KuppingerCole Report
Executive View
By Alexei Balaganski

RSA NetWitness® Suite

RSA NetWitness Suite is a security monitoring solution that combines log and network traffic analysis with endpoint-based visibility and automated threat intelligence to detect and investigate sophisticated cyber-attacks.

1 Introduction

RSA is a computer and network security company headquartered in Bedford, Massachusetts, USA. Founded in 1982 by Ron Rivest, Adi Shamir and Len Adleman – the developers of the RSA public key cryptography algorithm, the company has strong roots in cryptography and is probably best known for RSA SecurID®, one of the most popular hardware token-based methods of two-factor authentication. In 2006, RSA was acquired by EMC Corporation and has been operating as a division within EMC. After the acquisition of EMC by Dell was finalized in September 2016, it has been announced that RSA became a direct subsidiary of Dell Technologies and will continue operating with enough autonomy to keep maintaining their own product ecosystem.

With over 1300 employees and regional offices in over 70 countries, RSA has a strong global presence, serving more than 30000 customers worldwide across all major industry verticals, including government and defense, financial services, utilities and many others. RSA Conference, an annual event organized by the company, is recognized as one of the leading conferences in the field of information security. Currently, the company offers a wide range of technology and business solutions in such areas as identity assurance, GRC (governance, risk and compliance), fraud detection and information protection, as well as security analytics and operations. In addition, the company provides consulting and advisory services.

With the continued adoption of mobile and cloud services and the profound impact of digital technologies on business models and processes (the notorious Digital Transformation), organizations are finding it increasingly difficult to protect their IT systems from attacks. As the very notion of the corporate perimeter has almost eroded, traditional security controls are no longer able to detect the increasingly sophisticated methods cyber criminals are using to mimic normal user behavior and to infiltrate corporate networks. Even worse, many of those criminals may, in fact, be malicious insiders.

All this has led to a massive paradigm shift in information security from perimeter protection towards monitoring and detecting malicious activities within networks in real time. A new generation of security analytics tools has emerged recently, utilizing machine learning and Big Data analytics to correlate large amounts of security data collected across the corporate infrastructure and enrich them with additional context data and external threat intelligence. In the end, a security researcher can deal with a manageable number of relevant security incidents, ranked by severity and enriched with valuable forensic information. As opposed to traditional log-centric SIEM solutions or signature-based antimalware tools, these Real-Time Security Intelligence solutions provide a unified real-time overview of the corporate security posture across endpoints, networks and services and enable early detection and mitigation of cyber-attacks to minimize the damage.

RSA has been active in this market segment for quite some time, offering a complete security analytics solution recently rebranded as RSA NetWitness Suite. The product provides a unified platform for log, network packet and NetFlow analytics recently expanded to include endpoints and to support incident remediation workflows. Provided as fixed high-performance hardware appliances, consumption-based appliances or software only versions, suitable for both hardware independent or virtual machine deployments, the solution is capable of meeting the most demanding scalability and high availability requirements regardless of the deployment model.

2 Product Description

RSA NetWitness Suite (formerly RSA Security Analytics) is a threat detection and response solution that helps analysts detect and investigate threats ...

Login Get full Access

3 Strengths and Challenges

RSA NetWitness Suite combines log, network traffic and endpoint analytics to enable real-time detection and investigation of sophisticated cyber-attac ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.