Detection and response
How to monitor and detect events in a corporate network?
Workstations in organizations are constantly subjected to attempts to break through security and carry out cyber attacks. Therefore, every company faces the demanding challenge of having to constantly monitor a large amount of network traffic to stay abreast of incidents and detect threats.
One company in the medical industry had 700 workstations that generated a lot of network traffic. To ensure the company’s ICT security, it became necessary to be able to proactively monitor events on the company’s network in real time for up to 60k EPS and up to 20 Gbps of network traffic. An integrated client was required to identify all of these within the existing security architecture.
The ideal solution for this kind of challenge is a SIEM-class system that will simultaneously act as a threat hunting platform. This type of solution allows you to monitor, collect, report and manage logs. It gives members of the security team a full view of what is happening on the network in real time. This, in turn, helps solve many data protection challenges, including identifying a cyber attack.
The tool that accomplishes such tasks is the NetWitness Logs module within the RSA NetWitness platform. It provides end-to-end access to network knowledge beyond the standard SIEM.
Moreover, generating a report that includes a full PCAP dump, file extraction, and email reconstruction allows providing the Supervisory Authority with comprehensive information on the incident.