RSA NetWitness^® Endpoint

Continuous endpoint monitoring

Delivers full visibility into all processes, executables, events and behavior on all of your endpoints, including servers, desktops, laptops and virtual machines. This deep visibility provides an organization-wide view of your endpoints so your security team can better manage the full attack lifecycle and incident response investigations.

Rapid data collection

Collects full endpoint inventories and profiles in minutes with no discernible impact on end-user productivity, using an extremely lightweight endpoint agent. RSA NetWitness Endpoint delivers immediate insights, response actions and metadata ingestion from both Windows logs and endpoint core processes.

Scalable and efficient solution

RSA NetWitness Endpoint provides a single, tamper-proof agent that scales easily and quickly from hundreds to hundreds of thousands of endpoints. All data storage and most analysis occur on the RSA NetWitness Endpoint database, which ensures data integrity and drastically reduces endpoint impact.

Integrated behavior-based detection

Industry’s first embedded endpoint-based UEBA creates a baseline for your organization’s normal endpoint behavior and rapidly detects deviations that may indicate a threat. RSA NetWitness Endpoint then scores and prioritizes incidents based on potential threat level using UEBA monitoring capabilities and an advanced machine learning algorithm.

Intelligent and automated processes

Automatically collects and analyzes endpoint processes, executables and more and then records data about every critical action surrounding the unknown item to apply advanced analysis and determine the threat’s potential impact and prioritization.