The document discusses the NetWitness network security platform. It provides situational awareness and deep visibility into network activity to detect advanced threats. When deployed, NetWitness immediately provides insight into what is happening on a network through its NextGen platform. This platform records all network data, filters it, and organizes it into a searchable framework to enable analysis, reporting, and visualization of network traffic. It uses various components and applications to interrogate the data, detect anomalies, and gain intelligence about security issues.
With machines fighting machines and increasingly sophisticated human attackers, we are now entering a new era of cyber-threats. The battle is no longer at the perimeter but inside of our organizations, and no security team can keep up with its speed. Cyber-attackers are quickly becoming silent and stealthy, and cyber defense has turned into an arms race.
This new wave of cyber-threats has seen skilled attackers that may lie low for weeks or months. By the time they take definitive steps, their actions blend in with the everyday hum of network activity. These attacks call for a change in the way we protect our most critical assets.
With machines fighting machines and increasingly sophisticated human attackers, we are now entering a new era of cyber-threats. The battle is no longer at the perimeter but inside of our organizations, and no security team can keep up with its speed. Cyber-attackers are quickly becoming silent and stealthy, and cyber defense has turned into an arms race.
This new wave of cyber-threats has seen skilled attackers that may lie low for weeks or months. By the time they take definitive steps, their actions blend in with the everyday hum of network activity. These attacks call for a change in the way we protect our most critical assets.
Definition Micro segmentation: Micro segmentation is the process of making network security more flexible by using software defined policies. Learn more at.https://www.fieldengineer.com/blogs/what-is-micro-segmentation/
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
This session will focus on presenting a next generation defense in depth model and answer the question on many CISO’s minds - is it still relevant? A model of defense in depth will serve as a backdrop to introduce you to a wide range of solutions from across the cybersecurity-industrial complex that just may change how you view your defense in depth approach.
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
Executive Summary
No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider (explicitly or implicitly) up to hundreds of millions of branches of a complex attack tree modelling of cyberattacks interaction with cyber, physical, safety and protection equipment and processes. This paper was written to assist cyber professionals to understand and communicate the results of such risk assessments to non-technical business decision-makers.
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyberattacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.
Presentation by Ismael Valenzuela from Intel Security about ransomware and how enterprises can design their IR responses to mitigate ransomware threats.
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
Cloud Security Checklist and Planning Guide Summary Intel IT Center
A summary of the cloud security checklist and practical planning guide to help integrate security planning into cloud computing initiatives—from data center to endpoint devices. Includes encryption, infrastructure security, and trusted compute pools.
In this presentation Daniel Michaud-Soucy, Principal Threat Analyst at Dragos, will demonstrate three separate models in order to identify gaps in ICS security posture. First, threat modeling serves as an inward look as an ICS network defender in order to properly understand the environment, the threat actors, the impacts, the risks and the crown jewels pertaining to an industrial process. Second, the ICS cyber kill chain serves as an outward look at the steps an adversary needs to take in order to achieve their objectives. Third, the bowtie model allows a graphical representation of the threats to the environment as well as the protection, detection, and response controls that help secure it. In the end, the asset owner creates a holistic picture of the security controls in their network, pertaining to the threat actors they care about and allows identification of gaps in their strategy.
Visit www.dragos.com to learn more about the Dragos industrial cybersecurity platform for increased visibility of assets, threats and guided responses.
Definition Micro segmentation: Micro segmentation is the process of making network security more flexible by using software defined policies. Learn more at.https://www.fieldengineer.com/blogs/what-is-micro-segmentation/
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
This session will focus on presenting a next generation defense in depth model and answer the question on many CISO’s minds - is it still relevant? A model of defense in depth will serve as a backdrop to introduce you to a wide range of solutions from across the cybersecurity-industrial complex that just may change how you view your defense in depth approach.
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
Executive Summary
No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider (explicitly or implicitly) up to hundreds of millions of branches of a complex attack tree modelling of cyberattacks interaction with cyber, physical, safety and protection equipment and processes. This paper was written to assist cyber professionals to understand and communicate the results of such risk assessments to non-technical business decision-makers.
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyberattacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.
Presentation by Ismael Valenzuela from Intel Security about ransomware and how enterprises can design their IR responses to mitigate ransomware threats.
Cyber Security Layers - Defense in Depth
7P's, 2D's & 1 N
People
Process
Perimeter
Physical
Points (End)
Network
Platform
Programs (Apps)
Database
Data
Cloud Security Checklist and Planning Guide Summary Intel IT Center
A summary of the cloud security checklist and practical planning guide to help integrate security planning into cloud computing initiatives—from data center to endpoint devices. Includes encryption, infrastructure security, and trusted compute pools.
In this presentation Daniel Michaud-Soucy, Principal Threat Analyst at Dragos, will demonstrate three separate models in order to identify gaps in ICS security posture. First, threat modeling serves as an inward look as an ICS network defender in order to properly understand the environment, the threat actors, the impacts, the risks and the crown jewels pertaining to an industrial process. Second, the ICS cyber kill chain serves as an outward look at the steps an adversary needs to take in order to achieve their objectives. Third, the bowtie model allows a graphical representation of the threats to the environment as well as the protection, detection, and response controls that help secure it. In the end, the asset owner creates a holistic picture of the security controls in their network, pertaining to the threat actors they care about and allows identification of gaps in their strategy.
Visit www.dragos.com to learn more about the Dragos industrial cybersecurity platform for increased visibility of assets, threats and guided responses.
React Faster and Better: New Approaches for Advanced Incident ResponseSilvioPappalardo
It’s impossible to prevent everything (we see examples of this in the press every week), so you must be prepared to respond. The sad fact is that you will be breached. Maybe not today or tomorrow, but it will happen. So response is more important than any specific control. But it’s horrifying how unsophisticated most organizations are about response.
This is compounded by the reality of an evolving attack space, which means even if you do incident response well today, it won’t be good enough for tomorrow.
Check out some pictures of the Inns at Walla Faces! Next time you visit the Walla Walla area, be sure to book your stay at Walla Faces Inns for the most comfortable stay you'll have in Eastern Washington!
Everyone's talking about big data – getting our arms around it and putting it to work for us. This paper summarizes a panel discussion at the 2012 SAS Financial Services Executive Summit where industry leaders shared their ideas about big data and what their organizations are doing with it. Aditya Bhasin from Bank of America talked about how to extract more value from the data you already have, even if it's just a fraction of what's out there. Robert Kirkpatrick, who leads the UN Global Pulse initiative, talked about how data can help us better understand global economies and human welfare. Charles Thomas, a market research and analytics executive at USAA, described how his company is navigating the shift to more real-time and predictive analysis. Request the full whitepaper at: http://www.sas.com/reg/wp/corp/50060?&utm_source=NAFCUServices&utm_medium=landingpage&utm_campaign=SASwhitepaper82912. More info at: www.nafcu.org/sas
2012 Debit Issuer Study Key Findings: Despite New Regulation, Debit Continues...NAFCU Services Corporation
The 2012 Debit Issuer Study, commissioned by PULSE, a Discover Financial Services company, presents an impartial assessment of debit card issuer performance and perspectives across electronic payments. This year’s study is based on primary research with 57 credit unions and banks that collectively represent approximately 87 million debit cards and 47,000 ATMs. The data presented examines debit performance metrics and the impact of Regulation II. This webinar goes over the findings. For more info: www.nafcu.org/discover
How should policymakers respond to the new challenges and opportunities of ag...ILC- UK
Presentation by David Sinclair, Assistant Director of Policy and Communications at ILC-UK, at 'New perspectives on population ageing in Scotland', 4 November 2013 14.00-17.00 as part of the ESRC Festival of Social Science http://www.esrc.ac.uk/news-and-events/events/festival/festival-events/specific-2013/population-ageing.aspx
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
Top encryption tools like McAfee are popular among business users. McAfee provides full disk encryption for desktops, laptops, and servers. The algorithm uses Advanced Encryption Standard(AES) with 256-bit keys. McAfee AES is certified by US Federal Information Processing Standard. There is also ready integration of multi-layer authentication.
Cybersecurity threats are also evolving with advances in technology. As technology advances, so do the methods and techniques used by cybercriminals to breach security systems and steal sensitive information.
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
This webinar and presentation outlines the Infocyte HUNT threat detection and incident response platform, and how it enables state and local government organizations:
- Reduce risk across local, off-network, and cloud IT assets
- Expose and eliminate hidden cyber threats and vulnerabilities
- Streamline your overall security operations
- Achieve and maintain compliance
Using Infocyte, TIG can provide their customers with cost-effective, easy-to-manage, and on-demand cybersecurity consulting services (e.g. compromise assessments, incident response) and managed security services (e.g. managed detection and response).
Visit https://www.infocyte.com/ to learn more and request a demo, or request a cybersecurity risk assessment (Compromise Assessment) using the link below:
https://www.infocyte.com/free-compromise-assessment/
The Cloud and Mobility revolution, intensified by the quickly evolving threat landscape, heightens the
challenge for businesses to secure their IT infrastructure. Now they must fight security threats that target
their employees, applications, and other assets - not just on-premises, but throughout all of cyberspace.
At Seceon, Our team of dedicated security experts works around the clock to monitor your systems, providing real-time threat intelligence and rapid incident response whenever and wherever you need it. With Seceon-Inc by your side, you can rest assured that your business is protected at all times, day or night.
The session will be focusing how cloud-native security platform can continuously discovers workloads, identifies risk, and enforces security policies in any multi-cloud environment. Additionally it will also cover the Automated policy generation through agent-less security controls makes protecting data and applications the easiest thing to do in the cloud.
The Speaker of the session will be Dr. Ratinder Paul Singh Ahuja, Founder and Chief Research and Development Officer, Shield X, USA
Dr. Ratinder leads ShieldX and its mission as its central pivot point. Drawing from a career as a successful serial entrepreneur and corporate leader, he brings his unique blend of business acumen, industry network and deep technical knowledge.
At his previous start-ups, Internet Junction, Webstacks and Reconnex he served as Chief Technology Officer and Vice President of the Mobile and Network Security Business Units. His knowledge of innovation and emerging trends in networking, network security, and data-loss prevention are derived from years of industry experience. Dr. Ahuja holds a BS in Electronics & Electrical Engineering from Thapar University, in India, and a Masters and Ph.D. in Computer Engineering from Iowa State University. Dr. Ahuja has been granted 61 patents for security-based technologies, and has presented in many public forums, including the Content Protection Summit, IC3, IEEE Computer Society, McAfee FOCUS, and the Cloud Expo.
Ixia's Visibility Architecture is built on the industry’s most comprehensive network visibility product portfolio and includes network access solutions, network packet brokers, application and session visibility solutions, and an integrated management platform. The portfolio enables end-to-end visibility and security across physical and virtual networks. It helps companies speed application delivery and network trouble resolution, improve monitoring for network security, application performance, and service level agreement (SLA) fulfillment – as well as to meet compliance mandates. Ixia's Visibility Architecture simply delivers a new perspective on network visibility.
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Collin Miles
Fluency’s vision empowers decisions through a holistic view of the network, fusing the ability to monitor traffic with SIEM-like capability. Fluency provides clarity & measurable value by leveraging Big Data & Packet Monitoring to provide more information, not less; additionally Fluency is open & integrates with existing deployed security solutions protecting investments made while providing measurable, complementary value & an extremely quick ROI from the day implemented.
****Fluency In The Press:
- RSA Selected as 1 of 9 Most Innovative Security Products of 2015 (Only Breach Offering Selected) - 04/15
- CRN Selected #6 of the 10 Coolest Security Startups of 2015 - 07/15
- CRN Selected as 1 of the Top 25 Disrupters (Across all IT Disciplines) of 2015 - 08/15
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Climate Impact of Software Testing at Nordic Testing Days
NetWitness Overview
1.
2. AWARENESS
CONFIDENCE
ANSWERS
Today’s stark reality: the ongoing failure to detect and prevent network intrusions drives a
lucrative, global underground information economy supporting financial fraud, intellectual
property theft, exfiltration of national secrets, reconnaissance of critical infrastructures and
egregious violations of privacy. Despite ever-increasing investments in a variety of point
security products, the evidence clearly illustrates that the patience, methods and sophistication
of advanced threat actors render these technologies virtually blind.
When you deploy NetWitness, you immediately achieve “situational awareness” – the deepest
possible visibility into what is happening on your network at any time, and the most accurate
insight required to obtain answers to the toughest security questions and enable better risk
management and business decisions.
1
3. SECURITY RISKS ADDRESSED BY NETWITNESS
Detection of Advanced Threats: Focusing on rapidly Continuous Security Controls Monitoring:
evolving threats evading existing security technologies Evaluating the e cacy of security controls
» Botnets » Application and content monitoring
» Data exfiltration » Compliance verification
» Designer malware » Fraud identification
» Insider threats
» Zero-day attacks Operational Risk Reduction and Management:
Driving down exposure and enabling better management
Acceleration of Incident Response Processes:
Removing the guesswork and delivering answers » Exposure from broken business processes
» eDiscovery support
» Bridging gaps in existing technologies » Policy evasion
» Improving incident response workflow
» Determining incident scope
» Knowing precisely what data was compromised
4. NEXTGEN ™
PLATFORM
In order to achieve situational awareness across an entire enterprise, data pertaining to every
network session, communication, service, application and user is recorded and indexed for
analysis, trending and retrieval. The NetWitness NextGen network security monitoring platform
enables this capability through a distributed, highly scalable infrastructure with real-time
intelligence, analytics and visualization techniques.
NetWitness NextGen is the single core security platform that makes situational awareness
a reality through three core components: Decoder, Concentrator and Broker.
Unique to NextGen, the platform provides a superior way to organize recorded network tra c
into a framework of searchable data – the NextGen Metadata Framework. In the framework,
a lexicon of nouns, verbs, and adjectives contain the definitive network and application layer
content and context characteristics of your network tra c. Ultimately, the metadata becomes
the key to real-time alerting, reporting, and interaction with massive volumes of reconstructed
network sessions.
3
5. Decoder Concentrator Broker
A highly configurable network A key component for analytical Used in the most demanding
appliance that enables the real-time processing, Concentrator aggregates infrastructures, Broker is the top-
recording, filtering and analysis of and indexes metadata produced tier of the hierarchy providing a
all network data. Decoder converts by the Decoder(s) across multiple single point of access to all the
the masses of raw network tra c capture locations and stores it for NetWitness metadata and is
into searchable, usable information. analysis using Investigator, Informer, designed to operate and scale in
Multiple NetWitness Decoders may be Visualize and other applications. any network environment.
deployed, clustered and distributed on NetWitness Concentrators enable
a network to provide high availability, global synchronization of network
load balancing and maximize packet visibility, and o ers real-time, rapid
capture and processing. query and e ective situational
awareness by making the information
readily available enterprise-wide.
4
6. ANALYTICS
The interrogation, analysis and visualization of all the data captured by the NextGen
infrastructure and organized in the Metadata framework is facilitated by a suite of NetWitness
applications and analytics.
5
7. Informer on all session data within the NextGen Metadata Framework
which illuminates the invisible – advanced threats to business
An interactive and intuitive web-based dashboard for operations. It brings the Internet security community’s rapidly
generating reports and alerts, trending events and visualizing evolving intelligence to your environment in an automated
activity unseen with current monitoring technologies. Informer fashion. Live enables users to tailor their sources received
includes design features that enable users of any skill level and the Profilers used, and to employ their own intelligence
to easily personalize the dashboard and build custom alerts, according to their unique environment and threat profile.
queries, reports and rules. Informer is the “Automated Analyst.”
SIEMLink
Visualize
A utility application that seamlessly integrates with an existing
An extremely powerful visual rendering capability that enables web-based IDS/IPS or SIEM console to enable immediate
security teams to intuitively zoom in and out of collected access to NetWitness Investigator’s powerful analytics and
tra c, to quickly and e ciently scan through large volumes show irrefutable evidence of compromise and loss or refute
of objects, and to drill directly to key concerns that have false alarms.
transpired over the course of time.
SDK/API
Investigator
Free for rapid development of any conceivable analytical or
Used by tens of thousands of experts around the world, content-based applications.
Investigator provides unprecedented free-form contextual
analysis on massive volumes of information exposed by the WHY NETWITNESS?
NetWitness NextGen infrastructure. Users of Investigator
can easily perform interactive analyses of complex security The NetWitness NextGen core network security platform
problems and gather valuable network forensics to answer combines patented, proven infrastructure technology and
questions quickly and with certainty. the most advanced analytics in the industry to o er an
organization a unique ability to solve complex security
Live problems, attain clarity and definitive answers, and directly
leverage the collective intelligence of the worldwide security
NetWitness Live directly leverages the intelligence of the community. NetWitness is designed to operate as the core
worldwide security community by codifying multiple threat network monitoring platform because it is the only solution on
intelligence feeds (commercial, open source, private and the market today providing the agility and scalability required
research), validated NetWitness Profilers, user identities, and to e ectively adapt and confront the evolving threat landscape
policy and compliance reports to cast unique perspectives and an organization’s risk management objectives.
6
8. 10700 Parkridge Boulevard, 6th Floor | Reston, VA 20191
T: 703.889.8950 | F: 703.651.3126 | sales@netwitness.com Learn more at netwitness.com