• ​Organizations can deploy RSA NetWitness Logs & Packets across diverse network typologies and geographies, and scale it according to their data capture and performance requirements.

  • ​Automated behavior analytics provides insight into attacker tactics, techniques and procedures as they execute their attacks. Detect Command and Control (C2) lateral movement for logs and packets.

  • Improve investigation and threat prioritization with security, risk and business context.

  • ​Recreates full sessions (web browsing, FTP, email, etc.) so that analysts can literally see what happened during an attack (including what was stolen during an exfiltration) and identify root causes.

  • Accelerate investigations with breath of visibility across logs and packets and depth of threat analytics.


  • Flexible, Scalable Architecture

    Consists of three components which can be deployed virtually, on premise, in the cloud (AWS and AZURE) or using a hybrid approach: The capture infrastructure, which consists of a highly configurable Decoder that captures and stores raw log and packet data; a Concentrator that stores and indexes metadata for fast queries and retrieving raw data; and a broker that facilitates queries across a multisite deployment of Concentrators and Decoders. The Event Stream Analysis (ESA) module is a powerful analytics and alerting engine that enables correlation across multiple event types. Archivers manage long-term data storage

  • Identifies Advanced Threats

    Looks for a myriad of behavioral indicators to identify attacks that evade signature- and rules-based monitoring tools.

  • Multiple Use Cases

    Integrated platform which provides advanced cyber threat detection, incident forensics, breach response, compliance reporting and basic security monitoring.

  • No Stone Unturned

    Inspects every network, packet session and log event for threat indicators at time of collection and enriches this data with threat intelligence and business context.

  • Real-Time and Historical Analysis

    Collects and examines multiple pieces of data in real time and over extended periods of time, detects deviations from normal behavior, and creates a probability-weighted risk score for alerts based on these results.