Detect and Respond to Advanced Cyber Threats

Organizations that uncover cyber attacks in their earliest stages and mobilize a definitive response greatly reduce the financial, operational and reputational impacts of these events.

Advanced Threat Detection & Response

We offer a complete set of products and services designed to help you identify and respond to even the most sophisticated cyber attacks before they disrupt your business.

Advanced Threat Detection & Response

We offer a complete set of products and services designed to help you identify and respond to even the most sophisticated cyber attacks before they disrupt your business.

RSA NetWitness® Logs & Packets

Reduce the amount of time it takes to spot, investigate and remediate cyber threats with a single, unified SIEM platform that processes security data from a wide range of sources in real time.

RSA NetWitness® Endpoint

Cut the cost, time and scope of cyber incident response by monitoring activity across all of your endpoints, on and off your network, and by blocking malicious files with one action.

RSA NetWitness® SecOps Manager

Bring focus, discipline and speed to your security operations center and manage your end-to-end cyber incident response process with consistency and rigor.

RSA Incident Response Practice

Minimize the financial, operational and reputational impact of a cyber attack with swift, sure incident response services from RSA.

RSA Archer® IT & Security Risk Management

Determine which technology assets are most critical to your business so that you can prioritize investigations and focus on protecting what matters most.


Aggregates threat intelligence from RSA’s research, engineering and incident response teams, as well as external sources.

Leverages best practices and industry standards from NIST, US-CERT, SANS and VERIS.

Move from reactive to proactive and preemptive threat detection and cyber incident response.

​Leads to tangible reductions in cyber threat detection, investigation, response and remediation times, with customers reporting detection and investigation times dropping from days to hours and from hours to minutes.

Provides quantitative data about your company’s cybersecurity posture, allowing you to answer tough questions from top executives and helping you make a compelling business case for budget increases or operational improvements.

Applies a unique combination of behavior analytics, data science techniques and machine learning algorithms to identify attack indicators and other suspicious activity and to minimize false positives.




  • Your Journey to the Cloud: Challenges & Keys to Securing the Trip Each organization’s journey to the cloud is unique, but those journeys are more frequently being driven by business rather than technology needs. Consequently, security teams are put in an awkwardly reactive posture. The momentum driving organization’s deeper into the cloud, coupled with the need to secure a hybrid cloud and on-prem environment, present distinct challenges and threats. So what are the implications for security and what does the future hold?
  • Incident Response Services and Your Security Strategy Organizations are beginning to understand the role incident response plays in their broader cybersecurity strategy: The faster they can respond to a threat, the sooner they can recover from it and limit its business impact. Yet many organizations lack adequate internal resources to bolster their incident response capabilities.

White Papers

  • Closing the Skills Gap with Analytics and Machine Learning Everyone is aware of the shortage of skilled security professionals and that the problem will continue to grow. A report from Frost & Sullivan and (ISC) estimates there will be more than 1.5 million unfilled cyber security positions across the globe by 2020. Since we can't throw more people at evolving cyber security challenges, this white paper addresses multiple approaches you can use to integrate and automate across systems to better enable the security professionals you do have.


  • BUSINESS-DRIVEN SECURITY: THREAT DETECTION & RESPONSE You have a lot of options if you’re implementing or augmenting a threat detection and response program. There are many viable vendors and options, and some fairly diverse approaches to the process. At RSA, our view is clear. We espouse the idea of Business-Driven Security – integrating security as a core part of your business. We believe this approach improves security in two important dimensions. It makes security teams more operationally effective and empowers teams to more strategically manage security risks. Business-Driven Security is an important evolution in the way organizations think about protecting their IT infrastructure, driven by rapid changes inside and outside an organization, and the fact that legacy approaches to security have become far less effective.
  • 5 Tools to Boost Your Security Team's Impact Infographic If you think the only way to crush today’s cyber threats is to hire more staff, think again. With threats going and talent in short supply, look for the ways to power up the staff you already have.
  • The 3 Keys to Faster Threat Response Infographic Make sure your team can outrace the next cyber threat, with a threat detection and response solution that delivers the insights they need to see threats coming sooner and drive them off faster.
"My favorite thing about NetWitness is the great forensics capability, that it can deep-dive into payloads before and after a security event. In addition, you get more information from the same device. For example, if you receive firewall logging information, you actually get more from NetWitness than any other SIEM that I have."
​Bob Cheong
​Former CISO

Los Angeles World Airports