NetWitness Platform Features

Network Management (3)

Activity Monitoring: Documents the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.
Asset Management: Keeps records of each network asset and its activity. Discovers new assets accessing the network.
Log Management: Provides security information and stores the data in a secure repository for reference.

Event Management: Alerts users of incidents and allows users to intervene manually or triggers an automated response.
Automated Response: Reduces time spent remedying issues manually. Resolves common network security incidents quickly.
Incident Reporting: Documents cases of abnormal activity and compromised systems.

Threat Intelligence: Stores information related to common threats and how to resolve them once incidents occur.
Vulnerability Assessment: Analyzes your existing network and IT infrastructure to outline access points that can be easily compromised.
Advanced Analytics: Allows users to customize analytics with granulized metrics that are pertinent to your specific resources.
Data Examination: Allows users to search databases and incident logs to gain insights on vulnerabilities and incidents.

Continuous Analysis: Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.
Behavioral Analysis: Constantly monitors acivity related to user behavior and compares activity to benchmarked patterns and fraud indicators.
Data Context: Provide insights into why trends are occurring and what issues could be related.
Activity Logging: Monitors, records, and logs both real-time and post-event activity.
Incident Reporting: Produces reports detailing trends and vulnerabilities related to their network and infrastructur
Network Visibility: Provides all-encompassing display and analysis of environments, resources, traffic, and activity across networks.
Metadata Enrichment: Facilitates Artificial Intelligence (AI) such as Machine Learning (ML) to enable data ingestion, performance suggestions, and traffic analysis.
Metadata Management: Indexes metadata descriptions for easier searching and enhanced insight

Anomaly Detection: Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.
Incident Alerts: Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.
Activity Monitoring: Monitors the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.
Multi-Network Monitoring: Provides monitoring capabilities for multiple networks at once.
Asset Discovery: Detect new assets as they enter a network and add them to asset inventory.
Anomaly Detection: Constantly monitors activity related to user behavior and compares activity to benchmarked patterns

Workflow Mapping: Visually displays connected applications and integrated data. Allows customization and management of workflow structures.
Workflow Automation: Streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.
Automated Remediation: Reduces time spent remedying issues manually. Resolves common network security incidents quickly.
Log Monitoring: Constantly monitors logs to detect anomalies in real time.

Security Orchestration: Integrates additional security tools to automate security and incident response processes.
Data Collection: Collects information from multiple sources to cross reference and build contextual to correlate intelligence.
Threat Intelligence: Stores information related to common threats and how to resolve them once incidents occur.
Data Visualization: Offer pre-built and custom reporting and dashboards for quick insights into system states.

Alerting: Clearly notifies users with relevant information and anomalies in a timely manner.
Performance Baselin: Sets a standard performance baseline by which to compare log activity.
High Availability/Disaster Recovery: Allows platform to scale to size of desired environment and configured with high availability and disaster recovery capabilities.
Incident Alerts: Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.
Response Orchestration: Integrates additional security tools to automate security and incident response processes.
Response Automation: Reduces time spent remedying issues manually. Resolves common network security incidents quickly

Response Automation: Reduces time spent remedying issues manually. Resolves common network security incidents quickly.
Threat Hunting: Facilitates the proactive search for emerging threats as they target servers, endpoints, and networks.
Rule-Based Detection: Allows administrators to set rules specified to detect issues related to issues such as sensitive data misuse, system misconfiguration, lateral movement, and/or non-compliance.
Real-Time Detection: Constantly monitors system to detect anomalies in real time.

Extensibility: Allows for customized support for hybrid environments
Workflow Automation: Streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.
Unified Visibility: Provides all-encompassing display and analysis of environments, resources, traffic, and activity across networks.

Threat Intelligence: Stores information related to common threats and how to resolve them once incidents occur.
Artificial Intelligence & Machine Learning: Facilitates Artificial Intelligence (AI) such as Machine Learning (ML) to enable data ingestion, performance suggestions, and traffic analysis.
Data Collection: Collects information from multiple sources to cross reference and build contextual to correlate intelligence.