RSA NetWitness Suite: Threat Intelligence Product Overview and Insight

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See the complete list of top threat intelligence companies.

Company Description

RSA was founded in 1982 and acquired by EMC in 2006. EMC was acquired by Dell in 2016 and became a Dell Technologies business.

Product Description

  • RSA NetWitness Suite is a threat detection and response platform that allows security teams to rapidly detect and understand the scope of a compromise by leveraging logs, packets, NetFlow, endpoints and threat intelligence.
  • By aligning business context with security risks, it can analyze, prioritize, and investigate threats, a process that improves security analysis by three-fold. Threat Intelligence is included as part of ongoing support at no additional charge.
  • RSA Live provides customers access to over two dozen feeds as part of their maintenance and support agreement. These intelligence feeds are populated from RSA’s FirstWatch team, direct inputs from RSA’s Incident Response activities, and threat research and open source intelligence.
  • The suite also allows customers to create or import their own relevant intel into the system to generate alerts and provide further insight for analysts. RSA Live Connect, a community-based threat intelligence crowdsourcing platform, enables organizations to share anonymized threat intelligence with the broader user community in real time.

“A Threat Intelligence Platform should enable organizations to aggregate, correlate and analyze threat intelligence data from across multiple, disparate data sources in real time,” said Mike Adler, Vice President of Products, NetWitness, RSA. “It should be able to be consumed by other technologies so that security teams can identify how relevant the threat is to their organization.”


RSA NetWitness Logs and Packets is agentless. There is an endpoint detection and response capability in the suite, RSA NetWitness Endpoint, which is an agent server architecture.

Markets and Use Cases

RSA protects millions of users around the world and helps more than 90% of the Fortune 500. Its top 3 industry verticals are financial institutions, governments and oil/gas/energy/telcos.

Applicable Metrics

It is rated to sustain log ingest of 30,000 EPS per system, to sustain packet ingest up to 10 Gbps per system and to support up to 100,000 endpoints per system. Each of these systems can be scaled out and there is no limit to how much can be collected across the Enterprise.?

Security Qualifications

The suite is EAL2+, is accredited by the U.S. government, and is recognized via the Common Criteria certification. It supports running in “FIPS mode” so that only FIPS-approved crypto algorithms and methods are used.


Features machine learning, behavioral analysis, and advanced threat intelligence. It provides role-based orchestration and workflow. A streaming analytics engine performs analysis on network, log and endpoint events.


It can function on premises, in private clouds, on virtual machines, or in the public cloud.


Throughput Perpetual license: RSA NetWitness Logs and Packets each have 5 tiers that start at $27,800 per throughput unit per year (50 GB/day for Logs, 1 TB/day for Packets). Subscription license: RSA NetWitness Logs (and Packets) has 10 tiers that start at $919 per throughput unit per month (50 GB/day for Logs, 1 TB/day for Packets). Threat intelligence is included at no extra charge.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis