NetWitness Endpoint

NetWitness Endpoint is an endpoint detection and response (EDR) solution designed to provide deep visibility into the security state of endpoints. According to the vendor, this solution is primarily targeted at small, medium, and large enterprises and is used by IT Security Managers, Security Analysts, Incident Response Teams, as well as professionals in the Financial Services and Healthcare industries.

Key Features

Endpoint detection and response (EDR): NetWitness Endpoint monitors activity across all endpoints, providing deep visibility into their security state. According to the vendor, it prioritizes alerts for new and non-malware attacks, aiming to reduce dwell time and improve incident response.

Empowers security teams: According to the vendor, NetWitness Endpoint provides critical data for understanding the breadth of an attack and enables effective forensic investigations.

Reduces attack dwell time: The solution performs fast root cause analysis, aiming to prioritize threats and minimize dwell time. According to the vendor, it aims to improve security analysts' efficiency and accelerate time-to-response.

Detects all endpoint threats: NetWitness Endpoint aims to identify threats that other solutions may miss, providing real-time visibility of all endpoints, whether they are on or off the network.

Simplifies endpoint data collection: The solution offers endpoint inventory scans and can be paired with Microsoft Windows log forwarding and filtering capabilities, according to the vendor.

Combines continuous endpoint security monitoring with behavior-based detection: NetWitness Endpoint aims to deliver full visibility into processes, executables, events, and behavior on all endpoints, including servers, desktops, laptops, and virtual machines. According to the vendor, it enables better management of the attack lifecycle and incident response investigations.

Rapid data collection: The solution aims to collect full endpoint inventories and profiles in minutes with minimal impact on end-user productivity. According to the vendor, it uses a lightweight endpoint agent and provides immediate insights, response actions, and metadata ingestion from Windows logs and endpoint core processes.

Scalable and efficient solution: NetWitness Endpoint provides a single, tamper-proof agent and aims to scale easily from hundreds to hundreds of thousands of endpoints. According to the vendor, most analysis occurs on the NetWitness Endpoint database, aiming to reduce endpoint impact.

Integrated behavior-based detection: The solution includes embedded endpoint-based UEBA (User and Entity Behavior Analytics) that aims to create a baseline for normal endpoint behavior. According to the vendor, it rapidly detects deviations that may indicate a threat, scores and prioritizes incidents based on potential threat level, and uses advanced machine learning algorithms.

Intelligent and automated processes: NetWitness Endpoint aims to automatically collect and analyze endpoint processes and executables, record data about every critical action surrounding unknown items, and apply advanced analysis to determine threat potential impact and prioritization.