Based on insights from hundreds of Incident Response situations, RSA NetWitness Platform is designed to streamline triage by providing all the relevant information on a single screen. The platform highlights relevant information with an Interactive Nodal Diagram that shows relationships to provide visual insights. The nodal nature incorporates the intensity of connections and the size of the node reveals the occurrence frequency. The Nodal diagram paints a picture of what elements (metadata) are involved and the activity. Analysts can “hover” and “click” to reveal the next level of detail and reveal new relationships. With a visual mapping of what is happening in their environment, analysts can respond faster to a higher range of incidents.
Intuitive investigate flow
Visual representation of incident
better understanding of metadata
Level 2 security analyst go through a long drawn learning curve understanding the textual representation of the incident in RSA Netwitness platform. Once getting over the learning curve, the analysts were faced with a challenge to get a way to filter the noise and identify the vital metadata in the incident.
A nodal diagram representing the metadata in the incident details screen provided analysts intuitive interactive mode to analyze an incident. The picture not only provided user ability to narrow down on the more frequent metadata in the incident but also separate needle in the haystack by filtering out events they are not interested. User will be able to click, move, and hover over the graph to have a multi-angle view of the incident.
This was a delighter feature for the security analyst and went on to become the poster feature for RSA Netwitness platform.