d a t a s h e e t

RSA netwitneSS Live

Worldwide security intelligence

Key Benefits – Proactively optimize and automate

insight into advanced threats specific to your environment

– Reduce time to identify, assess and respond to incidents

– improve staff productivity and time to incident resolution

– Real-time, reliable and credible multi-source threat intelligence

As the threat landscape evolves, what’s the best way to directly leverage the collective

intelligence and analytical skills of the worldwide security community to ensure that you have

the most current visibility into attack vectors?

The Need for a CeNTralized ColleCTioN

Attack methodologies and exploit frameworks are evolving at staggering rates. the advanced

threat intelligence available to information security professionals increases by the day,

but can be overwhelming and often lacks prioritization or a means of direct operational

implementation. Proactive threat management also requires the use of parsers and queries that

consider zero-day attack vectors, but many security teams do not have the time or the training

to create this custom content.

live–The ThreaT iNTelligeNCe delivery SySTem

RSA netwitness Live is the one threat intelligence delivery system that elevates your

security operations center to another level by optimizing the time it takes to identify,

assess and respond to incidents. netwitness has partnered with the most trusted and

reliable providers in the security community, including our own research team to deliver,

correlate and illuminate the most pertinent information relevant to your organization and

fuses it with your network data in real-time.

Unlike other services which focus on single source intelligence, netwitness Live enables

users to tailor their sources received and the ability to employ their own intelligence

according to their unique environment and threat profile. Altogether, netwitness provides

the most dynamic, comprehensive threat intelligence service available.

THREAT INTELLIGENCEALERTSFEEDSAPPS

REPORTSPARSERS

CONFIGURATIONS

RULES

Live gathers the best advanced threat intelligence

and content in the global security community

Aggregates and consolidates only the most

pertinent information

LiveManager provides con�gurable

manager with a dashboard

Transparent integration with customer's live and recorded

network tra�c

Content ManagementSystem (CMS)

Live Manager

How Live Works

www.rsa.com

eMC2, eMC, RSA, the RSA logo, and netwitness are registered trademarks or trademarks of eMC Corporation in the United

States and other countries. All other trademarks used herein are the property of their respective owners. ©Copyright

2012 eMC Corporation. All rights reserved. Published in the USA. h9023-nwliv-ds-0112

Service Packages

Live is available at two levels: Basic and enhanced. Premium sources can be added to

an enhanced subscription for additional customization and industry-specific content.

features – Profilers–single platform and location

for netwitness verified and published profilers: indicators, parsers, reports, rules and software modules to help identify and verify the latest advanced threats

– identity–netwitness Live supports integration with Microsoft® Active Directory through Live Manager to associate data and activity with a specific user.

– Ability to integrate your own threat intelligence sources via Live Manager

– Definitively classify computers associated with botnets, malware and other malicious exploits

– identify network traffic associated with computers of the Specially Designated nationals List

– Synchronize with verified netwitness content derived from best-of-breed data feeds

– Standard report rules, categories and templates are available:

– Security–profile and alert on zero-day, botnets, malware and other intrusion activity with complete content

– it Operations–report and trend metrics across the OSi layers

– Business intelligence–profile data movement in real-time with full access to all events and content surrounding anomalous activity

– insider threat–monitor and profile computer, user, and resource activity across every application and device

– Legal–support e-discovery, criminal and HR investigations, or liability audits through network entity profiling and full content analysis

system requirements – windows® XP, 2003 Server,

vista, windows 7

– internet explorer 6+ or Firefox

– 1 ethernet Port

– netwitness investigator & capture infrastructure

BASICCONTENT CLASSIFICATION

ENHANCED PREMIUM*

Informer Threat / Security Reports

Open Source Community Intelligence

Core Content for Common Protocols / C&C Reports

Exploit Kit Identi�cation

Zero-Day Indicators / Compromise Indicators

Prioritized Risk Levels

RSA Security Threat Blacklist

APT Tagged Domains

Suspicious Proxies

Malicious Networks

NetWitness Identity (AD Integration)

Verisign® iDefense®

Open Source Threat IntelligenceAdvanced Threat Content

RSA Security A la Carte Fraud Intelligence &Financial Services Intelligence