In security operations centers today, the situation is common. You are overwhelmed with network and host-based security events, so you buy a Security Information and Event Manager (SIEM) or other event aggregation solution to distil this telemetry into more manageable working sets for your incident response team. Yet, even though you now have few events and incidents to investigate, rapid and complete answers are still rare. Resolution is incomplete and risk is difficult to quantify. Who is to blame? Is it the technology? Is it the staff? How sure are you of anything?

This uncertainty is common and part of the nature of running an enterprise network in a world where threat vectors are both unpredictable and rapidly evolving. Attack profiles today are unconventional. Victims are vulnerable from the inside and outside. Adversaries are using the openness of applications to obfuscate and covertly exfiltrate information from your enterprise.

Security is all about knowing when and where a threat exists, and definitively knowing its scope and magnitude so that you can take appropriate action in a timely manner – before critical damage is done. NetWitness SIEMLink extends your existing infrastructure by empowering it with the deep knowledge and analytics needed to react more effectively to incidents.

SIEMLink™ is a breakthrough in network security monitoring innovation, enabling instant integration of NetWitness NextGen technology with existing enterprise security infrastructures. SIEMLink is a light-weight Windows application designed to act as a transparent, real-time translator of critical security event data between Web-based consoles, such as security event and information management (SIEM) systems and network and system management (NSM) programs. Unlike other techniques used to interface event data sources, SIEMLink™ requires no special coding or systems integration work to link an organization’s existing SIEM with NextGen.

NetWitness NextGen customers can now greatly augment and empower any existing SIEM, intrusion detection or logging console, or enterprise network management system with zero integration effort.

SIEMLink provides the data that incident response and cyber threat analysis teams need to fuse security event telemetry with the detailed session analysis provided by NetWitness NextGen.

Product Features:

• Compatible with any SIEM, log consolidator, I/T Search Engine, IDS/IPS, Firewall, NSM, CMF/DLP, sniffer, NBAD, etc.
• Microsoft Windows system application that acts as a real-time, on-action translator between an external Web-based application (e.g., a SIEM) and NetWitness NextGen.
• Constructs a request that automatically and transparently retrieves data for analysis through the NetWitness Investigator application.

SIEMLink™ System Requirements:

• Windows® 2003 Server or Vista
• Internet Explorer 6+ or Firefox
• 1 Ethernet Port
• Licensed NetWitness Investigator & Supporting NextGen capture infrastructure
• Optional SIEMLink Firefox Add-on

NetWitness SIEMLink is available to all NetWitness customers with no additional fee. Please contact your account representative for more information. SIEMLink is provided on an AS IS basis and comes with no warranty.

For technical support contact support@netwitness.com.
For more information about NetWitness NextGen™ products contact sales@netwitness.com.