RSA NetWitness Endpoint: EDR Product Overview and Insight

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See the complete list of top 10 Endpoint Detection and Response solutions.

Company description: RSA provides more than 30,000 customers worldwide with security tools that protect assets from cyber threats. The company was acquired by EMC a few years ago and is now part of Dell EMC, which is privately held.

Product description: RSA NetWitness Endpoint continuously monitors laptops, desktops, servers and virtual machines to provide visibility and analysis of all threats on an organization’s endpoints. It includes root cause analysis of threats, and prioritization of threats. It employs continuous endpoint behavioral monitoring and machine learning to isolate threats.

Markets and use cases: Its top five industry verticals tend to be financial institutions, government entities, healthcare, energy, and telcos. However, customers stretch across multiple industries and verticals.

Agents: RSA NetWitness Endpoint installs an agent on an endpoint.

Applicable metrics: Security analysts can customize any of more than 300 behavioral indicators provided by RSA out-of-the-box.

Security qualifications: Aligns with industry standards from NIST, US-CERT, SANS and VERIS. It leverages FIPS-compliant encryption.

Intelligence: A behavioral-based (file and user) analytics engine and machine learning are part of RSA NetWitness Endpoint. It also leverages live memory analysis, whitelisting and blacklisting, certificate validation, endpoint baselining, organization-customized rulesets, and threat intelligence from RSA, third parties, and the RSA NetWitness Suite community.

Delivery: Agents can be deployed on-premises and off-premises across multiple form factors (e.g., laptop or a Linux virtual machine in the cloud). The RSA NetWitness Endpoint management console resides on-premises on the corporate network with an optional Roaming Agents Relay included to allow for off-premises agents to securely communicate with the console.

Pricing: The primary pricing model is on a “per endpoint” basis, which includes all features as well as a management console and roaming agents relay (for off-premises endpoints to communicate outside the DMZ). Licensing is available on either a perpetual or subscription basis. Pricing can vary based on volume, type of license, etc.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required