RSA NetWitness Endpoint Overview

RSA NetWitness Endpoint is the #21 ranked solution in our list of EDR tools. It is most often compared to Carbon Black CB Defense: RSA NetWitness Endpoint vs Carbon Black CB Defense

What is RSA NetWitness Endpoint?
RSA NetWitness Endpoint is an endpoint detection and response solution that employs a combination of live memory analysis, continuous behavioral monitoring, and advanced machine learning to detect known, new, unknown, and non-malware threats that other solutions miss entirely. RSA NetWitness Endpoint helps focus investigations amid thousands of alerts and offers 3X the impact for security teams by considerably reducing attacker dwelltime and accelerating threat response.

RSA NetWitness Endpoint is also known as RSA ECAT.

Buyer's Guide

Download the Endpoint Protection (EPP) for Business Buyer's Guide including reviews and more. Updated: April 2021

RSA NetWitness Endpoint Customers
ADP, Ameritas, Partners Healthcare
RSA NetWitness Endpoint Video

Pricing Advice

What users are saying about RSA NetWitness Endpoint pricing:
  • "The cost depends on the number of endpoints that you want to monitor, but it is not expensive."

RSA NetWitness Endpoint Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Dr Trust Tshepo Mapoka
Senior Cybersecurity Consultant at CIA Botswana
Top 5
Nov 9, 2020
Good performance and reporting, and can discover unknown malware using signatureless detection methods

What is our primary use case?

We use this solution to detect indicators of compromise, where incidents that occur are analyzed and given risk scores. For example, if the endpoint is of high risk then it will be indicated in red. By contrast, if it's of low risk then it will be indicated in green. The scoring criteria are what we call the Indicators of Compromise. The overall goal is to detect malware that is affecting the endpoints and then provide a response. It is often used by banks and telecom companies.

Pros and Cons

  • "This solution allows us to locate the malware in real-time."
  • "I would like to see Security Orchestration and Response Automation (SOAR) integration."

What other advice do I have?

This is a product that I recommend. My advice for anybody who is implementing it is to make sure that they have somebody who understands it very well. Having somebody who will configure it properly is the right way to have it generate the output that you want. Also, you have to make sure that all of the endpoints are up to date. They have to be online all of the time so that you're able to have visibility on any compromises that may happen. If an endpoint is instead offline, it becomes difficult to investigate or to monitor compromises or malware. I would also suggest deploying a virtual…
Senior Cyber Security Analyst (SAFe Agile) at a transportation company with 1,001-5,000 employees
Real User
Jan 17, 2020
Good detection rate and tracking features but triaging of incidents needs improvement

What is our primary use case?

We use the solution for the contamination. We detect the incidents and then proceed for the contamination and error notification. For example, there's some intrusion history to the endpoint and there's a partial command that detects the code imbalance. We're able to find it and deal with it.

Pros and Cons

  • "We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
  • "The contamination feature could be improved."

What other advice do I have?

We use the on-premises deployment model. The contamination should be improved. If a new user needs better contamination capabilities, they should use something else. I'd rate the solution seven out of ten. If it offered better triaging of incidents, I'd rate it higher.
Buyer's Guide
Download our free Endpoint Protection (EPP) for Business Report and find out what your peers are saying about RSA, Carbon Black, CrowdStrike, and more!