NetWitness - Total Network Knowledge™


Products NextGen Overview Infrastructure Products Decoder Concentrator Broker Applications Informer Investigator SIEMLink API/SDK Tech-in-Depth InSight Live Freeware Solutions Overview By Challenge Incident Response Data Leakage Data Governance By Industry Financial Services Government Law Enforcement Protection of Customer Data Resources Overview Webcasts Press Releases In the News Events Company Management Team Board of Directors Careers Contact Us

Challenge : Data Governance

Whether your organization is in the public or private sector, compliance with policy and regulatory mandates requires a solid data governance, risk and compliance (GRC) management approach.

In the public sector, lack of compliance with Office of Management and Budget (OMB) and National Institute for Standards and Technology (NIST) requirements can lead to delays or even reductions in budget allocations.
In the commercial sector, lack of compliance with Sarbanes-Oxley, the Payment Card Industry Standards (PCI), various State-level disclosure laws (e.g., California SB-1386), the Gramm-Leach Bliley Act, HIPAA, etc., can cause problems ranging from consent decrees and fines, to lawsuits and significant losses of shareholder value.

A key element in common across all of these policies and regulatory requirements is the need for organizations to ensure that controls are operating within predictable boundaries and within acceptable risk and compliance expectations.

Although many security products today claim to provide solutions to GRC issues, according to a May 2007 Gartner report, there is no comprehensive technical solution to data governance today, and no I/T vendor demonstrates the appropriate technical control solutions to address this market. In Gartner’s opinion, true governance, risk and compliance management vendors in the I/T space will facilitate the “management, measurement, monitoring, automation and reporting of I/T controls.”

NetWitness NextGen approaches the problem of governance, risk and compliance in a different way than most security vendors. While most security vendors strive to implement a specific control set, for example, in accordance with public mandates such as FIPS 200 or OMB M-06-15, or a private sector edicts such as the PCI standard or Sarbanes-Oxley, NetWitness NextGen provides a framework for monitoring all network communications across all application protocols to measure the efficacy of the controls, to monitor the use the controls in an operational context, and report on the enterprise-wide compliance with control objectives for network-based communications.

The Need for Next Generation Monitoring

If your organization desires detailed information regarding the performance of your network-related GRC controls, you need to obtain a deeper look into the actual behavior of all data in motion, reconstructed at the application layer. NetWitness was developed 10 years ago to support the demanding internal control monitoring needs of the U.S. intelligence community. NetWitness NextGen provides a comprehensive distributed network data monitoring framework designed to ensure that the performance of your I/T controls and your information systems security can be measured and monitored completely.

NetWitness Decoder and Concentrator comprise the underpinnings of an enterprise infrastructure providing comprehensive situational awareness and visibility into content and context of all network activity. When combined with power of automated reporting and alerting in Netwitness Informer and the interactive network forensics and analytics in NetWitness Investigator Enterprise, your organization can acquire the Total Network Knowledge needed to feel confident that your network-based I/T controls are operating at the risk and compliance levels you expect.

Support

Community

Blog