NetWitness SASE, combined with Broadcom (Private Preview Mode), provides unprecedented visibility into behavior and communication among devices and services in remote and distributed networks across on-premises, hybrid, and cloud deployments.

What NetWitness SASE does:

  • Streamline searches and investigations: Log into a single user interface to perform index searches, pivot through metadata, and reconstruct network sessions to receive results quickly.

  • Leverage retained data: Empower analysts to perform forensic examinations on a triggered detection and threat hunt for unknown threats against retained raw network communications.

  • Correlate disparate data sets: Enrich the context of investigations by correlating data from the actual network traffic of remote users with other access by those same users for a complete end-to-end story of what transpired.

  • Minimize costs: Optimize storage and reduce operating costs using new compression algorithms, selective retention, and the ability to split network decoder components to limit what must run in the cloud.

Note: In 12.4 release, NetWitness SASE integration with Symantec by Broadcom is in Private Preview Mode.

About NetWitness SASE

NetWitness supports SASE and critical hybrid use cases across on-premises and in the cloud by partnering with Broadcom on technical integrations. NetWitness SASE Integrations give organizations complete visibility into encrypted traffic, remote users, and cloud workloads. With NetWitness SASE integrations, customers can achieve SASE flexibility, inherent security advantages, and complete visibility into threat detection and response.

NetWitness SASE provides the following capabilities:

  • Flexible, secure, real-time traffic monitoring: NetWitness SASE integrations capture all network traffic from remote users in near real-time, enabling immediate response to any potential threats. Regardless of the location of the data collected, the data is available in the detection engine, and analysts can easily find the anomalies. The customization opens available in NetWitness SASE reduce the risk of storing sensitive, personally identifiable information.

  • Get scalable, high-performance cloud security: With NetWitness SASE integrations, enhance total visibility and threat detection capabilities across your enterprise using well-known on-premises mechanisms such as rules, parsers, feeds, and machine learning. Perform searches and investigations and swiftly receive results with a single user interface. The integration supports forensic examinations on triggered detections and facilitates threat hunting against retained network communications, empowering analysts to combat unknown threats effectively.

  • Eliminate blind spots: NetWitness SASE integrations empower organizations to retain complete visibility into their cloud security stack, cost-effectively eliminating blind spots in their cloud traffic and maximizing the effectiveness of their security infrastructure investments. Organizations have the visibility and control they need over encrypted traffic to ensure compliance with their privacy, regulatory, and acceptable use policies, whether on-premises or in the cloud.

  • Unparalleled network visibility to strengthen SASE security: The improved visibility provided by the integration allows organizations to close gaps in their zero trust security posture and enable better detection capabilities.

Prerequisites

Before proceeding, it is important to make sure the following:

  • The NetWitness Platform (Admin Server and Packet Decoder Host) is on version 12.4 or later.

  • You are connected to Live Services under the AdminIcon.png (Admin) > System > Live Services page.

  • The Decoder services are managed by Centralized Content Management (CCM). If CCM does not manage it, you can enable CCM for the particular decoder service. For more information, see the topic Enable or Disable CCM for Individual Decoder Services.

  • You must have the Request URL and Auth Token from Broadcom for configuration.