RSA, a Dell Technologies business, is pleased to announce the newest release of RSA’s endpoint detection and response tool, RSA NetWitness Endpoint 4.3. Through a combination of live memory analysis, continuous behavioral monitoring, and advanced machine learning, RSA NetWitness Endpoint detects new and hidden threats that other solutions miss entirely.
This release includes exciting new features and improvements to RSA NetWitness Endpoint that enhances threat detection, visibility, and response actions.
Machine Containment
The Machine Containment feature allows an analyst to apply containment to a machine that may be compromised. This blocks the ability of a machine to connect to the network, allowing the analyst to observe the malware in action while protecting the larger environment. Analysts are able to control the spread of an attack and investigate the malware behavior post-containment.
Expanded Agent Support
Mac support for NetWitness Endpoint agents now extends to El Capitan (10.11) and Sierra (10.12). Also, qualified agent support is added for Microsoft Windows Server 2016. Additionally, the risk score, previously only applied to files on Microsoft Windows machines, has been extended to files on Mac and Linux machines.
New Suspicious Event Detection IIOCs
There are many new Instant Indicators of Compromise (IIOCs) for suspicious non-malware event detection added for this release. These IIOCs are designed to target suspicious activities that may be indicative of hacking, initiated by a threat actor. RSA NetWitness Endpoint 4.3 can go well beyond “just malware” to detect user-initiated behavior that may be threatening to organizations.
Live Feedback
The Live Feedback function gathers NetWitness Endpoint license and deployment-related information, as well as relevant usage metrics, to help RSA improve product support and planning. All data collected is for RSA’s use only and shall be protected with the applicable license agreement.
Following installation of or updating to NetWitness Endpoint 4.3, a user with L2 or Admin privileges will be prompted, upon first login, to accept participation in Live Feedback. In addition to license information (which is collected by default), the Live Feedback function can also collect data concerning OS versions of agents/servers, operational state of the product, and type of deployment. For complete details, see the “Live Feedback” topic in the RSA NetWitness Endpoint 4.3 User Guide.
Rebranding
The NetWitness Endpoint User Guide, Installation Guide, User Interface, and installer have been rebranded from ECAT to NetWitness Endpoint. Note that this does not include the Agent Packager, default installation paths and folders, service names, and some internal functions.
Recommendations for RSA NetWitness Endpoint customers:
Review the Release Notes for RSA NetWitness Endpoint 4.3 for more information about the updates made in this version.
Documentation is available for download through the following links:
For additional documentation, downloads, and more, visit the RSA NetWitness Endpoint page on RSA Link.
For more information about RSA NetWitness Endpoint, visit:
For instructions on obtaining your RSA NetWitness Endpoint license, follow the instructions here: https://download.rsasecurity.com/ProductList/ECAT.cshtml
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.