• ​Organizations can deploy RSA NetWitness Logs & Packets across diverse network typologies and geographies, and scale it according to their data capture and performance requirements.

  • ​Automated behavior analytics provides insight into attacker tactics, techniques and procedures as they execute their attacks.

  • ​Recreates full sessions (web browsing, FTP, email, etc.) so that analysts can literally see what happened during an attack (including what was stolen during an exfiltration) and identify root causes.


  • Flexible, Scalable Architecture

    Consists of three components which can be deployed virtually, on premise, in the cloud or using a hybrid approach: The capture infrastructure, which consists of a highly configurable Decoder that captures and stores raw log and packet data; a Concentrator that stores and indexes metadata for fast queries and retrieving raw data; and a broker that facilitates queries across a multisite deployment of Concentrators and Decoders. The analysis and retention infrastructure, which is made up of an Archiver that manages long-term data storage and an Event Stream Analysis (ESA) engine that processes high volumes of disparate event data and executes machine learning algorithms in real time. The security analytics server.

  • Identifies Advanced Threats

    Looks for myriad behavioral indicators to identify attacks that evade signature- and rules-based monitoring tools.

  • Multiple Use Cases

    Integrated platform which provides advanced cyber threat detection, incident forensics, breach response, compliance reporting and basic security monitoring.

  • No Stone Unturned

    Inspects every network, packet session and log event for threat indicators at time of collection and enriches this data with threat intelligence and business context.

  • Real-Time and Historical Analysis

    Collects and examines multiple pieces of data in real time and over extended periods of time, detects deviations from normal behavior, and creates a probability-weighted risk score for alerts based on these results.