Worldwide security intelligence - Dell EMC · Worldwide security intelligence Key Benefits –...
Transcript of Worldwide security intelligence - Dell EMC · Worldwide security intelligence Key Benefits –...
d a t a s h e e t
RSA netwitneSS Live
Worldwide security intelligence
Key Benefits – Proactively optimize and automate
insight into advanced threats specific to your environment
– Reduce time to identify, assess and respond to incidents
– improve staff productivity and time to incident resolution
– Real-time, reliable and credible multi-source threat intelligence
As the threat landscape evolves, what’s the best way to directly leverage the collective
intelligence and analytical skills of the worldwide security community to ensure that you have
the most current visibility into attack vectors?
The Need for a CeNTralized ColleCTioN
Attack methodologies and exploit frameworks are evolving at staggering rates. the advanced
threat intelligence available to information security professionals increases by the day,
but can be overwhelming and often lacks prioritization or a means of direct operational
implementation. Proactive threat management also requires the use of parsers and queries that
consider zero-day attack vectors, but many security teams do not have the time or the training
to create this custom content.
live–The ThreaT iNTelligeNCe delivery SySTem
RSA netwitness Live is the one threat intelligence delivery system that elevates your
security operations center to another level by optimizing the time it takes to identify,
assess and respond to incidents. netwitness has partnered with the most trusted and
reliable providers in the security community, including our own research team to deliver,
correlate and illuminate the most pertinent information relevant to your organization and
fuses it with your network data in real-time.
Unlike other services which focus on single source intelligence, netwitness Live enables
users to tailor their sources received and the ability to employ their own intelligence
according to their unique environment and threat profile. Altogether, netwitness provides
the most dynamic, comprehensive threat intelligence service available.
THREAT INTELLIGENCEALERTSFEEDSAPPS
REPORTSPARSERS
CONFIGURATIONS
RULES
Live gathers the best advanced threat intelligence
and content in the global security community
Aggregates and consolidates only the most
pertinent information
LiveManager provides con�gurable
manager with a dashboard
Transparent integration with customer's live and recorded
network tra�c
Content ManagementSystem (CMS)
Live Manager
How Live Works
www.rsa.com
eMC2, eMC, RSA, the RSA logo, and netwitness are registered trademarks or trademarks of eMC Corporation in the United
States and other countries. All other trademarks used herein are the property of their respective owners. ©Copyright
2012 eMC Corporation. All rights reserved. Published in the USA. h9023-nwliv-ds-0112
Service Packages
Live is available at two levels: Basic and enhanced. Premium sources can be added to
an enhanced subscription for additional customization and industry-specific content.
features – Profilers–single platform and location
for netwitness verified and published profilers: indicators, parsers, reports, rules and software modules to help identify and verify the latest advanced threats
– identity–netwitness Live supports integration with Microsoft® Active Directory through Live Manager to associate data and activity with a specific user.
– Ability to integrate your own threat intelligence sources via Live Manager
– Definitively classify computers associated with botnets, malware and other malicious exploits
– identify network traffic associated with computers of the Specially Designated nationals List
– Synchronize with verified netwitness content derived from best-of-breed data feeds
– Standard report rules, categories and templates are available:
– Security–profile and alert on zero-day, botnets, malware and other intrusion activity with complete content
– it Operations–report and trend metrics across the OSi layers
– Business intelligence–profile data movement in real-time with full access to all events and content surrounding anomalous activity
– insider threat–monitor and profile computer, user, and resource activity across every application and device
– Legal–support e-discovery, criminal and HR investigations, or liability audits through network entity profiling and full content analysis
system requirements – windows® XP, 2003 Server,
vista, windows 7
– internet explorer 6+ or Firefox
– 1 ethernet Port
– netwitness investigator & capture infrastructure
BASICCONTENT CLASSIFICATION
ENHANCED PREMIUM*
Informer Threat / Security Reports
Open Source Community Intelligence
Core Content for Common Protocols / C&C Reports
Exploit Kit Identi�cation
Zero-Day Indicators / Compromise Indicators
Prioritized Risk Levels
RSA Security Threat Blacklist
APT Tagged Domains
Suspicious Proxies
Malicious Networks
NetWitness Identity (AD Integration)
Verisign® iDefense®
Open Source Threat IntelligenceAdvanced Threat Content
RSA Security A la Carte Fraud Intelligence &Financial Services Intelligence