RSA NETWITNESS FOR LOGS

Seamless fusion of log and full packet data

Data Sheet

THE NEED TO IMPROVE ADVANCED THREAT DISCOVERY AND REMEDIATION

Organizations are wrestling with the need to access and use a variety of data sources

both to reduce the risk of advanced threats and to prove compliance. Log management

and SIEM systems are important elements of incident and threat management processes,

but have been constrained by a lack of a common lexicon, scalability, and agility to adapt

to the ever-changing threat landscape.

RSA NETWITNESS FOR LOGS – UNIFIES LOG DATA WITH PERVASIVE NETWORK MONITORING

RSA NetWitness® for Logs delivers an innovative fusion of hundreds of log data sources

with external threat intelligence to enterprises enabling extraordinarily broad and high-

speed visibility into the critical information needed to help detect targeted, dynamic and

stealthy attack techniques. NetWitness for Logs enables comprehensive security event

collection as an integrated component of the award-winning NetWitness platform. The

solution offers correlation and analysis of the large volumes of network and system data

needed for effective threat detection.

Benefits

– Heightened visibility of threats

within a single product

– Correlates log data with real-time

analysis and threat intelligence

to enable improved tracking of

advanced and emerging threats

– Respond more rapidly and

effectively to incidents by quickly

determining context around a

specific event

– Focus limited resources on

highest-risk issues

Today’s security threats are dynamic, multi-faceted and highly sophisticated attacks oftentimes

executed over long periods of time. in order to defend against these challenges, security analysts

and iT professionals require continuous and pervasive visibility into their entire application, plat-

form, and network infrastructures for rapid detection and response.

100% Visibility with Reconstruction Session ID Log Tracking New Alerts Automated Reporting

Investigator Informer

EMC2, EMC, the EMC logo, RSA, NetWitness, and the RSA logo are registered trademarks or trademarks of EMC

Corporation in the United States and other countries. All other products or services mentioned are trademarks of their

respective companies. © Copyright 2012 EMC Corporation. All rights reserved. Published in the USA.

h9085 netlog ds 0412www.rsa.com

ABOUT RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and

compliance management solutions for business acceleration. RSA helps the world’s

leading organizations solve their most complex and sensitive security challenges.

These challenges include managing organizational risk, safeguarding mobile access

and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key

management, SIEM, data loss prevention, continuous network monitoring, and fraud

protection with industry leading eGRC capabilities and robust consulting services,

RSA brings visibility and trust to millions of user identities, the transactions that they

perform and the data that is generated. For more information, please visit www.RSA.

com and www.EMC.com.

RSA NetWitness for Logs may be deployed in three ways:

– As an extension to existing NetWitness deployments to combine the diverse information

contained in log files with the deep content of full traffic capture

– Alongside the RSA enVision® solution for powerful security analytics across the volumes

of log data collected by enVision

– As a standalone log analytics module that can compliment other third-party SIEM tools

NetWitness for Logs leverages RSA enVision event source knowledge and reporting while

augmenting the back-end infrastructure with NetWitness’ scalable architecture. When

combined with an existing RSA NetWitness network monitoring deployment, complete

visibility into network traffic and enterprise logs is provided in a single, scalable system—

no other security provider delivers this today. By combining these network and log

security insights into a reusable and normalized data framework, security analysts can

achieve the situational awareness required to rapidly and effectively respond to

advanced threats. NetWitness for Logs provides a basis for a single, intuitive SIEM user

interface presenting an unprecedented view of organizational activity across even more

of the IT infrastructure.

Features

– Interactive data-driven analysis of

over 150 different log formats

– Highly scalable sensor and

database architecture

– Integrated within NetWitness

Investigator and Informer:

•Correlatelogeventsinreal-time

through free-form contextual

analysis

•Enablesthecombinedviewof

log and raw network packet

data previously unavailable in a

single product

•Displayreportingandalertingof

log data

•Rapidlybuildmulti-layered

reports for distribution to

security teams and

management

– Drives the discovery of known

attacks through the fusion of

threat intelligence from RSA

NetWitness Live–the threat

intelligence delivery system

– High speed connector from the

RSA enVision solution to

NetWitness for Logs enables

richer data feeds and in-depth

analysis

– Out-of-the-box support for over

100 compliance and security

related reports

– Customizable device type

language (enVision content 2.0)

System Requirements

– Microsoft Windows® XP, 2003

Server, Vista, Windows 7

– Internet Explorer® 6+ or Firefox

– 1 Ethernet Port

– RSA NetWitness Investigator &

capture infrastructure