NetWitness® Insight
Get high fidelity threat detection
NetWitness Insight empowers security teams to determine what assets matter most, providing the knowledge and context they need to better defend the enterprise. It combines deep packet visibility with historical forensics that have been enriched with automated asset discovery and contextual information. With this data, organizations discover and gain visibility into network assets, known or unknown, giving them a comprehensive picture of network behavior on which to base time-sensitive decisions.
See a comprehensive picture
NetWitness Insight investigates the organization's entire network to identify all assets
Create a baseline faster
Get started quickly when NetWitness Insight establishes the organization’s baseline security profile within hours
Prioritize responses
NetWitness Insight uses rankings to identify important assets most at risk
Eliminate customer interventions
Running unsupervised as part of a SaaS orchestration, NetWitness Insight requires minimal setup and administration by customers
Reduce mean time to detect and respond
Expose the full scope of attacks
NetWitness Insight automatically and continuously pulls network metadata to passively discover, profile, categorize, characterize, prioritize, and track all assets, simplifying analysts’ investigations. Assets are categorized by network profile and prioritized by risk level based on activity and exposure ranks. The addition of asset contextual enrichment, usage baselines, and the detection of altered assets empowers the cybersecurity team to truly understand their network and where to focus their limited resources.
Asset Discovery
NetWitness Insight inventories the true data that lives on your network and turns it into viable response actions. It uses custom learning techniques to investigate the entire network to identify all assets. The number of services, clients and external clients are captured as aggregate discrete values summarizing the totality of traffic reaching the asset.
Asset Prioritization and Ranking
To help analysts quickly focus on risks that matter the most, NetWitness Insight performs a variety of ranking functions to identify important assets based on different criteria, including an Activity Rank (a popularity ranking), and an Exposure Rank, which reflects the network risk calculated by the number of internal and external services and clients connecting to the asset and directionality.
Asset Categorization and Contextual Enrichment
Asset categorization provides analysts a point of reference describing how an asset behaves over time, yielding a rapid way to determine if an asset category has remained constant or not. To characterize assets, NetWitness Insight constructs a network profile for each asset, providing a multitude of criteria to use as contextual data points to understand how to triage an asset in relation to the potential threats.
Passive Asset Discovery
NetWitness Insight’s proprietary, patented, unsupervised algorithm continuously pulls network metadata from NetWitness Platform and passively discovers, profiles, categorizes, characterizes, prioritizes, and tracks all assets.
See the right information at the right time
Leverage NetWitness Insight for a definitive place to start investigations and empower cybersecurity teams to make quick decisions based on priority, criticality and importance to the business.