Industry : Government

Government organizations face a number of key concerns regarding the protection of data crossing its network:

• Ensuring that consumer and citizen data, particular personally identifiable information is not disclosed inappropriately or without the proper consent

• Protecting the confidentiality, integrity and availability of the organization’s data, including national security information if a federal agency

• Complying with regulatory mandates such as FISMA, OMB A-11 and M-06-15

• Meeting the organization’s business and mission objectives securely, whether domestic or overseas

• Detecting attempts to breach the security of government systems and reacting quickly and effectively

During the last few years, state and non-state sponsored cyber threats have grown geometrically in terms of capability and effectiveness. The ability of deployed countermeasures to protect, defend and respond to these threats has been less than stellar in the case of some high profile government organizations. Large scale incursions and data exfiltrations have taken place. These gaps are not due to a lack of smart people or ongoing technology investments, but because a new approach is required to deal with the level of sophistication of current threat actors.

Government organizations, particularly those in the Defense, Intelligence, Homeland Security and Critical Infrastructure communities must have a zero tolerance approach to data leakage, insider threats, and designer malware created by nation-sponsored actors. NetWitness views all these issues as interrelated and can help your organization deal with all of them with a single solution: NetWitness NextGen.

The Need for Next Generation Monitoring

NetWitness NextGen™ solves this problem for government organizations by offering a powerful infrastructure that records all the data across on the network and performs fully automated analyses of immense volumes of reconstructed network, application, and user traffic via the NetWitness Informer application. Informer is specifically designed to provide specific and accurate threat alerts and in depth policy and regulatory compliance reports on a wide variety of categories pertinent to government agencies. For example, for the U.S. government, Informer is tuned to focus on issues related to FISMA, NIST FIPS 200, SP-800-37, HSPD #12 and much more. Informer distills highly sophisticated sets of complex network data and quickly highlights important government business concerns such as insider threats, data leakage, covert activities/channels, compromised hosts and malware activities.

NextGen also delivers the NetWitness Investigator application that delivers a highly interactive, deep, real-time view into the same network traffic sets collected and reconstructed via the NextGen infrastructure. Investigator enables security, counterintelligence and law enforcement personnel to access multi-terabyte data sets and pivot them instantly in numerous dimensions based on network, application and user-level criteria. Users of Investigator can view this data cube on a continual and real-time basis to zero in on traffic of greatest interest and impact to the organization.

NetWitness Decoder and Concentrator comprise the underpinnings of an enterprise infrastructure providing government agencies comprehensive situational awareness and visibility into content and context of all network activity. When combined with power of automated reporting and alerting in NetWitness Informer and the interactive network forensics and analytics in NetWitness Investigator, your organization can acquire the Total Network Knowledge needed to deal effectively across all of the issues facing the public sector. Now with NetWitness® Live, your incident response team has access to multi-source threat intelligence.