本文へスキップ
RSA Conference 2024でNetWitnessを紹介します!
ブース#254にお立ち寄りいただくか、専門家とのミーティングをご予約ください。 今すぐご予約を!
バーガーメニュー
ブログ

デジタル世界の安全確保

ndr security

UNC3886と可視性危機:ネットワーク検知・対応(NDR)が従来のセキュリティでは見逃していたものを明らかにする

They don’t lock your files. They infiltrate your foundations. And if you’re relying on endpoint detection alone, you’re already playing catch-up.  UNC3886 is a state-linked advanced persistent threat (APT) group that doesn’t behave like most attackers. Their goals aren’t financial. They’re strategic. And their playbook is built around one central idea: hide in the one place most defenses can’t see.  This is the kind of threat that demands a shift in how cybersecurity leaders think about detection, response, and long-term resilience. Let’s break down what makes UNC3886 different and why Network Detection and Response NDR security is now critical for any enterprise protecting sensitive infrastructure.    What Makes UNC3886 Different  […]

もっと読む
Red Team’s Role in Strengthening Your Incident Response Playbook

インシデント対応プレイブックの強化におけるレッドチームの役割

Cyber threats have evolved far beyond generic malware or basic phishing emails. Today’s adversaries operate with advanced tactics, stealth, and patience. Yet many organizations continue to rely on incident response playbooks designed for theoretical attacks rather than real-world adversary techniques. This mismatch creates a dangerous illusion of readiness.  Red Teaming changes that. Red Teams act as real attackers, deploying authentic tactics, techniques, and procedures (TTPs) to challenge every aspect of your security program. Their exercises don’t just identify weaknesses—they force your teams to think, adapt, and respond under true adversarial pressure. Integrating Red Team exercises into your incident response planning services transforms your playbook from a compliance document into an […]

もっと読む
Situational Awareness in Cybersecurity: A Key Step in Incident Response

Situational Awareness in Cybersecurity: Why It’s a Key Step in Incident Response

Cybersecurity threats rarely show up out of nowhere. In most enterprise breaches, signs were present long before the damage was done. But without situational awareness, those early indicators go unnoticed, buried in noise or lost in silos. That’s what turns a minor anomaly into a full-scale incident. Situational awareness isn’t just a military or physical security term anymore. In cybersecurity, it’s the foundation of incident containment and remediation. Without a clear, real-time picture of what’s happening across your network, endpoints, and cloud assets, you’re reacting in the dark. Let’s break it down.   What Is Situational Awareness in Cybersecurity? Situational awareness in cybersecurity is an organization’s ability to perceive threats […]

もっと読む
incident response services

Choosing the Right Incident Response Services for Your Enterprise

When a cyberattack strikes, time isn’t on your side. Every moment you delay in identifying and containing an attacker adds to the amount of time needed to expel them and repair the mess they made. Every minute an advanced persistent threat (APT) is allowed to roam your networks, increasing the potential for financial, reputational, and regulatory ruin. That’s why investing in incident response services isn’t optional. It’s essential.  But with so many incident response companies claiming fast, expert-led defense, how do you find the right one for your enterprise?   Let’s break it down.    Why Incident Response Services Matter Now  Cyber threats are evolving. In 2023 alone, notable supply chain […]

もっと読む
incident response services

Inside the Incident Response Process: A Step-by-Step Guide for Modern SOCs

Security Operations Centers (SOCs) are the eyes and ears of your organization, scanning for threats 24/7. They’re the ones who see that odd 3 AM login attempt and ask, “Is this just Dave from Finance on vacation, or are we under attack?” But spotting danger is just the start. When a breach is real and critical systems are at risk, the SOC hands over to the Incident Response (IR) team – the cybersecurity surgeons who dive deep, remove the threat completely, and make sure it never returns.  This guide takes you inside the incident response process, showing how SOCs and IR teams work together seamlessly. From the first alert to complete […]

もっと読む
cyber defense

Unlocking Proactive Pre-emptive Cyber Defense: What the NetWitness + BforeAI Integration Means for Real Use Cases Today

In our modern today’s threat environment landscape, reactive defense is no longer enough. Modern security teams need the power to predict, prioritize, and respond to threats before they become incidents. That’s why we’re excited to announce a strategic integration between NetWitness, a leading threat detection and response platform, and BforeAI, a pioneer in predictive attack intelligence and brand protection. surface management and threat anticipation.  This partnership represents more than a technical alignment, it’s a transformation in how we enable SOC teams to think pre-emptively proactively, act faster, and reduce (or eliminate) the dwell time of adversaries.  Why NetWitness + BforeAI?  NetWitness provides deep visibility and analytics across logs, network packets, […]

もっと読む

ブレイブ・ザ・ストームソルト・タイフーンの航跡をサーフィンし、そこから私たちが学べること、学ぶべきこと

2024 saw significant global events – from the Paris Olympics to medical breakthroughs – but it also brought concerning cyber incidents, particularly the Salt Typhoon attacks targeting U.S. telecommunications. This sophisticated, nation-state-backed group (linked to China’s MSS) exploited vulnerabilities across industries, wreaking havoc on sensitive infrastructure. Dive deep into this breach, gaining insights and recommendations to help organizations navigate and mitigate future risks.

もっと読む

アダプティブ・ディフェンスIoT、OT、企業環境の不可避な融合によるサイバーセキュリティの防御と管理の近代化

Introduction Much discussion has occurred in recent years concerning cybersecurity in and related to IOT and OT environments. Traditionally, these areas of concern have been largely kept separate from “corporate” or “enterprise” networks and environments due in large part — though not exclusively, to the sensitive operating nature of the environments where these technologies are and continue to be deployed. As a result, it is vital to take the time to learn both the similarities and differences between IOT and OT to understand best how to secure and defend them properly. Internet of Things (IoT) The more recent of the two, IoT, came about due to the Internet age. It […]

もっと読む
Netwitness at Black Hat Asia 2024

ブラックハットアジア2024初日

NetWitness is happy to be part of the NOC again for another global event by Black Hat in Singapore. The Black Hat Network Operations Center (NOC) delivers a secure, reliable network in one of the most challenging environments in the world. This is done with the support of top-notch solutions providers and experienced security and engineering teams led by Black Hat’s ’ respected NOC Team Leads. The team ensures the security, performance, and visibility of a world-class enterprise network. The NOC Team is always incredible and it’s a privilege to work with them. In the team we are joined by Arista, Cisco, Corelight, MyRepublic and Palo Alto Networks.   The […]
もっと読む

ネットワーク・セキュリティの未来を解き明かす:SASEとSSEの比較

Since cybersecurity is an ever-evolving field, staying abreast of cutting-edge technologies and frameworks is necessary for organizations aiming to strengthen their defenses against an array of threats. Two prominent paradigms that have emerged as game-changers in the realm of network security are Secure Access Service Edge (SASE) and Secure Service Edge (SSE). In this comprehensive exploration, we will take a look into the intricacies of these concepts, discerning their differences, and shedding light on how they shape the world of network security and performance. Then we will explore the implementation of SASE and SSE with NetWitness, exploring best practices, challenges, and the numerous benefits these approaches bring to the table. […]
もっと読む

NetWitnessでクラウド分析の威力を発揮

Within the realm of data management and cybersecurity, the integration of cloud analytics has become a transformative force for organizations looking to maximize the potential of their digital infrastructure. This era is marked by the rise of cloud analytics as a catalyst, empowering organizations to gain actionable insights from vast datasets. NetWitness, a standout player in this domain, transcends conventional analytics by providing unparalleled visibility, efficient incident response, and advanced threat detection in the dynamic realm of cloud computing. As organizations increasingly shift their data repositories to the cloud, the need for sophisticated analytics tools has never been more pronounced, making NetWitness an indispensable ally in navigating the complexities of […]
もっと読む

Black Hat USA 2023のNOCパートナーであるNetWitness

Behind the scenes at Black Hat USA 2023, Network Operations Center (NOC) partners watch and wait, scanning the event’s network for suspicious activity. But with over 20,000 cyber enthusiasts and professionals in attendance, protecting the network is no easy task. Every year, the NOC partners are selected by Black Hat to provide a high security, high availability network to users and protect that network from potential attacks. This year’s partners delivering from Las Vegas included Arista, Cisco, Corelight, Lumen, NetWitness, and Palo Alto Networks. Collaboration and integration were key to success in this dynamic environment, with leaders joining forces to share API (Automated Programming Interface) keys, documentation, and the unified […]
もっと読む

GigaOmのレーダーレポートがNetWitnessのNDRとSIEMソリューションを特集

A closer look at the features and strengths of our market-leading cybersecurity products.  Keeping pace with leading cybersecurity solutions and industry evaluations is essential—but it isn’t always easy. Fortunately, resources like the GigaOm Radar Report, which analyzes top-performing tools, can serve as an authoritative guide for IT professionals and decision-makers.  This year’s Radar Report includes NetWitness, spotlighting both our Network Detection and Response (NDR) and Security Information and Event Management (SIEM) products. Among vendors who offer both of these critical security technologies, these integrated and powerful offerings from NetWitness hold the strongest positions in the reports. Here, we’ll provide an overview of each product’s key attributes as outlined in GigaOm’s […]
もっと読む

セキュアアクセスサービスエッジ(SASE)の理解

Secure access service edge (SASE – pronounced “sassy”) is a modern architectural framework that combines network security and wide area networking (WAN) capabilities into a unified cloud-based service. It is designed to provide secure and optimized access to network resources for users, regardless of their location or the devices they use. Secure access service edge represents a shift from the traditional approach of backhauling network traffic to centralized data centers for security inspection. Instead, it adopts a cloud-native model where security services are delivered from the cloud and applied directly at the network edge, close to the user and the resources they are accessing. Acronyms to Know Before we get […]
もっと読む

秘密の保護:コード難読化技術の洞察

Once a threat actor gains access to a network or tricks a user into downloading a malicious attachment. The next step is to download their payload, this could be a toolset or malware. Code obfuscation has become an important step for threat actors to accomplish this task.  Whether it is a webshell, or a utility program code obfuscation is often utilized during part of the command execution phase.  In this post we are going to review a recently observed phishing attack where the threat actor delivered the remote access tool known as “asyncrat”   through several different variations of code obfuscation.  As we have all seen many many times the […]
もっと読む
SecOps efficiency with NetWitness Orchestrator

NetWitness OrchestratorでSecOpsを効率化する方法

Security operations (SecOps) teams are battling a complex and ever-evolving challenge: Keeping an organization secure against cyberattacks from faceless, remote users in a technologically advanced world. With the rise of threats, new technologies, and increasingly sophisticated scams, staying ahead of the bad guys is more important than ever. That’s where security orchestration, automation, and response (SOAR) platform comes in to make your SecOps team more effective against attacks. A security orchestration, automation, and response (SOAR) platform system automates what would be a manual process of identifying cyberattacks and making it easier to respond to those attacks. However, not all SOAR solutions are created equal. NetWitness Orchestrator, a security orchestration automation […]
もっと読む
people typing on laptops with cybersecurity locks and tech accents

ランサムウェアの標的としてのUSMSと法執行機関への広範な影響

  The mission of the U.S. Marshals Service (USMS) is “to enforce federal laws and provide support to virtually all elements of the federal justice system” through multiple disciplines. Its law enforcement (LE) focus, reach and scope make this week’s report of a recent cyberattack involving both ransomware and data exfiltration especially concerning. While this news is fresh, and the incident ongoing, it’s a good time for us all to reflect on why LE entities can be especially attractive targets to bad actors. As with all important things in life, it always pays off to understand motivations and incentives, and how they can drive behaviors and actions. Low-hanging fruit of […]
もっと読む

ハイブのテイクダウンに関する5つの考察

  The takedown of the Hive ransomware-as-a-service group has been in the news over the past week, and it’s good news indeed. Beyond the obvious benefits of disrupting this criminal enterprise, there are some other discrete takeaways which are particularly important to note. Cross-jurisdictional cooperation and coordination can be done, and done effectively. Any of us who have served on committees know about Parkinson’s Law, which correlates a group’s size to the amount of time needed to accomplish its goals: the bigger the group, the longer the time taken, even without a change in scope. The fact that this global law enforcement effort was a success is even more impressive […]
もっと読む

犠牲を払え:脅威となる行為者のコストを引き上げて抑止する方法

Introduction Many years ago, I spoke at a @suitsandspooks panel in Washington, D.C. with some of the cybersecurity industry’s best and brightest minds. One of the topics addressed was the concept of active defense strategy in the commercial (private sector) world versus the public world. In those days the idea of ‘hacking back’ against a hostile, adversarial threat actor or group was discussed frequently, with some organizations and their leaders taking a more vocal stance (in both public and private sectors). The panel was fantastic: Dmitri Alperovitch (CrowdStrike), Greg Hoglund, Jeff Carr, me, and moderated by Anup Ghosh. A smart group of guys all with strong opinions on the subject […]
もっと読む

UPDATE:ロシアとウクライナの紛争について我々が知っていることと、サイバーセキュリティ能力をどのように準備すべきか

UPDATED March 25, 2022: The Biden Administration released a statement on March 21 urging companies to strengthen their cybersecurity capabilities and protections in the face of potentially damaging cyber activity perpetrated by threat actors as part of the ongoing conflict. The Administration also urged organizations to execute a number of best practices for bolstering cyber defense capabilities. Additionally, the Cybersecurity & Infrastructure Security Agency (CISA) website’s Shields Up page is an excellent resource to help prepare for disruptive cyber incidents. The NetWitness Incident Response team is available to assist organizations with enacting these recommendations, as well as several other services, and does not require organizations to be existing NetWitness customers […]
もっと読む

あなたのコラボレーションツールはハッカーフレンドリー?

It’s back to the future. Companies and their employees are slowly returning to in-person work, with many organizations maintaining their hybrid workforce model. And this shift to remote work has resulted in an increasing reliance on web-based collaborative tools. In fact, a Gartner study found that usage of collaboration tools has nearly doubled over the last two years, going from 55% to 80% among workers. Many of these tools, such as Microsoft Teams, Slack, and Zoom, have been integral components of organizational productivity for years, but the change to a highly remote workforce has more deeply embedded these types of applications into business operating procedures. Realizing this opportunity, hackers and […]
もっと読む
blog post

GrifterでBlack Hat NOCの内部を覗く

In this interview, Neil Wyler, a.k.a. Grifter, talks about how he got involved with Black Hat more than 20 years ago, and how the event’s network operations center (NOC) has evolved in that time to take on today’s modern cybersecurity challenges.
もっと読む

検証可能なクレデンシャル:次のウェブにおける信頼の鍵

RSA once again secures the open web In 1994 the World Wide Web was at a crossroads. The technology that today we simply call “the web,” invented five years earlier by Tim Berners-Lee, was poised to become the de facto interface to the internet. Its document-based, human-centric, point-and-click model was wildly popular among the technologists of the day, and was beginning to see rapid uptake among the broader population of desktop software users. But something was missing: trust. Because the web was inherently open, any use case requiring trust between parties was impossible. All web traffic at that point traveled in clear text where it could be intercepted, and potentially […]
もっと読む
Visualization of IoT Edge

IoTエッジ・エコシステムの保護

IoT Edge architecture is emerging to tackle the explosion of Internet of Things (IoT) devices and systems. This open ecosystem approach enables contributions from many sources. RSA is doing its part to add security across the range of IoT Edge solutions.
もっと読む
インシデントレスポンスの運用

インシデントレスポンスの運用

Risk management, threat intelligence, and incident response come together in a sensible, practical, and operational detect and respond model to positively impact your cyber risk strategy. Staffing models (small and large), tools, and managed service providers can also be leveraged successfully.
もっと読む
もっと読む

業界の視点

製品とソリューション

デジタル世界の安全確保

サイバーセキュリティの言語

すべてのNetWitnessブログを検索 NetWitnessブログ ホーム