RSA Netwitness

RSA NetWitness: A revolutionary network security monitoring platform that provides enterprises with situational awareness of everything happening on the network to solve a wide range of information-security challenges.

The RSA NetWitness platform offers a scalable, distributed infrastructure with real-time fusion of global threat intelligence that adapts to changing operational requirements.

RSA NetWitness Decoder

Capture, reconstruct, and sessionize all network traffic up to Layer 7 enabling users to collect, filter, and analyze data in infinite dimensions.

RSA NetWitness Concentrator and Broker

Index metadata extracted from network traffic across the RSA NetWitness infrastructure for enterprise-wide querying and real-time analytics while facilitating reporting and alerting.

RSA NetWitness Capacity

Deploy a modular-capacity architecture, via direct-attached capacity or SAN, that adapts to your security and data-retention demands.

RSA NetWitness Features

Icon: Radar Screen

Achieve Pervasive Visibility

Obtain situational awareness into the content of all network traffic and discrete behavior of entities operating across the network.
Icon: Red Road Sign with Exclamation Point

Detect Advanced Threats

Identify insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data exfiltration, and continuous monitoring of security controls.
Icon: Magnifying Glass over Digital Data.

Obtain Actionable Intelligence

Perform real-time, free-form contextual analysis of network and log data captured and reconstructed by the NetWitness network security monitoring platform.
Icon: Clock with Red Arrow Moving Toward Center


Leverage the scalability and powerful analytics of the NetWitness platform to automate processes, reduce incident time, and adapt to changing threats.

RSA NetWitness Use Cases

Organizations in a variety of market sectors have deployed RSA NetWitness solutions to solve a wide range of information security challenges.
  • RSA NetWitness Continuous Monitoring: Operate your controls within acceptable risk and compliance expectations.
  • RSA NetWitness Data Leakage: Protect your intellectual property with pervasive visibility into your network.

  • RSA NetWitness Incident Response: Know everything happening across the network to respond immediately to new threats with clear answers.

  • RSA NetWitness Energy: Secure your critical infrastructure from potential advanced attacks with an actionable understanding of everything happening on your network.

  • RSA NetWitness Financial Services: Secure your sensitive data by gaining full visibility and receive regulatory compliance reports on a variety of categories pertinent to you.

  • RSA NetWitness Government: Secure your sensitive data by gaining full visibility and receive regulatory compliance reports on a variety of categories pertinent to you.

  • RSA NetWitness Healthcare: Protect patient information from advanced threats and their associated risks by understanding who and what are on your network.

  • RSA NetWitness High Tech: Actively monitor your intellectual property from cyber criminals by recording everything happening on your network and increase your security measures.

  • RSA NetWitness Retail: Know and see everything happening on your network at any time with a platform providing full visibility to identify and monitor advanced threats.

RSA NetWitness Applications

The RSA NetWitness application suite provides a powerful analytical workbench to investigate incidents, identify advanced threats on your network, and answer security questions.
  • RSA NetWitness for Logs: Deliver innovative security analytics in a merged view of network and log data sources with external threat intelligence over a scalable platform.

  • RSA NetWitness Informer: Provide enterprisewide visualization, alerting, reporting, and trending for every session, communication, service, application, and user activity.

  • RSA NetWitness Investigator: Perform real-time, free-form contextual analysis of network data captured and sessionized by RSA NetWitness.

  • RSA NetWitness Live: Accelerate your security operations center by minimizing the time it takes to identify, assess, and respond to incidents and advanced threats.

  • RSA NetWitness SDK/API: Develop any application that leverages the RSA NetWitness network capture infrastructure and application framework to solve unique IT risk challenges.

  • RSA NetWitness SIEMLink: Enable instant integration of the RSA NetWitness network-monitoring platform with SIEM and other existing enterprise security technologies.

  • RSA NetWitness Spectrum: Extract every executable automatically and analyze utilizing distinct investigation techniques for identification of malware, APTs, and zero-day threats.

  • RSA NetWitness Visualize: Render any object such as audio, documents, images, and video on the network for security visualization and interrogation over large data volumes.