Get an iPad Air w/ Smart Keyboard, Pixel 4a Smartphone, or Take $350 Off with Online Training! Offer Ends Soon!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Automate Threat Detection and Incident Response: SANS Review of RSA NetWitness

  • Wednesday, May 16, 2018 at 1:00 PM EDT (2018-05-16 17:00:00 UTC)
  • Maor Franco, Ahmed Tantawy, Dave Shackleford


  • RSA

You can now attend the webcast using your mobile device!



According to the latest SANS Security Analytics survey, about 35% of respondents said that their greatest impediment is a skills gap in their IT environments, and approximately 26% said they do not understand the normal behavior of their environment. When you consider that your business will continue to grow and information will continue to proliferate, the need to have machines automate analysis of events from disparate sources becomes an imperative.

With this in mind, we reviewed RSA NetWitness, a solution that purports to bridge the human skills gap via machine learning and analytics.

In this webcast, SANS analysts Ahmed Tantawy and Dave Shackleford will discuss findings from Ahmed's review of RSA NetWitness, including:

  • Why an evolved SIEM approach is a superior way to handle today's sophisticated threats
  • How machine learning can automate detection and prevention
  • How RSA NetWitness performed in an entire attack lifecycle

Register now for this webcast and be among the first to receive the associated whitepaper written by Ahmed Tantawy.

View the associated whitepaper here.

Speaker Bios

Maor Franco

Maor Franco is a technical product marketer at RSA with over a decade of experience building cyber security and intelligence system products. Maor has held multiple roles at RSA, everything from a research analyst, to product management, as well as product marketing. His expertise spans RSA's portfolio as he has worked in RSA's Fraud, Endpoint, Network, and SIEM business. He has a BS in Computer Engineering from Tel-Aviv University.

Ahmed Tantawy

Ahmed Tantawy is a member of the GIAC Advisory Board and a SANS analyst. He currently holds GIAC Penetration Testing (GPEN), GIAC Web Application Penetration Tester (GWAPT) and Offensive Security Certified Professional (OSCP) certifications, as well as the HP ArcSight Administrator and Analyst certificates. Ahmed works primarily as a security operations engineer. His experience includes working on enterprise security information and event management (SIEM) solutions and other enterprise security products, as well as leading a security operations center team in the financial sector. In addition, Ahmed has experience as a penetration tester and with ensuring PCI DSS compliance.

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.