It's a log management solution where we have logs from different sources, like network devices, firewalls, load balancers, IT, application servers, and database servers. We also use it for compliance and governance. Our cyber security team uses it to monitor malicious activity across our IT infrastructure.
Information Technology Security Consultant at Sify Technologies
Real User
2022-05-30T15:22:00Z
May 30, 2022
We provide NetWitness along with Archer, and multiple sites. We are managing their security operations using this other station and Archer. A collector can work in two different ways. It can collect the logs, and it can aggregate the traffic tools from different net flow logs. When I saying "logs," I mean a log collector and when I say "packet," that means the packet or log connector.
I'm primarily using the solution on my client's site. This is a log event management tool. We are integrating this solution for the clients where it is required. Mostly we work with OEMs such as IBM, RSA, Splunk, and Micro Focus. With the help of these tools, you can identify any attacks or phishing activity in your network. Most of the time you are able to identify these types of attacks or activity on your firewall. When the firewall will notify the SIEM tools, it will identify which needs to be acted on immediately - unlike when you are using automation tools. With the help of automated tools, you can block those suspicious IPS or you can hand it over back to your security analyst or analyst team to take action ASAP.
Product Manager at a tech services company with 11-50 employees
Reseller
Top 5
2021-06-02T19:36:43Z
Jun 2, 2021
The customer that we work with uses it to gather logs from all the devices in their enterprise so that they have that single point of visibility into trace information in the environment.
Cyber security Lead at a manufacturing company with 1,001-5,000 employees
Real User
2021-05-19T19:23:40Z
May 19, 2021
The RSA Netwitness packet plays a major role in identifying cyber attacks from different sources. We integrated in a very large environment, deploying it in a container corporation in India. The company has around 86 locations across the country. Another use case of RSA is for running full scans and the third use case is for blocking malware and viruses. Nowadays, people hide behind encaptured networks and use proxies to look through the door. Then they'll try to come in.
We are a solution provider and RSA NetWitness is one of the products that we implement for our clients. We also use it ourselves, They primarily use it for threat protection.
Information Securuty Analyst at a tech services company with 11-50 employees
Real User
2020-03-19T13:00:53Z
Mar 19, 2020
I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years. We are also using it to facilitate monitoring and research.
The RSA NetWitness Logs and Packets solution was set up as part of the SOC. It is set up on two sides. One is for the Data Center (DC) side, and the other is for the Disaster Recovery (DR) side.
Senior Cyber Security Specialist at HCL Technologies
Real User
2020-01-09T06:15:00Z
Jan 9, 2020
We are a service providing company and this is one of the products that we implement for our clients. The RSA NetWitness Logs and Packets solution is used for Event Stream Analysis (ESA), and we implement use cases based on our customers' needs. For example, suppose the security device is a Palo Alto device then at the policy level, we implement the use cases. These might be things like phishing attacks or a botnet. Most companies follow the GDPR regulations for compliance. We have RSA NetWitness implemented in virtual appliances.
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Real User
2019-08-25T05:17:00Z
Aug 25, 2019
We use the on-premise deployment model of this solution. Our primary use case of this solution is for malware detection and for reconstruction during the incident and forensic analysis.
NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.
I use the solution in my company for packets mainly and log analytics.
It is an SIEM solution used regularly as a part of the SOC to collect data from all the security environments in my company.
We use the solution for incident management. We are working on making the incident workflow smarter. So, the solution helps us there.
We have been using the RSA SIEM with the NetWitness Platform for a long time.
It's a log management solution where we have logs from different sources, like network devices, firewalls, load balancers, IT, application servers, and database servers. We also use it for compliance and governance. Our cyber security team uses it to monitor malicious activity across our IT infrastructure.
We provide NetWitness along with Archer, and multiple sites. We are managing their security operations using this other station and Archer. A collector can work in two different ways. It can collect the logs, and it can aggregate the traffic tools from different net flow logs. When I saying "logs," I mean a log collector and when I say "packet," that means the packet or log connector.
This solution is deployed on-premise.
Generally, we use the solution for network forensics. It allows us to do visual data detection and prevention.
I'm primarily using the solution on my client's site. This is a log event management tool. We are integrating this solution for the clients where it is required. Mostly we work with OEMs such as IBM, RSA, Splunk, and Micro Focus. With the help of these tools, you can identify any attacks or phishing activity in your network. Most of the time you are able to identify these types of attacks or activity on your firewall. When the firewall will notify the SIEM tools, it will identify which needs to be acted on immediately - unlike when you are using automation tools. With the help of automated tools, you can block those suspicious IPS or you can hand it over back to your security analyst or analyst team to take action ASAP.
The customer that we work with uses it to gather logs from all the devices in their enterprise so that they have that single point of visibility into trace information in the environment.
The RSA Netwitness packet plays a major role in identifying cyber attacks from different sources. We integrated in a very large environment, deploying it in a container corporation in India. The company has around 86 locations across the country. Another use case of RSA is for running full scans and the third use case is for blocking malware and viruses. Nowadays, people hide behind encaptured networks and use proxies to look through the door. Then they'll try to come in.
We are using this solution for security.
The primary use case of this solution is for security. We use the UEBA tool.
We are a solution provider and RSA NetWitness is one of the products that we implement for our clients. We also use it ourselves, They primarily use it for threat protection.
Our primary use case is real-time threat prediction so that we can minimize the person-hours of IT security analysts.
I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years. We are also using it to facilitate monitoring and research.
The RSA NetWitness Logs and Packets solution was set up as part of the SOC. It is set up on two sides. One is for the Data Center (DC) side, and the other is for the Disaster Recovery (DR) side.
Our customers are enterprise-level businesses.
We are a service providing company and this is one of the products that we implement for our clients. The RSA NetWitness Logs and Packets solution is used for Event Stream Analysis (ESA), and we implement use cases based on our customers' needs. For example, suppose the security device is a Palo Alto device then at the policy level, we implement the use cases. These might be things like phishing attacks or a botnet. Most companies follow the GDPR regulations for compliance. We have RSA NetWitness implemented in virtual appliances.
We use the on-premise deployment model of this solution. Our primary use case of this solution is for malware detection and for reconstruction during the incident and forensic analysis.
We are no longer using this solution, however, it was used mostly for network monitoring.
We don't have a primary use case. There are many use cases that we have defined based on business needs.
Our primary use case is for the administration of the internal network.
Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.
We use it as a network tool to alert any anomalies on the network.