NetWitness 12.5 Platform Overview and Demo

NetWitness

23 Jul 202519:59

Summary

TLDRNetWitness is a comprehensive threat detection, investigation, and response platform designed for security-conscious organizations. Offering unparalleled visibility, contextualization, and automated insights, it helps security teams tackle complex attacks. The platform integrates network, log, and endpoint data, delivering real-time analytics and correlations. With a history dating back to 1997, NetWitness has evolved to include cloud-based services, SIM, and endpoint behavior analytics. Its open architecture, combined with robust threat intelligence and advanced response actions, provides a unified solution. Trusted by top companies globally, it boasts a 99% retention rate and an industry-leading customer satisfaction rate.

Takeaways

😀 NetWitness is a comprehensive, flexible, and unified threat detection, investigation, and response platform used by the largest and most security-conscious organizations.
😀 The platform was developed from a 1997 government intelligence project focused on deep packet inspection to detect threats within network traffic.
😀 NetWitness has evolved over time, integrating features like SIM, endpoint detection, user entity behavior analytics, SOAR, and cloud services.
😀 The platform operates with an open architecture, ingesting and parsing data from various sources (network, logs, endpoints) and enriching it at ingestion time for fast correlation.
😀 The NetWitness engine performs analytics, correlations, and data enrichment to aid analysts in investigation, forensics, and automating response actions.
😀 Threat intelligence is a core feature, with a dedicated team (Firstwatch) helping to identify emerging threats, supported by a robust incident response team with extensive experience.
😀 The platform offers seamless integration with SASE (Secure Access Service Edge) technologies to address blind spots in security visibility within cloud environments.
😀 NetWitness supports a wide range of customers globally, with high customer satisfaction (97%) and a strong track record of customer retention (over five years on average).
😀 NetWitness has been recognized as a leader in both Network Detection and Response (NDR) and Security Information and Event Management (SIEM) by independent analysts like Gigaom.
😀 The platform’s demo features user-friendly interfaces with customizable dashboards, helping analysts monitor threats and incidents, and provide in-depth forensic insights on detected threats.
😀 The platform enables rich searches using metadata and provides a robust query language for analysts, with the ability to act on findings through various response actions such as isolation, monitoring, and alerting.

Q & A

What is the primary offering of NetWitness?
-NetWitness provides a comprehensive, flexible, and unified threat detection, investigation, and response platform designed to deliver unparalleled visibility, robust contextualization, and automated, actionable insights for security teams to tackle complex and sophisticated attacks.
When was NetWitness founded, and what was its original purpose?
-NetWitness was founded in 1997 as a government intelligence agency project aimed at pioneering deep packet inspection to detect threats and intrusions within network traffic.
How has NetWitness evolved since its inception?
-NetWitness has expanded its capabilities by integrating SIEM (Security Information and Event Management), endpoint user entity behavior analytics, SOAR (Security Orchestration, Automation, and Response), and moved many products to the cloud, including SASE (Secure Access Service Edge) integrations.
What is the significance of NetWitness's open platform architecture?
-The open platform architecture allows NetWitness to process diverse data types (network, log, endpoint, and SASE data), enabling seamless ingestion, parsing, enrichment, indexing, and correlation of data across various sources, facilitating effective analysis and response.
What role does threat intelligence play in NetWitness?
-Threat intelligence in NetWitness helps detect known exploits by identifying patterns that match threats. The company's threat intelligence organization, Firstwatch, continuously defines and investigates emerging threats and adversaries to bolster the platform’s security capabilities.
How does NetWitness handle cloud security, particularly with SASE integrations?
-NetWitness addresses the potential blind spot introduced by SASE by forming partnerships with leading companies to ensure visibility into unencrypted packets in the cloud, enabling effective threat detection without the need to backhaul all traffic to a central data center.
What is the scope of NetWitness's global presence?
-NetWitness operates globally with sales teams across six continents, resellers in 60 countries, and a support system that follows the sun, ensuring comprehensive coverage and support for customers worldwide.
What are some key performance metrics that NetWitness boasts?
-NetWitness has over 600 customers globally, a 99% net retention rate, and 35 of the Fortune 100 companies as clients. The company also maintains a 97% customer satisfaction rate and a long average customer tenure of over five years.
What type of validation has NetWitness received from third-party analysts?
-NetWitness has been recognized as a leader in Network Detection and Response (NDR) and was named a fast mover in Security Information Event Management (SIEM) by GigaOm, highlighting the effectiveness and quality of its products in real-time detection capabilities.
How does the NetWitness platform support incident response?
-The NetWitness platform offers a comprehensive response workflow where analysts can drill down into incident details, use machine learning to correlate events, and take automated actions like isolating assets or triggering third-party tools for further investigation or containment.