NetWitness SaaS Offerings
NetWitness provides two SaaS-based offerings for you to choose from based on your security needs namely NetWitness UEBA (Cloud) and NetWitness Insight. These two solutions are add-on to NetWitness® Platform.
NetWitness UEBA
NetWitness UEBA (Logs and Endpoints) takes all the traditional functions of NetWitness User Entity Behavior Analytics (UEBA) and provides them as a native SaaS application. As a cloud service, NetWitness UEBA has many additional benefits including operations from the Operations team who manage the service for your organization which enables to release new content and enhancements faster so security teams are better equipped to respond to threats.
NetWitness UEBA is an advanced analytics and machine learning solution that leverages unsupervised machine learning and empowers Security Operations Center (SOC) teams to discover, investigate, and monitor risky behaviors in their environment. All users in an organization can be analyzed for abnormal user activities using log and endpoint data already collected by your NetWitness Platform.
For existing NetWitness Platform customers, NetWitness UEBA enables analysts to:
- Detect malicious and rogue users
- Pinpoint high-risk behaviors
- Discover attacks
- Investigate emerging security threats
- Identify potential attacker’s activity.
NetWitness UEBA resides on an Amazon Virtual Private Cloud (VPC) and each organization has its own VPC. If you have an on-premises NetWitness Platform deployment in your network, metadata will be uploaded to the cloud for analysis.
NetWitness UEBA performs advanced analytics on the data to enable analysts to discover potentials threats. Analysts will begin to see alerts and behavior profiles of users directly in their existing NetWitness Platform UI, and will be able to perform basic administration of the SaaS components from a dedicated SaaS UI.
For more information, see NetWitness UEBA.
NetWitness Insight
NetWitness Insight is a SaaS solution available as an extension for a NetWitness Network, Detection & Response (NDR) customer. Insight is an advanced analytics solution that leverages unsupervised machine learning to empower the response of the Security Operations Center (SOC) team. Insight continuously examines network data collected by the Decoder to discover, profile, categorize, characterize, prioritize, and track all assets actively.
NetWitness Insight passively identifies all assets in the environment and alerts analysts of their presence. The discovered assets are automatically categorized into groups of similar servers and prioritized based on their network profiles. These assets are presented to analysts to guide them to focus on certain assets to protect their organization.
Insight enables you to do the following:
- Asset discovery and characterization.
- Monitor critical Assets.
- Leverage the security operations team to triage based on prioritization.
For more information, see NetWitness Insight.
Feedback
Was this page helpful?
Thank you! We appreciate you sending us your feedback.
Thank you for your feedback!
Please Submit your Feedback