RSA NetWitness Endpoint: EDR Product Overview and Insight

See the complete list of top 10 Endpoint Detection and Response solutions.

Company description: RSA provides more than 30,000 customers worldwide with security tools that protect assets from cyber threats. The company was acquired by EMC a few years ago and is now part of Dell EMC, which is privately held.

Product description: RSA NetWitness Endpoint continuously monitors laptops, desktops, servers and virtual machines to provide visibility and analysis of all threats on an organization’s endpoints. It includes root cause analysis of threats, and prioritization of threats. It employs continuous endpoint behavioral monitoring and machine learning to isolate threats.

Markets and use cases: Its top five industry verticals tend to be financial institutions, government entities, healthcare, energy, and telcos. However, customers stretch across multiple industries and verticals.

Agents: RSA NetWitness Endpoint installs an agent on an endpoint.

Applicable metrics: Security analysts can customize any of more than 300 behavioral indicators provided by RSA out-of-the-box.

Security qualifications: Aligns with industry standards from NIST, US-CERT, SANS and VERIS. It leverages FIPS-compliant encryption.

Intelligence: A behavioral-based (file and user) analytics engine and machine learning are part of RSA NetWitness Endpoint. It also leverages live memory analysis, whitelisting and blacklisting, certificate validation, endpoint baselining, organization-customized rulesets, and threat intelligence from RSA, third parties, and the RSA NetWitness Suite community.

Delivery: Agents can be deployed on-premises and off-premises across multiple form factors (e.g., laptop or a Linux virtual machine in the cloud). The RSA NetWitness Endpoint management console resides on-premises on the corporate network with an optional Roaming Agents Relay included to allow for off-premises agents to securely communicate with the console.

Pricing: The primary pricing model is on a “per endpoint” basis, which includes all features as well as a management console and roaming agents relay (for off-premises endpoints to communicate outside the DMZ). Licensing is available on either a perpetual or subscription basis. Pricing can vary based on volume, type of license, etc.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Related articles