DATA SHEET

RSA NETWITNESS
®

PLATFORM
PROFESSIONAL
SERVICES
ACCELERATE TIME-TO-VALUE &
MAXIMIZE ROI
 DATA SHEET

EXECUTIVE SUMMARY
The shortage of cybersecurity skills
Organizations continue to face a shortage of IT skill sets, with cybersecurity
skills topping the list. This trend is expected to continue for the foreseeable
future, particularly when it comes to specific needs, such as advanced threat
detection and maximizing the ROI on related technology investments, such as
the RSA NetWitness® Platform.

Organizations seeking to address these challenges and complement in-house

resources with additional subject matter expertise can avail of professional
services from RSA Threat Detection & Response Practice, including advanced
techniques on how to proactively hunt for initial signs of attack and stop the
adversaries in their tracks.

ADDRESSING THE RESOURCING TREND

Technology expertise
The RSA Threat Detection and Response Practice enables organizations to
maximize the ROI on their RSA NetWitness investment by providing a holistic
portfolio of solution fulfillment services. Complementary services addressing
incident response and proactive hunting are offered by the Incident Response
(IR) Practice. Customer requirements and expectations are best met when
product deployments are adequately planned, implemented and maintained
with regular upgrades and tuning, coupled with hands on knowledge transfer
by our specialist IR team.

RSA’s range of capabilities and depth of expertise make it the partner of choice
for organizations that want to maintain a security posture that evolves with
the threat environment:
• Globally distributed team of practitioners.
• Trained, accredited and certified security professionals.
• Experience gained from thousands of engagements across a range of
industries in the commercial and government sectors.
• Enterprise-level solution fulfillment addressing complex solution deployment
requirements.
• Project management services to drive successful outcomes, remediate
engagement risks and streamline communications.

2
 DATA SHEET

RSA Solution Fulfillment Framework

Services portfolio ranging from requirements analysis and solution design to
deployment and go-forward solution management

The RSA Threat Detection & Response and IR Practices are part of the RSA
Global Services Organization, which provides a variety of additional and
complementary information security services including:

• Advanced Cyber Defense consulting services.

• Education services from RSA University.
• Product maintenance and Personalized Support Services, including
Designated Support Engineer (DSE)and Technical Account Manager (TAM)
from RSA Customer Support.

RSA NETWITNESS PLATFORM

Respond in minutes, not months
The Threat Detection & Response Practice addresses solution fulfillment
requirements across each of the RSA NetWitness Platform products:
• RSA NetWitness Network—deployed to gain better network visibility
and detect advanced threats and anomalies that bypass traditional
defense mechanisms.
• RSA NetWitness Logs—optimized to aggregate and correlate log data
from traditional security alerting tools and mechanisms.
• RSA NetWitness Endpoint—configured to highlight anomalies on host systems.
• RSA NetWitness SecOps Manager—tailored to align with organizational
structure and workflows while adding business context to prioritize alerting
3 and enhance the protection of critical assets.
 DATA SHEET

The portfolio includes services that accommodate differing requirements and

maturity levels:
• Design and Implementation services—to get the solution up and running,
achieve “early wins” and accelerate time-to-value.
• Subscription services—used throughout the year to progress the maturity
of the solution and work hand in hand with the customer to identify
and implement use case requirements and enhance overall solution
effectiveness. The IR Practice also provides subscription services to
facilitate hands-on proactive hunting conducted jointly with the customer
and to relay deep technical knowledge transfer.
• Tuning & Optimization services—recommended annually to maximize and
tune solution performance, conduct minor upgrades of the environment to
the latest release and implement additional features and functions such as
RSA NetWitness Event Stream Analysis for correlation rules and advanced
threat detection with data science modules.
• Performance Assessment services—ongoing periodic (e.g., quarterly)
reviews of the health statistics, metrics and usage activities, with
recommendations for enhancement.
• Upgrade services—implementation of major version upgrades for
environments of all complexity levels.
• Event source integration services—to accommodate the integration of log
event sources, which are not otherwise supported “out of the box.”
• Custom services—tailored consulting for platform migrations, technology
integration, high-availability configurations, residencies, “expert-on-demand”
staff augmentation and remote consulting.
• Offshore services—lower-cost solution fulfillment by RSA Virtual Services
Delivery (VSD) team.

RSA NetWitness® Platform

The Respond interface of RSA NetWitness is the main dashboard for initial triage, providing
4 analysts with a nodal view and enabling them to assign, escalate and journalize the incident.
 DATA SHEET

• Analytic Intelligence services—to share techniques that facilitate advanced

threat detection. These are complementary services, such as the RSA
Jumpstart for Analytic Intelligence, which is delivered by the RSA Risk
and Cybersecurity Practice’s Incident Response team. Offshore services—
lower-cost solution fulfillment by RSA Virtual Services Delivery (VSD) team.

RSA NetWitness® Platform

The Endpoint interface displays a machine risk score based on the analysis of
suspect files and libraries, which provides the analyst with a valuable tool for the
detection and analysis of anomalies that have bypassed traditional defenses.

• Security Operations Management services—to support the integration of

RSA NetWitness SecOps Manager with organizational Incident Response
and Breach Management requirements. These are complementary services,
such as the RSA SecOps Design Service, which is delivered by the RSA Risk
and Cybersecurity Practice, Advanced Cyber Defense (ACD) team.
• Use Case Development services—to address the specific threats to each
organization (e.g., ransomware), including the development of the processes
and procedures required at each stage of the incident management
lifecycle, from detection through mitigation and lessons learned. Through a
series of interviews, documentation reviews and interactive workshops, the
use case objectives, threats, stakeholders, logic and testing requirements
are defined and response procedure checklists are developed, providing the
analyst with step-by-step instructions.
• Controlled Attack and Response Exercise services—to review and
stringently test the response capabilities of the incident response team. In a
controlled attack scenario, ACD designs and conducts several “capture-the-
flag” exercises based on the customer’s existing toolset and IR processes
and procedures. Results are scored based on flag difficulty levels and
5 reviewed with the customer to identify areas for improvement.
 DATA SHEET

PUTTING IT ALL TOGETHER

RSA targeted attack detection
Security teams need to have the tools and skills to help them identify subtle
indicators of compromise, because the traditional boundary protection
approach has proven to be inadequate. Attackers leave clues at both the
network and the host levels. This gives organizations a window of opportunity
for remediation, once they have the right capabilities.

RSA NetWitness provides those tools, and RSA Cybersecurity Practices

provide the solution deployment, knowledge transfer and supporting skills
necessary to redress the balance against attackers.

In addition to these key technologies and services, customers use RSA

NetWitness Live updates to enjoy ongoing access to shared intelligence
resources that augment their security posture with a global, community-based
world view.

RSA NetWitness® Platform

RSA Live Connect facilitates gathering, analysis and dissemination of community-based threat
6 intelligence, enabling customers to collaborate with peers and stay ahead of adversaries.
 DATA SHEET

ABOUT RSA
RSA provides more than 30,000 customers around the world with the
essential security capabilities to protect their most valuable assets from cyber
threats. With RSA Global Services’ capabilities and award-winning products,
organizations effectively detect, investigate and respond to advanced attacks;
confirm and manage identities; and ultimately, reduce IP theft, fraud and
cybercrime.

RSA Global Services also offers battle-tested expertise from our Risk and
Cybersecurity Practice, which includes the Advanced Cyber Defense and
Incident Response Practices. Education services are available from RSA
University, and product maintenance and Personalized Support Services are
available from RSA Customer Support.

For more information, go to rsa.com.

©2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered
trademarks or trademarks of Dell Inc. or its subsidiaries in the United States and other countries.
All other trademarks are the property of their respective owners. RSA believes the information in
this document is accurate. The information is subject to change without notice.
7 07/18, Data sheet, H15726 W137517.