The document discusses the NetWitness network security platform. It provides situational awareness and deep visibility into network activity to detect advanced threats. When deployed, NetWitness immediately provides insight into what is happening on a network through its NextGen platform. This platform records all network data, filters it, and organizes it into a searchable framework to enable analysis, reporting, and visualization of network traffic. It uses various components and applications to interrogate the data, detect anomalies, and gain intelligence about security issues.

2. AWARENESS
CONFIDENCE
ANSWERS
Today’s stark reality: the ongoing failure to detect and prevent network intrusions drives a
lucrative, global underground information economy supporting financial fraud, intellectual
property theft, exfiltration of national secrets, reconnaissance of critical infrastructures and
egregious violations of privacy. Despite ever-increasing investments in a variety of point
security products, the evidence clearly illustrates that the patience, methods and sophistication
of advanced threat actors render these technologies virtually blind.
When you deploy NetWitness, you immediately achieve “situational awareness” – the deepest
possible visibility into what is happening on your network at any time, and the most accurate
insight required to obtain answers to the toughest security questions and enable better risk
management and business decisions.
1

3. SECURITY RISKS ADDRESSED BY NETWITNESS
Detection of Advanced Threats: Focusing on rapidly Continuous Security Controls Monitoring:
evolving threats evading existing security technologies Evaluating the e cacy of security controls
» Botnets » Application and content monitoring
» Data exfiltration » Compliance verification
» Designer malware » Fraud identification
» Insider threats
» Zero-day attacks Operational Risk Reduction and Management:
Driving down exposure and enabling better management
Acceleration of Incident Response Processes:
Removing the guesswork and delivering answers » Exposure from broken business processes
» eDiscovery support
» Bridging gaps in existing technologies » Policy evasion
» Improving incident response workflow
» Determining incident scope
» Knowing precisely what data was compromised

4. NEXTGEN ™
PLATFORM
In order to achieve situational awareness across an entire enterprise, data pertaining to every
network session, communication, service, application and user is recorded and indexed for
analysis, trending and retrieval. The NetWitness NextGen network security monitoring platform
enables this capability through a distributed, highly scalable infrastructure with real-time
intelligence, analytics and visualization techniques.
NetWitness NextGen is the single core security platform that makes situational awareness
a reality through three core components: Decoder, Concentrator and Broker.
Unique to NextGen, the platform provides a superior way to organize recorded network tra c
into a framework of searchable data – the NextGen Metadata Framework. In the framework,
a lexicon of nouns, verbs, and adjectives contain the definitive network and application layer
content and context characteristics of your network tra c. Ultimately, the metadata becomes
the key to real-time alerting, reporting, and interaction with massive volumes of reconstructed
network sessions.
3

5. Decoder Concentrator Broker
A highly configurable network A key component for analytical Used in the most demanding
appliance that enables the real-time processing, Concentrator aggregates infrastructures, Broker is the top-
recording, filtering and analysis of and indexes metadata produced tier of the hierarchy providing a
all network data. Decoder converts by the Decoder(s) across multiple single point of access to all the
the masses of raw network tra c capture locations and stores it for NetWitness metadata and is
into searchable, usable information. analysis using Investigator, Informer, designed to operate and scale in
Multiple NetWitness Decoders may be Visualize and other applications. any network environment.
deployed, clustered and distributed on NetWitness Concentrators enable
a network to provide high availability, global synchronization of network
load balancing and maximize packet visibility, and o ers real-time, rapid
capture and processing. query and e ective situational
awareness by making the information
readily available enterprise-wide.
4

6. ANALYTICS
The interrogation, analysis and visualization of all the data captured by the NextGen
infrastructure and organized in the Metadata framework is facilitated by a suite of NetWitness
applications and analytics.
5

7. Informer on all session data within the NextGen Metadata Framework
which illuminates the invisible – advanced threats to business
An interactive and intuitive web-based dashboard for operations. It brings the Internet security community’s rapidly
generating reports and alerts, trending events and visualizing evolving intelligence to your environment in an automated
activity unseen with current monitoring technologies. Informer fashion. Live enables users to tailor their sources received
includes design features that enable users of any skill level and the Profilers used, and to employ their own intelligence
to easily personalize the dashboard and build custom alerts, according to their unique environment and threat profile.
queries, reports and rules. Informer is the “Automated Analyst.”
SIEMLink
Visualize
A utility application that seamlessly integrates with an existing
An extremely powerful visual rendering capability that enables web-based IDS/IPS or SIEM console to enable immediate
security teams to intuitively zoom in and out of collected access to NetWitness Investigator’s powerful analytics and
tra c, to quickly and e ciently scan through large volumes show irrefutable evidence of compromise and loss or refute
of objects, and to drill directly to key concerns that have false alarms.
transpired over the course of time.
SDK/API
Investigator
Free for rapid development of any conceivable analytical or
Used by tens of thousands of experts around the world, content-based applications.
Investigator provides unprecedented free-form contextual
analysis on massive volumes of information exposed by the WHY NETWITNESS?
NetWitness NextGen infrastructure. Users of Investigator
can easily perform interactive analyses of complex security The NetWitness NextGen core network security platform
problems and gather valuable network forensics to answer combines patented, proven infrastructure technology and
questions quickly and with certainty. the most advanced analytics in the industry to o er an
organization a unique ability to solve complex security
Live problems, attain clarity and definitive answers, and directly
leverage the collective intelligence of the worldwide security
NetWitness Live directly leverages the intelligence of the community. NetWitness is designed to operate as the core
worldwide security community by codifying multiple threat network monitoring platform because it is the only solution on
intelligence feeds (commercial, open source, private and the market today providing the agility and scalability required
research), validated NetWitness Profilers, user identities, and to e ectively adapt and confront the evolving threat landscape
policy and compliance reports to cast unique perspectives and an organization’s risk management objectives.
6

8. 10700 Parkridge Boulevard, 6th Floor | Reston, VA 20191
T: 703.889.8950 | F: 703.651.3126 | sales@netwitness.com Learn more at netwitness.com