Advanced Persistent Threat Detection

RSA NetWitness® Platform for Threat Defense

The RSA NetWitness Platform for threat defense applies the most advanced technology to detect, prioritize and automate the response to threats in a fraction of the time of other platforms.

  • Detects intrusions that have bypassed log-centric SIEMs and preventative controls as they’re happening, so you can contain business impact
  • Exposes the full scope of advanced persistent threats, so you know exactly how to respond
  • Orchestrates and automates investigation and response, tripling the impact of your team

Threat Detection for Advanced Persistent Threats

An advanced persistent threat, also known as an APT, is a sophisticated cyberattack designed to evade traditional, signature-based security tools and linger in an organization’s environment undetected. Advanced persistent threats can go undetected for months or more; during that time, attackers become intimately familiar with an organization’s network, its security controls and the location of its sensitive data. APTs typically result in data theft.

The RSA NetWitness Platform for threat defense applies a unique combination of network traffic analysis, behavioral analysis, endpoint analysis, data science techniques and threat intelligence to detect advanced persistent threats and other targeted attacks and to automate threat response. It exposes the full scope of APTs and other attacks by providing unparalleled network and endpoint visibility, connecting incidents over time, and delivering deeper insights to analysts through automation and machine learning.

Organizations Struggle to Detect Advanced Persistent Threats

Featured Resources


11 Reasons to Love RSA NetWitness 11.x

RSA NetWitness 11.x provides several significant enhancements and new functionality to address customers' needs. Take a look at eleven reasons to love RSA NetWitness 11.x.

Learn More

Solution Brief

The RSA NetWitness Platform for Threat Defense

Get the inside scoop on the features and capabilities that differentiate the RSA NetWitness Platform for threat defense.

Read Now



Rapid and Automated Investigations

By analyzing data from across your organization’s entire IT infrastructure (both on premises and in the cloud), the RSA NetWitness Platform for threat defense allows analysts to natively and visually reconstruct network attacks and data exfiltration attempts in their entirety.


Integrated Threat Intelligence and Business Context

The RSA NetWitness Platform for threat defense automatically weaves threat intelligence and business context into the incident management lifecycle, making it far easier to prioritize threats based on their potential impact to your businesses.


Automated User and Entity Behavior Analytics (UEBA)

Our unique advanced analytics engine looks for potentially malicious issues across disparate data sets and correlates data across full network packets and endpoints, all prime attack vectors for today’s advanced persistent threats.


Pervasive Visibility

The only solution that combines threat detection analytics, automated response and pervasive visibility across your network and endpoints in a single platform. The RSA NetWitness Platform for threat defense eliminates your security team’s blind spots and allows you to see far beyond what your log-centric SIEM can detect.


Faster Data Retrieval

Raw data is parsed into metadata and sessionized at capture time to support security analytics and event reconstruction. A highly intuitive and blazing fast user interface speeds data retrieval during investigations.



Proactive Threat Detection

Provides visibility across all internal and external network traffic, all the way down to individual endpoint processes, so that you can detect and respond to threats before they disrupt your business. Identifies high-risk indicators of compromise (e.g., advanced persistent threat domains, suspicious proxies, malicious networks and malware behaviors) and new attack methods.


Detailed Attack Reconstruction

Accelerates detailed reconstruction of attacks occurring across your network and endpoints so that analysts can more quickly grasp the full scope of an attack campaign. Armed with these insights, security teams can implement more effective remediation and response plans.


Proactive Endpoint Protection

Makes it easy to find active intrusions inside your network so that you can catch them before these attacks reach your endpoints.


Comprehensive Threat Tracking

Allows you to persistently track threats across all phases of the attack cycle, without blind spots.

The RSA NetWitness Platform for threat defense encompasses network security and monitoring, endpoint detection and response, security automation and orchestration, and user and entity behavior analytics.

Endpoint Security

RSA NetWitness Endpoint

Learn More

User and Entity Behavior Analytics

RSA NetWitness UEBA Essentials

Learn More

For Grupa Azoty, Poland’s largest chemical manufacturer, protecting its chemical information and intellectual property from falling into the wrong hands is of paramount importance. The company chose the RSA NetWitness Platform for the visibility it provides and because it complements existing security infrastructure.



3 Keys to Faster Threat Response

Threats move fast. You have to move faster. See what capabilities you need to quickly recognize the nature of a threat and implement a definitive response to it.

Learn More


5 Tools to Boost Your Security Team’s Impact

Download this short guide to find out how to equip your security team to see threats anytime, anywhere they’re hiding, to detect the full scope of attacks and respond to them faster.

Learn More


Use Cases

  • Malicious Protocols: Gh0st Rat Find out how RSA NetWitness Endpoint can uncover the Gh0st Rats hiding on your machines.
  • Remote Access: Web Shells Discover how RSA NetWitness Logs and RSA NetWitness Network provide full visibility into all stages of a web shell attack.
  • Dynamic DNS: Data Exfiltration RSA NetWitness Logs and RSA NetWitness Network provide full visibility into the network traffic associated with Dynamic DNS, a method for hosting IP addresses that attackers frequently use to steal data.
  • Spear Phishing Learn how the solutions that comprise the RSA NetWitness Platform for threat defense can help you detect phishing attacks.
  • Drive-By Download The RSA NetWitness Platform for threat defense provides the visibility across network, log, netflow and endpoint activity that you need to detect drive-by download attacks.


  • Closing the Skills Gap Security teams need to leverage technology more than ever to close the skills gap and stay on top of attackers.
  • RSA NetWitness Platform On-Demand Demo Video Learn how the RSA NetWitness Platform can help you detect and defend against a phishing attack by leveraging logs, packets, endpoint data and threat intelligence in this demo video.


White Papers

Want a Demo?

Sign up for a free demo today and watch our products in action.

Ready to Buy?

It's easy. Speak with an RSA expert anytime to request a quote.