• ​Gives analysts deep insight and visibility into their entire environment, from on-premise to cloud.

  • ​Provides definitive answers to the questions: How did it happen? How long has it been on our network? How bad is it?

  • ​Automates detection of both command-and-control communications and attackers’ attempts to move laterally across your network.

  • ​Accelerates detailed reconstruction of cyber attacks during forensic investigations so that analysts can quickly grasp the full scope of a threat. Armed with these insights, analysts can implement more effective remediation plans.

  • ​Identifies high-risk indicators (e.g., advanced persistent threat domains, suspicious proxies, malicious networks) and new cyber attack methods.

  • ​Preserves digital evidence and provides a detailed record of a cyber attack to assist legal teams and law enforcement in prosecution.


  • The Best Data for Early Threat Detection

    Captures full network packets, NetFlow and logs (access, network security and systems performance/monitoring) and enriches this data with threat intelligence and business context.

  • Extensive Threat Intelligence

    Enriches raw packet and log data at time of capture with threat intelligence from RSA’s research, engineering and incident response teams, the RSA customer community, and external sources.

  • Flexible, Scalable Architecture

    Offering maximum deployment flexibility, RSA NetWitness Logs and Packets can be scaled and deployed incrementally according to an organization’s needs and security priorities—whether with a single appliance or dozens, partial or fully virtualized deployments, on premise or in the cloud.

  • Faster Data Retrieval

    Raw data is parsed into metadata and sessionized at capture time to support security analytics and speed data retrieval and event reconstruction during investigations.

  • Security and Behavioral Analytics

    Real-time behavioral analytics engine uses modular machine learning techniques to observe network traffic, baseline “normal” network behavior and identify anomalies.

RSA NetWitness Logs and Packets detects threats and discovers cyber attacks that evade log-centric SIEM and signature-based tools. The only solution on the market that correlates full network packets with other security data, RSA NetWitness Logs and Packets allows security teams to better understand and reconstruct attacks, which in turn helps security operations teams implement more effective remediation plans.

You might think logs provide more than enough information to detect cyber threats, but they only reveal what preventative controls have detected. In contrast, packets offer complete network visibility, and with RSA NetWitness Logs and Packets you get the best of both worlds, plus a behavioral analytics engine that processes huge volumes of data for analysts in real time.

RSA NetWitness Logs and Packets provides full visibility into the network traffic associated with Dynamic DNS, a method for hosting IP addresses that attackers frequently exploit to evade detection while stealing sensitive data. See how RSA NetWitness Logs and Packets helps to identify data exfiltration attempts that leverage Dynamic DNS in this brief report.

A WebShell is a piece of code that runs on a server to enable remote administration. While often used for legitimate purposes, WebShells are a favorite tactic of attackers, who use them to gain control of web servers. Once in control, attackers can disrupt services and steal data while quickly moving across a company’s network. Unlike traditional network security tools, RSA NetWitness Logs and Packets provides full visibility into all stages of a WebShell attack.