RSA NetWitness UEBA

Spot insider threats and external attackers exploiting compromised credentials BEFORE those activities lead to a data breach. RSA NetWitness UEBA:

  • Leverages user, network AND endpoint behavior profiling to identify abnormal behaviors
  • Detects abuse and misuse of privileged accounts, brute force attacks, account manipulation and other malicious activities
  • Requires no customization, ongoing care, or rule authoring, creation or adjustment

What Is UEBA?

UEBA, which stands for user and entity behavior analytics, is software that analyzes user activity data from logs, network traffic and endpoints and correlates this data with threat intelligence to identify activities—or behaviors—likely to indicate a malicious presence in your environment. It uses machine learning technology to baseline “normal” behavior and get smarter over time, and applies both static rules and statistical analysis to rapidly and accurately detect suspicious activity. Using such advanced technology and statistical models, UEBA is a force multiplier for security teams struggling to stay on top of today’s advanced, targeted threats.

The Case for UEBA

Organizations Struggle to Detect Advanced Persistent Threats

Featured Resources

Data Sheet

RSA NetWitness UEBA

Get this two-page summary of the features, benefits and capabilities of RSA NetWitness UEBA.

Read the Data Sheet

Case Study

RSA NetWitness UEBA Use Cases

Learn why traditional SIEM technolgy isn't enough for modern security environments, and how an evolved SIEM can accelerate threat detection and response.

Learn More


Out-of-the-Box Machine Learning

Out-of-the-Box Machine Learning

RSA NetWitness UEBA starts working to accurately identify unusual behavior the moment you turn it on. The zero-touch, turn-key approach means there are no rules to set up, no metadata to customize, no long machine training times, and no need to continually tune the underlying models.

Innovative Risk Scoring

Innovative Risk Scoring

Rather than alerting on any and all abnormal behaviors, RSA NetWitness UEBA aggregates multiple indicators of suspicious activity and applies a dynamic, statistical risk-scoring mechanism to them. When the risk score exceeds established thresholds, only then does the system produce a high-fidelity alert.

Scalable Platform

Scalable Platform

RSA NetWitness UEBA scales to process billions of events per day and analyze hundreds of thousands of organizational entities. Data collection, enrichment, analysis and investigation capabilities can be streamed or batch loaded on a Hadoop infrastructure.

Intelligent Peer Grouping

Intelligent Peer Grouping

Since user behavior varies based on individuals’ roles, the type of work they do, their locations and other factors, users shouldn’t be lumped into a single group to create a behavior baseline. RSA NetWitness UEBA uses machine learning to create peer groups and detect deviations within them.


Automated, Continuous Threat Detection

RSA NetWitness UEBA never stops monitoring the huge volume of log, network and endpoint security data that organizations produce. As part of the RSA NetWitness Platform, it correlates its behavioral analysis with threat intelligence and business context to produce focused, actionable alerts for SOC analysts that help to reduce mean time to investigate and respond.

Comprehensive Detection of Unknown Threats

Patented machine learning algorithms alert analysts to a wide variety of threats including compromised accounts, command and control activity, data exfiltration and staging, lateral movement, advanced malware, shared user credentials, privileged user account abuse, geolocation and remote access anomalies, and snooping and reconnaissance.

More Efficient, Effective Analysts

RSA NetWitness UEBA zeros in on suspicious behavior and applies its advanced risk scoring engine to identify and filter the highest priority threats, resulting in fewer false positives and higher-fidelity alerts that are easier for analysts to understand and act upon.

Faster Investigations

RSA NetWitness UEBA accelerates detection and investigation by correlating disjointed events and identifying abnormal activities and user threats in a single user interface. It provides analysts with all the information they need in one spot to rapidly investigate a threat.

RSA NetWitness UEBA Essentials

RSA NetWitness UEBA Essentials is a free, out-of-the-box offering for RSA NetWitness Logs and RSA NetWitness Network customers. In contrast to the advanced capabilities of RSA NetWitness UEBA, which helps to detect unknown threats, RSA NetWitness UEBA Essentials provides detection rules for known, static indicators, in addition to advanced correlation rules and “light” machine learning capabilities.

“We selected RSA NetWitness [Platform] because we found that it absolutely leaves no stone unturned. It uses behavioral indicators to identify attacks that are normally undetected by signature and rules-based monitoring tools.”
Yumiko Matsubara
Security Architecture Manager

Recruit Technologies Co. Ltd.

RSA NetWitness UEBA is an integral part of the RSA NetWitness Platform evolved SIEM. In addition to RSA NetWitness UEBA, the RSA NetWitness Platform evolved SIEM consists of RSA NetWitness Network, RSA NetWitness Logs, RSA NetWitness Endpoint and RSA NetWitness Orchestrator. Together, these solutions deliver the industry’s most complete visibility across logs, network and endpoint data, helping to expose the full scope of attacks and make security analysts more efficient and effective through automation and advanced analytics.



RSA NetWitness® UEBA

Find out how RSA NetWitness UEBA can help you strike back at security threats with threat detection firepower fueled by full automation and 100% machine learning.

Learn More


5 Tools to Boost Your Security Team’s Impact

Download this short guide to find out how to equip your security team to see threats anytime, anywhere they’re hiding, to detect the full scope of attacks and respond to them faster.

Learn More


  • 3 Keys to Faster Threat Response Threats move fast. You have to move faster. See what capabilities you need to quickly recognize the nature of a threat and implement a definitive response to it.


  • 11 Reasons to Love RSA NetWitness 11.x RSA NetWitness 11.x provides several significant enhancements and new functionality to address customers' needs. Take a look at eleven reasons to love RSA NetWitness 11.x.

Solution Briefs

  • NetWitness Platform Solution Brief Learn how the RSA NetWitness Platform can help you address cloud security and today’s sophisticated cyber threats, all while enhancing your analysts’ efficiency and effectiveness.
  • RSA NetWitness Evolved SIEM Learn why traditional SIEM technolgy isn't enough for modern security environments, and how an evolved SIEM can accelerate threat detection and response.

Use Cases

  • RSA Netwitness UEBA Use Cases Discover how RSA NetWitness UEBA provides comprehensive, behavior-based detection of unknown threats to address a wide range of use cases.


  • Closing the Skills Gap Security teams need to leverage technology more than ever to close the skills gap and stay on top of attackers.

White Papers

Want a Demo?

Sign up for a free demo today and watch our products in action.

Ready to Buy?

It's easy. Speak with an RSA expert anytime to request a quote.