RSA NetWitness® Endpoint
Today’s cyber threats demonstrate an uncanny ability to circumvent traditional endpoint security solutions. To protect your organization from advanced threats, you need to see everything on the endpoint. You need the deep visibility, continuous endpoint monitoring, behavioral-based detection, and advanced analytics that RSA NetWitness Endpoint uniquely provides. Here’s a closer look at our solution.Get the Data Sheet See a Demo
REQUEST A DEMO
Delves deeper into the inner workings of endpoints than other solutions, providing full visibility into all the files, processes, and events running on endpoints.
Reduces attacker dwell time by rapidly detecting and identifying new, unknown, and “file-less” (non-malware) threats.
Instantly identifies all infected endpoints, providing visibility into the full scope of an attack and allowing security teams to contain the threat and then completely eradicate it.
Provides thorough, trustworthy analysis through advanced machine learning across multiple methodologies.
Enables three times faster incident response time by giving security teams all the data they need at their fingertips, including timely, advanced threat research from the RSA experts, to accelerate forensic investigations.
Multiple Monitoring Techniques
Endpoint monitoring techniques include endpoint behavioral analytics, user-initiated suspicious events, live memory analysis, direct physical disk inspection, and endpoint state assessment.
Whitelisting, Blacklisting and Threat Intelligence
Leverages powerful aggregated whitelisting and blacklisting capabilities as well as community- and expert-based threat intelligence to rapidly score and flag suspicious endpoint activity.
Features extensive customization and extensibility capabilities to work with any organization: Analysts can customize any of the 300+ behavioral indicators included in the solution. They can also incorporate YARA rules and import STIX data to further identify and classify threats. Integrations are possible with the RSA NetWitness Endpoint API.
Numerous Legitimacy Checks
Conducts multiple checks of file legitimacy (including certificate validation) to determine if a file is malicious.
Maintains a global repository to preserve forensic integrity of all suspicious files analyzed from endpoints.