RSA NetWitness Platform


RSA NetWitness Platform is an evolved SIEM and threat defense solution for rapid detection, analysis and response to the most advanced threats. Its unique design aligns business context to digital risks, integrating IT security with your organization’s strategic goals. RSA NetWitness Platform delivers the industry’s most complete visibility, integrating logs, network data and endpoints. Its fully integrated threat intelligence and “zero touch” behavior analytics empower your organization to detect, prioritize and investigate threats. With its highly automated orchestration and response, RSA NetWitness Platform is the centerpiece of an evolved security operations center (SOC).

Accelerated Threat Detection & Automated Response, From The Endpoint To The Cloud


Advanced Analytics

RSA NetWitness Platform detects and identifies threats using sophisticated rules, threat intelligence and malware analysis, as well as behavior analytics. Sophisticated threat detection algorithms operate across disparate data types and sources, for fast identification and correlation of indicators of compromise (IOCs) and real-time prioritization of true threats.

Broad Visibility

RSA NetWitness Platform provides unsurpassed visibility across logs, packets, endpoints and NetFlow data, across on-premises, virtual and cloud environments. A common data model, enriched with business context and threat intelligence, enables analysts to correlate anomalies wherever they occur, providing fast insight into the full scope of an attack.

Business-Driven Security

As organizations embrace Digital Transformation, digital risk becomes business risk. RSA NetWitness Platform aligns business and security risks, integrating risk factors such as asset criticality and user identity, and orchestrating incident response across your organization.

Flexible & Scalable Platform

RSA NetWitness Platform is a modular threat detection and response solution that is the centerpiece of an evolved SOC. It enriches data at capture time, creating sessionized metadata to dramatically accelerate alerting and analysis, and to quickly understand the full scope of an attack. Key RSA NetWitness Platform capabilities include its common data model, radical scalability and flexible deployment options, as well as its sophisticated analyst toolset, forensic capabilities and reporting engine.

RSA NetWitness Logs

RSA NetWitness Logs supports collection from more than 350 event sources, including various industry-leading network and security devices, popular applications and operating systems. Additionally, it stores raw logs and extracts metadata at capture time to accelerate threat detection and investigation.

RSA NetWitness Network

This advanced network detection and response (NDR) solution monitors network data and provides immediate visibility for rapid detection, efficient investigation and forensics, and reduced dwell time. It augments the capabilities of your SIEM (RSA or third party) to show exactly what happened in a suspected incident, with session reconstruction capabilities that let you replay an attack sequence in its entirety.

RSA NetWitness Endpoint

This powerful endpoint detection and response (EDR) tool continuously monitors endpoints to provide deep visibility into all activity and processes. RSA NetWitness Endpoint adds a rich data set to correlate with logs and packets, providing end-to-end visibility distinguishes the RSA NetWitness Platform from solutions that monitor only part of an organization’s IT infrastructure.

RSA NetWitness Orchestrator

The RSA comprehensive security operation and automation solution combines full case management, intelligent automation and orchestration, and collaborative investigations. It collects isolated alerts from across an organization’s security arsenal, and transforms them into a context-rich, correlated incident containing all critical data. RSA NetWitness Orchestrator’s Incident Management workflows bridge orchestration, correlation and enrichment of security alerts, providing a consistent and automatically documented incident management process.

RSA NetWitness UEBA

This patented RSA technology is a fully-automated and continuous threat detection and monitoring solution that provides deep visibility into the attack lifecycle. RSA NetWitness UEBA delivers unsupervised machine learning with a zero touch, turnkey data science model—no tuning required. Its unsupervised statistical anomaly detection and machine learning provides comprehensive, behavior-based detection of unknown threats.

RSA Professional Services

RSA offers three advanced services to support customer cybersecurity efforts:

  • The RSA Risk and Cybersecurity Advisory Practice helps customers implement solutions that protect against risk, ensure compliance, and accelerate business objectives
  • The RSA Advanced Cyber Defense (ACD) Practice offers services that span planning, implementation, and ongoing operational effectiveness for security operations centers (SOCs) and Cyber Incident Response Centers (CIRCs)
  • The RSA Incident Response (IR) Practice delivers experienced, expert response services, to help organizations quickly identify and eradicate threats. IR services are available on a retainer or engagement basis