CERTIFIED PRODUCTS AND SYSTEMS
List of Certified Products and Systems.
MyCC = Products certified by MyCC Scheme before recognized as CCRA Authorizing Participants.
CCRA = Products certified by MyCC Scheme after recognized as CCRA Authorizing Participants.
The TOE is a collection of appliances that form a security infrastructure for an enterprise network. This architecture provides converged network security monitoring and centralised security information and event management (SIEM). The TOE provides real-time visibility into the monitored network and long-term network data storage to provide detection, investigation, analysis, forensics, and compliance reporting.
The TOE implements additional security functions such as identification and authentication of TOE users; auditing; security management; and trusted path.
The security management functions of the TOE are performed via the NetWitness Platform User Interface (UI), which is a web-based GUI. This interface allows authorised administrators to manage the user accounts, session lockout values and other TSF data, and view the IDS data and alerts. Navigation in the UI is based on Roles and is divided into major functional areas including Respond, Investigate, and Admin. The Respond view consolidates all alerts such as ESA Correlation Rules, Malware Analytics, and Reporting Alerts into one location and is used for incident tracking and triage. The Investigate view presents seven different views into a set of data, allowing authorized users to see metadata, events, and potential indicators of compromise. In the Admin view, Administrators can manage network hosts and services; manage system-level security; and manage Collection Methods/event sources.
NETWITNESS, an RSA Business
10700 Parkridge Bvld, Reston, VA 20191, United States of America
PROJECT ID
M020
ASSURANCE LEVEL
EAL2+ALC_FLR.1
PRODUCT NAME AND VERSION
RSA NetWitness Platform v11.7
PRODUCT TYPE
Network and Network-Related Devices and Systems
PRODUCT SPONSOR / DEVELOPER
NETWITNESS, an RSA Business
PRODUCT SPONSOR / DEVELOPER CONTACT DETAILS
10700 Parkridge Blvd, Reston VA 20191, United States of America
The TOE is the RSA NetWitness Platform v11.7.1.2. The TOE is a collection of appliances that form a security infrastructure for an enterprise network. This architecture provides converged network security monitoring and centralized security information and event management (SIEM). NetWitness provides real-time visibility into the monitored network and long-term network data storage to provide detection, investigation, analysis, forensics, and compliance reporting. NetWitness Capture Architecture collects log data and packet data from the network. Packet collection extracts metadata, reassembles, and globally normalizes all network traffic at layers 2 through 7 of the OSI model. This data allows NetWitness to perform real-time session analysis. NetWitness recognizes over 250 event source types, which are aggregated, analyzed, and stored for long-term use. The TOE implements Collection Methods to support collection from the event sources.
REPORTS