Threat Detection and Response for Advanced Persistent
An advanced persistent threat, also known as an APT, is a sophisticated cyberattack designed to evade traditional, signature-based security tools and linger in an organization’s environment undetected. Advanced persistent threats can go undetected for months or more; during that time, attackers become intimately familiar with an organization’s network, its security controls and the location of its sensitive data. APTs typically result in data theft.
The RSA NetWitness Platform for threat defense applies a unique combination of network traffic analysis, behavioral analysis, endpoint analysis, data science techniques and threat intelligence to detect advanced persistent threats and other targeted attacks and to automate threat response. It exposes the full scope of APTs and other attacks by providing unparalleled network and endpoint visibility, connecting incidents over time, and delivering deeper insights to analysts through automation and machine learning.
RSA NetWitness Network is the only platform that provides both Endpoint Detection and Response (EDR) and Network Detection and Response under a single platform.
Rapid and Automated Investigations
By analyzing data from across your organization’s entire IT infrastructure (both on premises and in the cloud), the RSA NetWitness Platform for threat defense allows analysts to natively and visually reconstruct network attacks and data exfiltration attempts in their entirety.
Integrated Threat Intelligence and Business Context
The RSA NetWitness Platform for threat defense automatically weaves threat intelligence and business context into the incident management lifecycle, making it far easier to prioritize threats based on their potential impact to your businesses.
Automated User and Entity Behavior Analytics (UEBA)
Our unique advanced analytics engine looks for potentially malicious issues across disparate data sets and correlates data across full network packets and endpoints, all prime attack vectors for today’s advanced persistent threats.
Network Detection and Response
The only solution that combines threat detection analytics, automated response and pervasive visibility across your network and endpoints in a single platform. The RSA NetWitness Platform for threat defense eliminates your security team’s blind spots and allows you to see far beyond what your log-centric SIEM can detect.
Faster Data Retrieval
Raw data is parsed into metadata and sessionized at capture time to support security analytics and event reconstruction. A highly intuitive and blazing fast user interface speeds data retrieval during investigations.
Proactive Threat Detection
Provides visibility across all internal and external network traffic, all the way down to individual endpoint processes, so that you can detect and respond to threats before they disrupt your business. Identifies high-risk indicators of compromise (e.g., advanced persistent threat domains, suspicious proxies, malicious networks and malware behaviors) and new attack methods.
Proactive Endpoint Protection
Makes it easy to find active intrusions inside your network so that you can catch them before these attacks reach your endpoints.
Detailed Attack Reconstruction
Accelerates detailed reconstruction of attacks occurring across your network and endpoints so that analysts can more quickly grasp the full scope of an attack campaign. Armed with these insights, security teams can implement more effective remediation and response plans.
Comprehensive Threat Tracking
Allows you to persistently track threats across all phases of the attack cycle, without blind spots.
The RSA NetWitness Platform for threat defense encompasses network detection and response, endpoint detection and response, security automation and orchestration, and user and entity behavior analytics.