Cisco Security and NetWitness

NetWitness, an RSA® Group Business, is a comprehensive XDR solution that accelerates threat detection and response. It collects and analyzes data across all capture points (logs, packets, netflow, endpoint and IoT) and computing platforms (physical, virtual and cloud), enriching data with threat intelligence and business context.

Product Integrations

• Secure Malware Analytics: Secure Malware Analytics is integrated into NetWitness Packets architecture for unified analytics experience. NetWitness Packets Malware Analysis – network forensics analytical toolset that uses a series of analysis techniques to automate the workflow of a malware analyst, to gauge the maliciousness of a file sample. The analysis of these sessions results in scores, indicating the probability that a sample is malicious.
• Secure Endpoint: The NetWitness Cisco Secure Endpoint plugin collects the events generated by Secure Endpoint (Audit, Domain Controller, IP Blocking Group, Protect, Server and Triage groups). Secure Endpoint prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. Secure Endpoint can uncover advanced threats, including file-less malware and ransomware
• Umbrella: DNS and Proxy logs can be retrieved from the S3 bucket that provides deep visibility and context of malicious activity on the cloud. This can be used to co-relate and enrich events collected from multiple other sources on the cloud and on-prem event sources via the NetWitness Platform. This combined with the complete visibility that the NetWitness Platform delivers for threat detection and response across logs, network, and endpoints for both private and public cloud environments – securing the cloud is simplified.
• Identity Services Engine: Integration with NetWitness SIEM via SYSLOG.
• Meraki Dashboard: Integration with NetWitness SIEM via SYSLOG.