• Gives analysts deep insight and visibility into their entire environment, from on-premise to cloud, to provide definitive answers to the questions: How did it happen? How long has it been on our network? How bad is it?

  • ​Automates detection of both command-and-control communications and attackers’ attempts to move laterally across your network.

  • Empowers your security team with intuitive workflows that guide Tier 1 analysts to be more productive and enhance Tier 3 analysts’ threat hunting activities.

  • Accelerates detailed reconstruction of cyber attacks across both network and endpoint during forensic investigations so analysts can more quickly grasp the full scope of an attack. Armed with these insights, analysts can implement more effective remediation plans.

  • Identifies high-risk indicators (e.g., advanced persistent threat domains, suspicious proxies, malicious networks, malware behaviors) and new cyber attack methods.

  • ​Preserves digital evidence and provides a detailed record of a cyber attack to assist legal teams and law enforcement in prosecution.


  • The Best Data for Early Threat Detection

    Captures full network packets, NetFlow, logs (access, network security and systems performance/monitoring), and endpoint telemetry and enriches this data with threat intelligence and business context.

  • Extensive Threat Intelligence

    Enriches raw packet, log and endpoint data at time of capture with threat intelligence from RSA’s research, engineering and incident response teams, the RSA customer community, and external sources.

  • Flexible, Scalable Architecture

    Offering maximum deployment flexibility, the RSA NetWitness Suite can be scaled and deployed incrementally according to an organization’s needs and security priorities—whether with a single appliance or dozens, partial or fully virtualized deployments, on premise or in the cloud, with full endpoint visibility or more focused deployments on high-risk assets.

  • Faster Data Retrieval

    Raw data is parsed into metadata and sessionized at capture time to support security analytics and event reconstruction. A highly intuitive and blazing fast user interface speeds data retrieval during investigations.

  • Security and Behavioral Analytics

    Real-time behavioral analytics engine uses modular machine learning techniques to observe network traffic, baseline “normal” network and endpoint behavior and identify anomalies.


Rapidly detect and grasp the
full scope of cyber attacks with RSA NetWitness Suite

Watch the RSA NetWitness Suite detect and defend an organizaton from a phishing attack, one of the most insidious threats we face today. In this demo, you'll see how RSA NetWitness Suite can accelerate incident response times by as much as 3X.

RSA NetWitness Logs & Packets detects threats and discovers cyber attacks that evade log-centric SIEM and signature-based tools. The only solution on the market that correlates full network packets with other security data, RSA NetWitness Logs & Packets allows security teams to better understand and reconstruct attacks, which in turn helps security operations teams implement more effective remediation plans.

RSA NetWitness Endpoint is an integral component of the RSA NetWitness Suite that provides organizations with deep visibility into endpoint behavior and threats. This visibility is transformed into powerful metadata, which allows security teams to see all processes, executables, and events along with network telemetry in one single workflow.

You might think logs provide more than enough information to detect cyber threats, but they only reveal what preventative controls have detected. In contrast, packets offer complete network visibility, and with RSA NetWitness Logs & Packets you get the best of both worlds, plus a behavioral analytics engine that processes huge volumes of data for analysts in real time.

RSA NetWitness Logs & Packets provides full visibility into the network traffic associated with Dynamic DNS, a method for hosting IP addresses that attackers frequently exploit to evade detection while stealing sensitive data. See how RSA NetWitness Logs & Packets helps to identify data exfiltration attempts that leverage Dynamic DNS in this brief report.

A WebShell is a piece of code that runs on a server to enable remote administration. While often used for legitimate purposes, WebShells are a favorite tactic of attackers, who use them to gain control of web servers. Once in control, attackers can disrupt services and steal data while quickly moving across a company’s network. Unlike traditional network security tools, RSA NetWitness Logs & Packets provides full visibility into all stages of a WebShell attack.