RSA NetWitness Endpoint: EDR Product Overview and Insight

Drew Robb

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See the complete list of top 10 Endpoint Detection and Response solutions.

Company description: RSA provides more than 30,000 customers worldwide with security tools that protect assets from cyber threats. The company was acquired by EMC a few years ago and is now part of Dell EMC, which is privately held.

Product description: RSA NetWitness Endpoint continuously monitors laptops, desktops, servers and virtual machines to provide visibility and analysis of all threats on an organization’s endpoints. It includes root cause analysis of threats, and prioritization of threats. It employs continuous endpoint behavioral monitoring and machine learning to isolate threats.

Markets and use cases: Its top five industry verticals tend to be financial institutions, government entities, healthcare, energy, and telcos. However, customers stretch across multiple industries and verticals.

Agents: RSA NetWitness Endpoint installs an agent on an endpoint.

Applicable metrics: Security analysts can customize any of more than 300 behavioral indicators provided by RSA out-of-the-box.

Security qualifications: Aligns with industry standards from NIST, US-CERT, SANS and VERIS. It leverages FIPS-compliant encryption.

Intelligence: A behavioral-based (file and user) analytics engine and machine learning are part of RSA NetWitness Endpoint. It also leverages live memory analysis, whitelisting and blacklisting, certificate validation, endpoint baselining, organization-customized rulesets, and threat intelligence from RSA, third parties, and the RSA NetWitness Suite community.

Delivery: Agents can be deployed on-premises and off-premises across multiple form factors (e.g., laptop or a Linux virtual machine in the cloud). The RSA NetWitness Endpoint management console resides on-premises on the corporate network with an optional Roaming Agents Relay included to allow for off-premises agents to securely communicate with the console.

Pricing: The primary pricing model is on a “per endpoint” basis, which includes all features as well as a management console and roaming agents relay (for off-premises endpoints to communicate outside the DMZ). Licensing is available on either a perpetual or subscription basis. Pricing can vary based on volume, type of license, etc.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Previous article

Next article

Drew Robb Avatar
Drew Robb
Drew Robb has contributed to eSecurity Planet and other TechnologyAdvice websites for more than twenty years. He’s covered every aspect of enterprise IT in his career, from the latest trends to in-depth product analysis. He is also the editor-in-chief of an international engineering magazine.

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




IT Security Resources

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis

Related Articles