is the “Automated Analyst.” SIEMLink Visualize A utility application that seamlessly integrates with an existing An extremely powerful visual rendering capability that enables web-based IDS/IPS or SIEM console to enable immediate security teams to intuitively zoom in and out of collected access to NetWitness Investigator’s powerful analytics and tra c, to quickly and e ciently scan through large volumes show irrefutable evidence of compromise and loss or refute of objects, and to drill directly to key concerns that have false alarms. transpired over the course of time. SDK/API Investigator Free for rapid development of any conceivable analytical or Used by tens of thousands of experts around the world, content-based applications. Investigator provides unprecedented free-form contextual analysis on massive volumes of information exposed by the WHY NETWITNESS? NetWitness NextGen infrastructure. Users of Investigator can easily perform interactive analyses of complex security The NetWitness NextGen core network security platform problems and gather valuable network forensics to answer combines patented, proven infrastructure technology and questions quickly and with certainty. the most advanced analytics in the industry to o er an organization a unique ability to solve complex security Live problems, attain clarity and definitive answers, and directly leverage the collective intelligence of the worldwide security NetWitness Live directly leverages the intelligence of the community. NetWitness is designed to operate as the core worldwide security community by codifying multiple threat network monitoring platform because it is the only solution on intelligence feeds (commercial, open source, private and the market today providing the agility and scalability required research), validated NetWitness Profilers, user identities, and to e ectively adapt and confront the evolving threat landscape policy and compliance reports to cast unique perspectives and an organization’s risk management objectives. 6
10700 Parkridge Boulevard, 6th Floor | Reston, VA 20191 T: 703.889.8950 | F: 703.651.3126 | sales@netwitness.com Learn more at netwitness.com

More Related Content

NetWitness Overview

  • 2. AWARENESS CONFIDENCE ANSWERS Today’s stark reality: the ongoing failure to detect and prevent network intrusions drives a lucrative, global underground information economy supporting financial fraud, intellectual property theft, exfiltration of national secrets, reconnaissance of critical infrastructures and egregious violations of privacy. Despite ever-increasing investments in a variety of point security products, the evidence clearly illustrates that the patience, methods and sophistication of advanced threat actors render these technologies virtually blind. When you deploy NetWitness, you immediately achieve “situational awareness” – the deepest possible visibility into what is happening on your network at any time, and the most accurate insight required to obtain answers to the toughest security questions and enable better risk management and business decisions. 1
  • 3. SECURITY RISKS ADDRESSED BY NETWITNESS Detection of Advanced Threats: Focusing on rapidly Continuous Security Controls Monitoring: evolving threats evading existing security technologies Evaluating the e cacy of security controls » Botnets » Application and content monitoring » Data exfiltration » Compliance verification » Designer malware » Fraud identification » Insider threats » Zero-day attacks Operational Risk Reduction and Management: Driving down exposure and enabling better management Acceleration of Incident Response Processes: Removing the guesswork and delivering answers » Exposure from broken business processes » eDiscovery support » Bridging gaps in existing technologies » Policy evasion » Improving incident response workflow » Determining incident scope » Knowing precisely what data was compromised
  • 4. NEXTGEN ™ PLATFORM In order to achieve situational awareness across an entire enterprise, data pertaining to every network session, communication, service, application and user is recorded and indexed for analysis, trending and retrieval. The NetWitness NextGen network security monitoring platform enables this capability through a distributed, highly scalable infrastructure with real-time intelligence, analytics and visualization techniques. NetWitness NextGen is the single core security platform that makes situational awareness a reality through three core components: Decoder, Concentrator and Broker. Unique to NextGen, the platform provides a superior way to organize recorded network tra c into a framework of searchable data – the NextGen Metadata Framework. In the framework, a lexicon of nouns, verbs, and adjectives contain the definitive network and application layer content and context characteristics of your network tra c. Ultimately, the metadata becomes the key to real-time alerting, reporting, and interaction with massive volumes of reconstructed network sessions. 3
  • 5. Decoder Concentrator Broker A highly configurable network A key component for analytical Used in the most demanding appliance that enables the real-time processing, Concentrator aggregates infrastructures, Broker is the top- recording, filtering and analysis of and indexes metadata produced tier of the hierarchy providing a all network data. Decoder converts by the Decoder(s) across multiple single point of access to all the the masses of raw network tra c capture locations and stores it for NetWitness metadata and is into searchable, usable information. analysis using Investigator, Informer, designed to operate and scale in Multiple NetWitness Decoders may be Visualize and other applications. any network environment. deployed, clustered and distributed on NetWitness Concentrators enable a network to provide high availability, global synchronization of network load balancing and maximize packet visibility, and o ers real-time, rapid capture and processing. query and e ective situational awareness by making the information readily available enterprise-wide. 4
  • 6. ANALYTICS The interrogation, analysis and visualization of all the data captured by the NextGen infrastructure and organized in the Metadata framework is facilitated by a suite of NetWitness applications and analytics. 5
  • 7. Informer on all session data within the NextGen Metadata Framework which illuminates the invisible – advanced threats to business An interactive and intuitive web-based dashboard for operations. It brings the Internet security community’s rapidly generating reports and alerts, trending events and visualizing evolving intelligence to your environment in an automated activity unseen with current monitoring technologies. Informer fashion. Live enables users to tailor their sources received includes design features that enable users of any skill level and the Profilers used, and to employ their own intelligence to easily personalize the dashboard and build custom alerts, according to their unique environment and threat profile. queries, reports and rules. Informer is the “Automated Analyst.” SIEMLink Visualize A utility application that seamlessly integrates with an existing An extremely powerful visual rendering capability that enables web-based IDS/IPS or SIEM console to enable immediate security teams to intuitively zoom in and out of collected access to NetWitness Investigator’s powerful analytics and tra c, to quickly and e ciently scan through large volumes show irrefutable evidence of compromise and loss or refute of objects, and to drill directly to key concerns that have false alarms. transpired over the course of time. SDK/API Investigator Free for rapid development of any conceivable analytical or Used by tens of thousands of experts around the world, content-based applications. Investigator provides unprecedented free-form contextual analysis on massive volumes of information exposed by the WHY NETWITNESS? NetWitness NextGen infrastructure. Users of Investigator can easily perform interactive analyses of complex security The NetWitness NextGen core network security platform problems and gather valuable network forensics to answer combines patented, proven infrastructure technology and questions quickly and with certainty. the most advanced analytics in the industry to o er an organization a unique ability to solve complex security Live problems, attain clarity and definitive answers, and directly leverage the collective intelligence of the worldwide security NetWitness Live directly leverages the intelligence of the community. NetWitness is designed to operate as the core worldwide security community by codifying multiple threat network monitoring platform because it is the only solution on intelligence feeds (commercial, open source, private and the market today providing the agility and scalability required research), validated NetWitness Profilers, user identities, and to e ectively adapt and confront the evolving threat landscape policy and compliance reports to cast unique perspectives and an organization’s risk management objectives. 6
  • 8. 10700 Parkridge Boulevard, 6th Floor | Reston, VA 20191 T: 703.889.8950 | F: 703.651.3126 | sales@netwitness.com Learn more at netwitness.com