SIEM – Security Information and Event Management
< What it does >
Detect and respond to any threat, anywhere
NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.
Collects data across more capture points (logs, packet, netflow, endpoint), computing platforms (physical, virtual, cloud) and threat intelligence sources than other SIEMs.
Exposes the full scope of attacks and provides analysts with orchestration and automation capabilities to eradicate threats before business impact.
Advanced threat detection
Applies behavioral analytics, data science and threat intelligence to detect attacks in a fraction of the time of other platforms.
< Offerings >
What your SIEM was meant to be
NetWitness Logs gives you instant visibility into log data spread across your entire IT environment—simplifying threat detection and investigation, reducing attacker dwell time and supporting compliance.Manage logs
Network detection and response
NetWitness Network provides real-time visibility into all your network traffic with full packet capture—enabling you to detect threats as they traverse your network and reconstruct entire network sessions.Monitor your network
Endpoint detection and response
NetWitness Endpoint offers deep visibility into activity across all of your endpoints, on and off your network, so you can cut the cost, time and scope of incident response.Monitor endpoints
User and entity behavior analytics (UEBA)
NetWitness Detect AI is a SaaS offering that quickly detects unknown threats by applying advanced behavior analytics and machine learning to data captured by RSA NetWitness Platform.Identify unusual behavior