• Leads to significant reductions in cyber threat detection, investigation, response and remediation times.

  • ​Detects both the “covert channels” attackers use to deliver malware to victims as well as communication between command-and-control (C2) sites and compromised hosts. This helps security teams spot advanced persistent threats earlier in the attack cycle, thereby reducing the amount of time those threats lurk on the network and greatly mitigating their impact.

  • ​Slashes the number of incidents to investigate from the thousands to low dozens while yielding more accurate alerts, minimizing false positives and eliminating the “noise” stemming from traditional security monitoring systems.

  • ​Alleviates resource burdens on under-staffed security teams by automating cyber threat detection.


  • Processes Data from Multiple Sources

    Fully integrated with RSA NetWitness Logs & Packets and RSA NetWitness Endpoint. Inspects every network, packet session, log event and endpoint for threat indicators at time of collection and enriches this data with threat intelligence and business context.

  • Real-Time and Historical Analysis

    Collects and examines multiple pieces of data in real time and over extended periods of time to determine the full scope of a cyber attack.

  • Statistical Analysis and Machine Learning

    Applies statistical analysis to all data and uses modular machine learning techniques to speed cyber threat detection and response. Identifies suspicious activity in a number of ways, by looking for specific threat indictors and by distinguishing deviations from normal network and endpoint behavior.

  • Turnkey Capabilities

    Includes more than 300 advanced rules and data science models that analysts can use out of the box or customize. Requires no advanced knowledge of specific attacks and does not rely on signatures, rules or analyst tuning. Easily incorporates YARA rules and STIX data.

  • Intelligent Prioritization

    Rapidly scores and flags suspicious endpoint and network behavior using an intelligent risk-scoring algorithm that combines advanced machine learning techniques, behavioral indicators and aggregated cyber threat intelligence. Prioritizes incidents and provides a clear visual indication of their threat level.

  • Advanced Threat Detection

    Automatically picks up on C2 communications by looking for several indicators, including frequency of communications, bytes uploaded vs. downloaded, use of cookies, use of referrer strings, URL lengths, and more.


Rapidly detect and grasp the
full scope of cyber attacks with RSA NetWitness Suite

Watch the RSA NetWitness Suite detect and defend an organizaton from a phishing attack, one of the most insidious threats we face today. In this demo, you'll see how RSA NetWitness Suite can accelerate incident response times by as much as 3X.

RSA NetWitness Logs & Packets detects threats and discovers cyber attacks that evade log-centric SIEM and signature-based tools. The only solution on the market that correlates full network packets with other security data, RSA NetWitness Logs & Packets allows security teams to better understand and reconstruct attacks, which in turn helps security operations teams implement more effective remediation plans.

RSA NetWitness Endpoint is an endpoint security tool that continuously monitors desktops, laptops, servers and other endpoints on and off your network. It collects full endpoint inventories and profiles in minutes, with no discernible impact on end-user productivity. Instead of relying on fallible signatures and rules to detect threats, RSA NetWitness Endpoint leverages behavioral analytics capabilities to identify new, unknown and targeted attack methods.

Find out how RSA NetWitness Logs & Packets uses security analytics to automate detection of malicious command-and-control communications.

See how the security analytics capabilities provided by NetWitness Logs & Packets can uncover an attacker’s covert lateral movement inside an organization.

Advanced persistent threats don’t openly advertise themselves. They hide among all the other activities taking place in today’s complex IT environments and are built off the assumption that security teams lack both the tools and time to discover them. Prove attackers wrong with the security analytics capabilities of RSA NetWitness Logs & Packets.