• Delves deeper into the inner workings of endpoints than other solutions, providing full visibility into all the files, processes, and events running on endpoints.

  • Reduces attacker dwell time by rapidly detecting and identifying new, unknown, and “file-less” (non-malware) threats.

  • Instantly identifies all infected endpoints, providing visibility into the full scope of an attack and allowing security teams to contain the threat and then completely eradicate it.

  • Provides thorough, trustworthy analysis through advanced machine learning across multiple methodologies.

  • Enables three times faster incident response time by giving security teams all the data they need at their fingertips, including timely, advanced threat research from the RSA experts, to accelerate forensic investigations.


  • Multiple Monitoring Techniques

    Endpoint monitoring techniques include endpoint behavioral analytics, user-initiated suspicious events, live memory analysis, direct physical disk inspection, and endpoint state assessment.

  • Whitelisting, Blacklisting and Threat Intelligence

    Leverages powerful aggregated whitelisting and blacklisting capabilities as well as community- and expert-based threat intelligence to rapidly score and flag suspicious endpoint activity.

  • Facilitates Customization

    Features extensive customization and extensibility capabilities to work with any organization: Analysts can customize any of the 300+ behavioral indicators included in the solution. They can also incorporate YARA rules and import STIX data to further identify and classify threats. Integrations are possible with the RSA NetWitness Endpoint API.

  • Numerous Legitimacy Checks

    Conducts multiple checks of file legitimacy (including certificate validation) to determine if a file is malicious.

  • Digital Record

    Maintains a global repository to preserve forensic integrity of all suspicious files analyzed from endpoints.