NetWitness Network is a cybersecurity solution designed to detect and respond to network threats. According to the vendor, it provides real-time visibility into an organization's IT infrastructure, making it suitable for businesses of various sizes. This product is utilized by cybersecurity professionals, IT administrators, security operations centers (SOCs), network administrators, and financial institutions to enhance network security and protect against emerging threats.
Key Features
Comprehensive Threat Detection: According to the vendor, NetWitness Network offers full-packet capture, metadata, and netflow capabilities to detect and monitor emerging, targeted, and unknown threats as they traverse the network.
Enriched Log Data: The vendor claims that NetWitness Network enriches log data with threat intelligence and contextual information, helping to identify high-priority threats and reduce false positives.
Pervasive Visibility: According to the vendor, NetWitness Network provides a centralized platform for managing and monitoring network traffic, making it easier to handle large volumes of data and facilitating the administration and analysis of data across the entire IT environment.
Accelerated Threat Detection and Response: The vendor states that NetWitness Network offers immediate, deep network visibility required to accelerate network threat detection, investigation, and forensics, allowing organizations to respond promptly and minimize the potential impact of attacks.
Intuitive Data Visualizations: NetWitness Network provides intuitive data visualizations and nodal diagrams, according to the vendor, making it easier to understand and analyze network data.
Threat Exposure: The vendor claims that NetWitness Network utilizes patented parsing and indexing technology to dynamically parse and enrich log data at the time of packet capture, helping to expose threats that may be hiding in the network.
Robust Forensics Capabilities: According to the vendor, NetWitness Network combines deep inspection of hundreds of protocols with a powerful, integrated toolkit for forensic investigations, enabling detailed analysis of network traffic and facilitating thorough investigations.
Native Decoding Support: The vendor states that NetWitness Network provides native decoding capabilities, allowing it to handle encoded traffic effectively. It also integrates with third-party solutions to provide additional support for decryption, ensuring comprehensive visibility into network traffic.
Real-time Visibility: According to the vendor, NetWitness Network offers real-time visibility into all network traffic, whether it is on-premises, in the cloud, or across virtual environments. It utilizes behavioral analytics, data science techniques, and threat intelligence to detect known and unknown attacks.
Centralized Monitoring: The vendor claims that NetWitness Network can centrally monitor network traffic for threats, regardless of their source. It can deploy collection components on-premises, virtually, across hybrid architectures, or within public clouds, providing visibility across the digital landscape.