RSA NetWitness Endpoint: EDR Product Overview and Insight

Thursday Jun 22nd 2017 by Drew Robb
Share:

We review RSA NetWitness Endpoint, an EDR solution that uses behavior analytics, machine learning and threat intelligence to detect and prioritize threats.

See the complete list of top 10 Endpoint Detection and Response solutions.

Company description: RSA provides more than 30,000 customers worldwide with security tools that protect assets from cyber threats. The company was acquired by EMC a few years ago and is now part of Dell EMC, which is privately held.

Product description: RSA NetWitness Endpoint continuously monitors laptops, desktops, servers and virtual machines to provide visibility and analysis of all threats on an organization's endpoints. It includes root cause analysis of threats, and prioritization of threats. It employs continuous endpoint behavioral monitoring and machine learning to isolate threats.

Markets and use cases: Its top five industry verticals tend to be financial institutions, government entities, healthcare, energy, and telcos. However, customers stretch across multiple industries and verticals.

Agents: RSA NetWitness Endpoint installs an agent on an endpoint.

Applicable metrics: Security analysts can customize any of more than 300 behavioral indicators provided by RSA out-of-the-box.

Security qualifications: Aligns with industry standards from NIST, US-CERT, SANS and VERIS. It leverages FIPS-compliant encryption.

Intelligence: A behavioral-based (file and user) analytics engine and machine learning are part of RSA NetWitness Endpoint. It also leverages live memory analysis, whitelisting and blacklisting, certificate validation, endpoint baselining, organization-customized rulesets, and threat intelligence from RSA, third parties, and the RSA NetWitness Suite community.

Delivery: Agents can be deployed on-premises and off-premises across multiple form factors (e.g., laptop or a Linux virtual machine in the cloud). The RSA NetWitness Endpoint management console resides on-premises on the corporate network with an optional Roaming Agents Relay included to allow for off-premises agents to securely communicate with the console.

Pricing: The primary pricing model is on a "per endpoint” basis, which includes all features as well as a management console and roaming agents relay (for off-premises endpoints to communicate outside the DMZ). Licensing is available on either a perpetual or subscription basis. Pricing can vary based on volume, type of license, etc.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved