RSA Conference 2020 : Security Operations Center Findings Report
The RSAC SOC team deployed the RSA NetWitness® Platform that included the RSA NetWitness Logs, RSA NetWitness Network and RSA NetWitness Orchestrator components for evolved SIEM capabilities, and Cisco Threat Grid, Cisco Threat Response with Talos Intelligence, Cisco Firepower Threat Defense IDS and Cisco Umbrella.
RSA NetWitness Network collects all the raw network traffic from a switch port analyzer (SPAN) from the Moscone Center network, adds metadata and visually prioritizes threats occurring in real time. It inspects every network packet session for threat indicators at time of collection and enriches this data with threat intelligence and business context.