One of the important things to know about the NetWitness Platform is that it’s not just a software product, and never has been.Since its beginnings as a US Intelligence research project, NetWitness has been used in real-world incidents by our Incident Response (IR) services team.NetWitness IR conducts a number of cyber defense services including a rapid response service for breaches and attacks, virtually (and sometimes physically) parachuting in when an incident is discovered to perform forensics and remediation, and to evict the attacker from the environment.
Unlike many competitive security tool vendors, NetWitness IR works side-by-side with our customers in these real-life situations, always informing our NetWitness product direction and research activities. Experiencing what customers experience sustains a direct line between the ever-evolving cybersecurity environment and the products we build to provide defense.
Engaging in the battle has helped us build some of the industry’s most powerful and effective security tools which are deployed by the world’s largest and most security-conscious companies, organizations, and agencies.
But NetWitness IR services aren’t just for NetWitness customers. Our team of highly-skilled threat hunters is experienced in working with all popular security tools, while often bringing in NetWitness tools for rapid discovery and response. For example, NetWitness Network provides deep packet inspection and incident reconstruction, while NetWitness Endpoint, our optimized lightweight agent for threat hunting, can be used to quickly identify exploits and rogue processes throughout your infrastructure.
Here are some of the cybersecurity services offered by NetWitness IR:
- Incident Discovery– The incident response team uses NetWitness Network and NetWitness Endpoint to proactively uncover potentially malicious activity. Deliverables include specific remediation activities for each threat identified.
- Incident Response Jumpstart – Optimizes investments in the NetWitness Platform by working hand-in-hand with the incident response team to conduct cyber threat detection and analysis.
- Incident Response Rapid Deploy – To minimize damage from a breach, NetWitness IR leverages deep experience investigating and responding to the most sophisticated cyberattacks—quickly identifying and mitigating attacks, and limiting damage.
- Incident Response Retainer – A proactive security step like cyberinsurance, an IR retainer assures rapid access to top-tier security analysts from the IR team who will help reduce the dwell time of attackers and mitigate the impact of an incident.
- Controlled Attack and Response Exercise – NetWitness IR will conduct a comprehensive assessment of your organization’s capabilities to respond to a real-world attack scenario and provide concrete recommendations on how to improve them.
- Ransomware Defense Cloud Services – This new ransomware protection and response preparedness service applies detection intelligence from in-depth ransomware research and development, combined with experienced threat hunting from the IR team, to defend against ransomware and respond quickly if it hits.
In the never-ending struggle against cyberattacks, NetWitness IR is like having a world-class security team on call. They can help rapidly build security skills within your organization, and take the controls when attackers strike.