1

Today’s stark reality: the ongoing failure to detect and prevent network intrusions drives a lucrative, global underground information economy supporting financial fraud, intellectual property theft, exfiltration of national secrets, reconnaissance of critical infrastructures and egregious violations of privacy. Despite ever-increasing investments in a variety of point security products, the evidence clearly illustrates that the patience, methods and sophistication of advanced threat actors render these technologies virtually blind.

When you deploy NetWitness, you immediately achieve “situational awareness” – the deepest possible visibility into what is happening on your network at any time, and the most accurate insight required to obtain answers to the toughest security questions and enable better risk management and business decisions.

AWARENESS CONFIDENCE ANSWERS

Detection of Advanced Threats: Focusing on rapidly evolving threats evading existing security technologies

» Botnets » Data exfiltration » Designer malware » Insider threats » Zero-day attacks

Acceleration of Incident Response Processes: Removing the guesswork and delivering answers

» Bridging gaps in existing technologies » Improving incident response workflow » Determining incident scope » Knowing precisely what data was compromised

Continuous Security Controls Monitoring: Evaluating the e!cacy of security controls

» Application and content monitoring » Compliance verification » Fraud identification

Operational Risk Reduction and Management: Driving down exposure and enabling better management

» Exposure from broken business processes » eDiscovery support » Policy evasion

SECURITY RISKS ADDRESSED BY NETWITNESS

3

NEXTGEN™ PLATFORMIn order to achieve situational awareness across an entire enterprise, data pertaining to every network session, communication, service, application and user is recorded and indexed for analysis, trending and retrieval. The NetWitness NextGen network security monitoring platform enables this capability through a distributed, highly scalable infrastructure with real-time intelligence, analytics and visualization techniques.

NetWitness NextGen is the single core security platform that makes situational awareness a reality through three core components: Decoder, Concentrator and Broker.

Unique to NextGen, the platform provides a superior way to organize recorded network tra!c into a framework of searchable data – the NextGen Metadata Framework. In the framework, a lexicon of nouns, verbs, and adjectives contain the definitive network and application layer content and context characteristics of your network tra!c. Ultimately, the metadata becomes the key to real-time alerting, reporting, and interaction with massive volumes of reconstructed network sessions.

4

Decoder

A highly configurable network appliance that enables the real-time recording, filtering and analysis of all network data. Decoder converts the masses of raw network tra!c into searchable, usable information. Multiple NetWitness Decoders may be deployed, clustered and distributed on a network to provide high availability, load balancing and maximize packet capture and processing.

Concentrator

A key component for analytical processing, Concentrator aggregates and indexes metadata produced by the Decoder(s) across multiple capture locations and stores it for analysis using Investigator, Informer, Visualize and other applications. NetWitness Concentrators enable global synchronization of network visibility, and o"ers real-time, rapid query and e"ective situational awareness by making the information readily available enterprise-wide.

Broker

Used in the most demanding infrastructures, Broker is the top-tier of the hierarchy providing a single point of access to all the NetWitness metadata and is designed to operate and scale in any network environment.

5

ANALYTICSThe interrogation, analysis and visualization of all the data captured by the NextGen infrastructure and organized in the Metadata framework is facilitated by a suite of NetWitness applications and analytics.

6

Informer

An interactive and intuitive web-based dashboard for generating reports and alerts, trending events and visualizing activity unseen with current monitoring technologies. Informer includes design features that enable users of any skill level to easily personalize the dashboard and build custom alerts, queries, reports and rules. Informer is the “Automated Analyst.”

Visualize

An extremely powerful visual rendering capability that enables security teams to intuitively zoom in and out of collected tra!c, to quickly and e!ciently scan through large volumes of objects, and to drill directly to key concerns that have transpired over the course of time.

Investigator

Used by tens of thousands of experts around the world, Investigator provides unprecedented free-form contextual analysis on massive volumes of information exposed by the NetWitness NextGen infrastructure. Users of Investigator can easily perform interactive analyses of complex security problems and gather valuable network forensics to answer questions quickly and with certainty.

Live

NetWitness Live directly leverages the intelligence of the worldwide security community by codifying multiple threat intelligence feeds (commercial, open source, private and research), validated NetWitness Profilers, user identities, and policy and compliance reports to cast unique perspectives

on all session data within the NextGen Metadata Framework which illuminates the invisible – advanced threats to business operations. It brings the Internet security community’s rapidly evolving intelligence to your environment in an automated fashion. Live enables users to tailor their sources received and the Profilers used, and to employ their own intelligence according to their unique environment and threat profile.

SIEMLink

A utility application that seamlessly integrates with an existing web-based IDS/IPS or SIEM console to enable immediate access to NetWitness Investigator’s powerful analytics and show irrefutable evidence of compromise and loss or refute false alarms.

SDK/API

Free for rapid development of any conceivable analytical or content-based applications.

WHY NETWITNESS?

The NetWitness NextGen core network security platform combines patented, proven infrastructure technology and the most advanced analytics in the industry to o"er an organization a unique ability to solve complex security problems, attain clarity and definitive answers, and directly leverage the collective intelligence of the worldwide security community. NetWitness is designed to operate as the core network monitoring platform because it is the only solution on the market today providing the agility and scalability required to e"ectively adapt and confront the evolving threat landscape and an organization’s risk management objectives.

10700 Parkridge Boulevard, 6th Floor | Reston, VA 20191 T: 703.889.8950 | F: 703.651.3126 | sales@netwitness.com Learn more at netwitness.com