1 2015 GSN Homeland Security Award – Best Endpoint Threat Detection and Response Solution





  • Speeds detection and uncovers new, never-seen-before, and non-malware threats that other endpoint security solutions miss by providing unmatched visibility into all of an organization’s endpoints, on and off its network.

  • Empowers three times faster incident response and prevents attacks from spreading by allowing security teams to contain endpoints on a network, blacklist malicious files, and then block and quarantine them with one action across all infected endpoints.

  • Delivers the forensic information you need to definitively answer tough questions when a cyber attack takes place: How bad is it? How did it happen? Where did it start? How do we fix it?

  • Alleviates “alert fatigue” by flagging suspicious modules and endpoints, prioritizing the threats according to an intelligent, automated risk-scoring algorithm and providing a clear visual indication of each endpoint’s threat level.


  • Continuous Endpoint Monitoring

    Delivers full visibility into all processes, executables, events, and behavior on all of your endpoints (servers, desktops, laptops, virtual machines).

  • Behavioral-Based Detection with Advanced Analytics

    Built with unique endpoint and user-initiated event behavioral monitoring capabilities and an advanced machine learning algorithm that baselines “normal” endpoint behavior, detects deviations, and scores and prioritizes incidents based on potential threat level. This method of endpoint protection has repeatedly proven superior to traditional signature- and rules-based endpoint security solutions that today’s advanced cyber threats easily evade.

  • Scalable and Efficient

    Scales easily from hundreds to hundreds of thousands of endpoints. All data storage and most analysis occur on the RSA NetWitness Endpoint database, which ensures data integrity and drastically reduces endpoint impact.

  • Rapid Data Collection

    Extremely lightweight agent collects full endpoint inventories and profiles in minutes, with no discernible impact on end-user productivity.

  • Intelligent and Automatic

    Collects and automatically analyzes processes, executables and more on endpoints; records data about every critical action surrounding the unknown item; communicates with the RSA NetWitness Endpoint server for advanced analysis and threat prioritization.


Rapidly detect and grasp the
full scope of cyber attacks with RSA NetWitness Suite

Watch the RSA NetWitness Suite detect and defend an organizaton from a phishing attack, one of the most insidious threats we face today. In this demo, you'll see how RSA NetWitness Suite can accelerate incident response times by as much as 3X.

Use Cases

“How can we possibly protect our organization from cyber threats no one has ever seen before?”

At RSA, we get asked that question a lot. The answer comes down to having complete visibility into all of your endpoints. RSA NetWitness Endpoint allows security teams to see everything - all processes, executables, events, and behavior on your organization’s endpoints - and applies advanced analytics and machine learning algorithms to detect anomalies. In this manner, RSA NetWitness Endpoint can uncover completely new threats and non-malware, file-less attacks that other endpoint security solutions miss entirely.

Gh0st RAT is a remote access Trojan (RAT) that attackers frequently use to control infected endpoints, log users’ keystrokes, download and upload files, and more. It’s been associated with a number of high-profile attacks on public- and private-sector organizations, is used for data exfiltration and surveillance, and is particularly hard to detect. But the deep endpoint visibility provided by RSA NetWitness Endpoint makes it virtually impossible for security analysts to miss. Read the concise use case to see how RSA NetWitness Endpoint can uncover and exorcise the Gh0sts haunting your machines.