Senior Cyber Security Analyst (SAFe Agile) at a transportation company with 1,001-5,000 employees
Real User
2022-08-11T09:05:54Z
Aug 11, 2022
I primarily use NetWitness Endpoint to detect anomalies like the presence of web shields that are not detected by traditional antivirus solutions. I also use it for digital forensics and containment.
The product is mainly used for security, log reviews, and monitoring. In India, mostly on the requirement segment, we don't deploy the solution on the cloud. We use the solution on-premises.
RSA NetWitness Endpoint is used to get an instant detection response from network threats. Additionally, it has the capability to do malware analysis and investigations.
We use this solution to detect indicators of compromise, where incidents that occur are analyzed and given risk scores. For example, if the endpoint is of high risk then it will be indicated in red. By contrast, if it's of low risk then it will be indicated in green. The scoring criteria are what we call the Indicators of Compromise. The overall goal is to detect malware that is affecting the endpoints and then provide a response. It is often used by banks and telecom companies.
Senior Cyber Security Analyst (SAFe Agile) at a transportation company with 1,001-5,000 employees
Real User
2020-01-16T08:44:00Z
Jan 16, 2020
We use the solution for the contamination. We detect the incidents and then proceed for the contamination and error notification. For example, there's some intrusion history to the endpoint and there's a partial command that detects the code imbalance. We're able to find it and deal with it.
Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.
We primarily use the solution for NDR.
We use this solution for network security.
I primarily use NetWitness Endpoint to detect anomalies like the presence of web shields that are not detected by traditional antivirus solutions. I also use it for digital forensics and containment.
We are customers of RSA.
The product is mainly used for security, log reviews, and monitoring. In India, mostly on the requirement segment, we don't deploy the solution on the cloud. We use the solution on-premises.
RSA NetWitness Endpoint is used to get an instant detection response from network threats. Additionally, it has the capability to do malware analysis and investigations.
It is our all-in-one platform for logs and packets for our network and for EDR.
We use this solution to detect indicators of compromise, where incidents that occur are analyzed and given risk scores. For example, if the endpoint is of high risk then it will be indicated in red. By contrast, if it's of low risk then it will be indicated in green. The scoring criteria are what we call the Indicators of Compromise. The overall goal is to detect malware that is affecting the endpoints and then provide a response. It is often used by banks and telecom companies.
We are using this solution as a network forensic tool with other security devices such as IPS and SIEM.
We use the solution for the contamination. We detect the incidents and then proceed for the contamination and error notification. For example, there's some intrusion history to the endpoint and there's a partial command that detects the code imbalance. We're able to find it and deal with it.
We've been using this solution for three years now for endpoint detection and response.
We are using it as a SIEM tool.
It is mainly for market analysis. It has been performing exceedingly well.