• ​​Speeds detection and uncovers new, never-seen-before threats that other endpoint security solutions miss by providing unmatched visibility into all of an organization’s endpoints, on and off its network.

  • ​Accelerates cyber incident response and prevents attacks from spreading by allowing security teams to blacklist malicious files, then block and quarantine them with one action across all infected endpoints.

  • ​Delivers the forensic information you need to definitively answer tough questions when a cyber attack takes place: How bad is it? How did it happen? How do we fix it?

  • ​Alleviates “alert fatigue” by flagging suspicious endpoints, prioritizing them according to an intelligent, automated risk-scoring algorithm and providing a clear visual indication of each endpoint’s threat level.


  • Deep Endpoint Visibility

    Delivers full visibility into all processes, executables and behavior on all of your endpoints (servers, desktops, laptops).

  • Behavioral-Based Detection with Advanced Analytics

    Built with unique behavioral monitoring capabilities and advanced machine learning techniques that baseline “normal” endpoint behavior, detect deviations and prioritize incidents based on potential threat level. This method of endpoint protection has repeatedly proven superior to traditional signature- and rules-based endpoint security solutions that today’s advanced cyber threats easily evade.

  • Scalable and Efficient

    All data storage and the majority of analysis occur on the RSA NetWitness Endpoint server, which ensures data integrity and drastically reduces any impact to the endpoint.

  • Rapid Data Collection

    Extremely lightweight agent collects full endpoint inventories and profiles in minutes, with no discernible impact on end-user productivity.

  • Intelligent and Automatic

    Collects and automatically analyzes processes, executables and more on endpoints; records data about every critical action surrounding the unknown item; communicates with the RSA NetWitness Endpoint server for additional analysis.

Use Cases

“How can we possibly protect our organization from cyber threats no one has ever seen before?”

At RSA, we get asked that question a lot. The answer comes down to having complete visibility into all of your endpoints. RSA NetWitness Endpoint gives you that visibility across all processes, executables and behavior on your organization’s endpoints and applies advanced analytics and machine learning algorithms to detect anomalies. In this manner, RSA NetWitness Endpoint can uncover completely new threats that other endpoint security solutions miss entirely.

Gh0st RAT is a remote access Trojan (RAT) that attackers frequently use to control infected endpoints, log users’ keystrokes, download and upload files, and more. It’s been associated with a number of high-profile attacks on public- and private-sector organizations, is used for data exfiltration and surveillance, and is particularly hard to detect. But the deep endpoint visibility provided by RSA NetWitness Endpoint makes it virtually impossible for security analysts to miss. Read the concise use case to see how RSA NetWitness Endpoint can uncover and exorcise the Gh0sts haunting your machines.