RSA NetWitness Endpoint: EDR Product Overview and Insight

Drew Robb

See the complete list of top 10 Endpoint Detection and Response solutions.

Company description: RSA provides more than 30,000 customers worldwide with security tools that protect assets from cyber threats. The company was acquired by EMC a few years ago and is now part of Dell EMC, which is privately held.

Product description: RSA NetWitness Endpoint continuously monitors laptops, desktops, servers and virtual machines to provide visibility and analysis of all threats on an organization’s endpoints. It includes root cause analysis of threats, and prioritization of threats. It employs continuous endpoint behavioral monitoring and machine learning to isolate threats.

Markets and use cases: Its top five industry verticals tend to be financial institutions, government entities, healthcare, energy, and telcos. However, customers stretch across multiple industries and verticals.

Agents: RSA NetWitness Endpoint installs an agent on an endpoint.

Applicable metrics: Security analysts can customize any of more than 300 behavioral indicators provided by RSA out-of-the-box.

Security qualifications: Aligns with industry standards from NIST, US-CERT, SANS and VERIS. It leverages FIPS-compliant encryption.

Intelligence: A behavioral-based (file and user) analytics engine and machine learning are part of RSA NetWitness Endpoint. It also leverages live memory analysis, whitelisting and blacklisting, certificate validation, endpoint baselining, organization-customized rulesets, and threat intelligence from RSA, third parties, and the RSA NetWitness Suite community.

Delivery: Agents can be deployed on-premises and off-premises across multiple form factors (e.g., laptop or a Linux virtual machine in the cloud). The RSA NetWitness Endpoint management console resides on-premises on the corporate network with an optional Roaming Agents Relay included to allow for off-premises agents to securely communicate with the console.

Pricing: The primary pricing model is on a “per endpoint” basis, which includes all features as well as a management console and roaming agents relay (for off-premises endpoints to communicate outside the DMZ). Licensing is available on either a perpetual or subscription basis. Pricing can vary based on volume, type of license, etc.

Previous article
SiteLock’s SMART/DB Protects SMB WordPress Websites
Next article
48 Percent of U.S. Companies Using IoT Have Suffered Security Breaches
Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Advertisers

Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.