Upload
silviopappalardo
View
465
Download
0
Embed Size (px)
Citation preview
The Need for A New ApproAch
The top concern today for most security
organizations is how to combat advanced
and targeted malware. Nearly every
investigated case of data leakage, financial
loss, APT, or other network breach involves
some form of undetected malicious
executable (e.g., customizable commercial
malware or “designer malware”) that has
been used to maintain a foothold into
compromised networks. Obfuscation
techniques are evolving at an increasing
rate and traditional security tools cannot
keep up. The current threat environment
demands a fresh, agile approach to the
identification of malware.
NeTwiTNess specTrum™ – A revoluTioNAry ApproAch
Spectrum revolutionizes malware
identification, prioritization and workflow.
Built upon the award-winning NetWitness®
network monitoring platform, Spectrum
has the unique advantage of pervasive
enterprise-wide visibility and complete
knowledge of all network activity. Spectrum
identifies executable content wherever it
exists, and can answer any question about
the behavior of files within the full context of
your organization’s network. And because
Spectrum is able to consider the history of
your entire network’s interaction with each
threat vector on the Internet, and adjust the
levels of scrutiny accordingly, it’s like having
an HD video camera attached to every file
crossing the wire.
For each piece of executable content
found on the network, Spectrum will ask
thousands of questions concerning the file.
At a high level, Spectrum:
» Mimics the techniques of leading malware
analysts by asking thousands of questions
about a file and all of its related network
behavior, without requiring a signature or
a known “bad” action.
» Leverages NetWitness Live™ by fusing
and triangulating information from leading
threat intelligence and reputation services
to assess, score, and prioritize risks.
» Utilizes NetWitness NextGen’s
pervasive network monitoring
capability for full network visibility and
extraction of all content — executable
and metadata — across all protocols
and applications.
Zero-day and targeted malware is successfully compromising your network and
evading existing security technologies. Why? Modern malware is designed to behave
like legitimate traffic and communicate undetected. NetWitness developed Spectrum in
response to demand from security professionals for precise and pervasive identification
and prioritization of the broad range malware-related threats.
NetWitness
Spectrum™
» Inspects all network sessions, regardless of protocol, for suspicious activity or files. Detects and flags both suspicious network activity and files
» Imports a file or a session or a file and session to be processed
» Integrates bi-directionally with NetWitness Investigator™ and Visualize™ for in depth analysis
» Risk-based scoring methodology with all context behind a score exposed to help prioritize remediation efforts
» Leverages NetWitness Live* for list-based content and context, including NetWitness Profilers (indicators, parsers, reports and rules)
» Provides anonymous submission of files via Live to the security community for analysis, including white list/black lists, reputation services, dynamic/static analysis services and others
» Integrates with Identity via NetWitness Live to associate users with activity
» Integrates with both on-premise and cloud-based sandboxes
» Flexible Dashboard, Chart and Summary displays for a unified view
» Web-based user interface with multi-lingual support
» Supports SNMP, syslog, and SMTP data push for integration in SIEM
» Full role-based access controls
» Stand alone and NextGen-integrated product options available
FeatureS
NetWitness Corporation | 500 Grove Street, Suite 300 | Herndon, VA 20170 | T: 703.889.8950 | F: 703.651.3126 | [email protected]
» Provides transparency and improves
efficiency by delivering complete answers
to security professionals, including a
wealth of detailed supporting data,
such as: intelligence fusion, sandboxing,
correlation, and scoring options that are
designed for diverse environments and
rapidly evolving threats.
When combining these distinct analytic
and scoring methods with the unique
benefits obtained from pervasive visibility
into content and behavior, NetWitness
Spectrum provides an unmatched
capability to detect and identify zero-day,
targeted and advanced malware.
Spectrum offers the first analytical
workflow combined with a complete
rendering of network traffic for ubiquitous,
automated malware analysis, delivering
the most comprehensive identification,
investigation and risk-based prioritization
of malicious content activity directly into
the hands of security teams. Security
operations teams can effectively and
efficiently determine proactive remediation
efforts based on the most critical results.
NeTwiTNess SpectruM
AbouT NeTwiTNess
NetWitness® is a revolutionary network monitoring platform that provides enterprises a precise and actionable understanding of everything happening on the network. NetWitness solves a wide range of tough information security problems including: insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data leakage, and continuous monitoring of security controls. NetWitness customers include enterprises across the Global 1000 in financial services, power and energy, social media, telecommunications, retail, and high-tech, as well as government agencies around the world in defense, homeland security, law enforcement, and intelligence. To learn how your security team can Know Everything and Answer Anything, visit www.netwitness.com.
* NetWitness Live: Spectrum edition subscription is required.
appliaNce ModelS
sKu NWa200-N-32M NWa2400-N-64M
model 200 series 1200 series
processor dual intel Xeon e5620 Quad core, 2.4GHz
dual intel Xeon X5650 Hex core, 2.66GHz
rAm 32GB 64GB
interfaces (2) 100/1000 copper (6) 100/1000 copper
storage 8tB 24tB
power redundant Max 700W redundant Max 800W
form factor 1u, Half-depth 2u, Full-depth
maximum weight 45 lbs 65 lbs