After years of delivering cutting-edge cybersecurity solutions to some of the world’s business leaders and innovators, NetWitness is poised to redefine the future of threat detection and response. What began nearly a quarter-century ago as a U.S. government research project aimed at analyzing network traffic for security is now taking a bold leap into the future.
Throughout its history, NetWitness has dedicated itself to overcoming industry challenges by delivering unparalleled visibility, robust contextualization, and automated, actionable insights. Over the years, these capabilities have empowered security teams to confront even the most sophisticated cyberattacks. As a result, NetWitness has consistently stood as the go-to threat detection and response platform for the largest and most security-conscious organizations globally.
1. Why NetWitness stands apart in cyber threat detection and response:
- Deep visibility across networks, endpoints, and logs.
- Correlation of events with rich context for faster triage.
- Integration of SOAR, UEBA, and analytics into one unified platform.
- Scalable architecture to support both on-prem and hybrid environments.
- A trusted partner for organizations seeking managed threat detection and response services.
Today, NetWitness is still a company profoundly committed to revolutionizing threat detection and response.
NetWitness’s past will always drive the company’s commitment to cybersecurity forward, no matter the direction. But with newfound independence from RSA and Dell EMC, NetWitness will have the agility and flexibility to expand its offerings, explore new market opportunities, and invest in research and development. Ultimately, the next era of NetWitness will accelerate its growth and continue providing exceptional cyber threat detection and response solution to its clients.
In the new era, NetWitness will focus on:
- Faster delivery of innovation through independent R&D.
- Expanding use cases for threat detection and response across industries.
- Strengthening partnerships to deliver next-generation managed threat detection and response services.
“My vision for NetWitness is to create a purpose-driven company that’s going to have the greatest possible societal impact.” – Ken Naumann, CEO, NetWitness
Through its long and storied existence, NetWitness has fought for the good side in one of history’s most dynamic contests: the war between the black hats and the defenders. This is the story of that evolution.
2. The Early Years
NetWitness was conceived in 1997 as a research project under the stewardship of CTX Corporation, a Vienna, VA-based consultancy, where most employees held Top Secret security clearance. This innovative platform was custom-built to assist analysts decipher large volumes of captured network data.
Recognizing its immense potential, CTX saw value in the technology across various use cases and gained permission to deploy it in different engagements. In 2002, CTX was acquired by ManTech International Corporation, which further refined the technology to aid federal law enforcement agencies in criminal investigations.
By 2006, ManTech launched NetWitness as a privately-held spinout, introducing its network analysis technology to the global commercial market. NetWitness emerged as a packaged software solution, swiftly gaining adoption by some of the world’s premier organizations, many of which still rely on its capabilities today. As a private entity, NetWitness realigned its development efforts, crafting an enterprise solution that addressed the evolving needs of the cyber threat detection and response landscape.
Key innovations in the early stage:
- Real-time capture and analysis of network traffic.
- Early use of metadata for rapid threat triage.
- Support for complex investigations in high-security environments.
- Foundation for scalable threat detection and response tools.
3. RSA Investments & The Advent of SIEM
The year 2006 also marked a significant milestone for RSA Security. Independent since its founding in 1982 by legendary encryption scientists Ron Rivest, Adi Shamir, and Leonard Adleman, RSA Security was acquired by EMC. It operated as RSA, the Security Division of EMC, until 2016, when Dell and EMC merged to form Dell EMC. RSA continued to operate as an independent unit of Dell Technologies until 2020, when it transitioned into an independent organization, acquired by a consortium led by Symphony Technology Group (STG).
In 2011, RSA acquired NetWitness, bringing it into the fold alongside the RSA enVision SIEM. During this period, enVision was a leader in the evolving SIEM market. Initially compliance-focused, SIEM logs were increasingly utilized for security analytics and threat detection. Recognizing this shift, RSA merged enVision and NetWitness, expanding NetWitness’s enterprise reach, enhancing deep packet inspection, and enabling log parsing in a common metadata language.
SIEM and NetWitness Integration Strengths:
- Unified visibility across logs and packets.
- Strengthened analytics for threat detection and response.
- Foundation for adaptive, real-time incident response workflows.
Remaining true to its consultancy-based origins, RSA Professional Services introduced Incident Response (IR) services based on NetWitness. RSA’s expert threat hunters continue to deliver high-end IR services, collaborating closely with customers globally. This real-world experience of threat hunting continuously enriches NetWitness’s product development, which is vital to its sustained leadership and relevance over the years.
4. Evolved SIEM
In 2018, NetWitness’s evolution continued with the acquisition of Fortscale, a pioneer in User Behavior & Entity Analytics (UEBA). Security Orchestration, Automation & Response (SOAR) capabilities were introduced with NetWitness Orchestrator. Building upon NetWitness’s strong foundation, this evolution resulted in the birth of the RSA NetWitness Platform, a comprehensive Threat Detection, Investigation, and Response solution.
NetWitness Platform Key Capabilities:
- Embedded UEBA for identifying abnormal behavior.
- SOAR workflows to automate incident handling.
- Full-packet capture and deep packet inspection.
- Support for managed and in-house cyber threat detection and response teams.
But NetWitness’s story doesn’t stop here. The release of NetWitness 12.3 in the modern era of cybersecurity represents another remarkable milestone in its journey.
5. The 12.3 Release
NetWitness 12.3, the latest chapter in NetWitness’s evolution, offers unrivaled support for today’s modern workforce. This release ensures complete network visibility and threat detection, including remote workers and endpoints. It introduces an impressive array of cutting-edge features and integrations designed to meet the evolving demands of distributed enterprises head-on. The release is not just an incremental update but a giant leap in the evolution of cybersecurity operations.
With NetWitness 12.3, organizations gain unparalleled clarity and an enhanced ability to categorize and rank assets throughout their environment using advanced Machine Learning (ML) and Artificial Intelligence (AI). This release is a testament to NetWitness’s unwavering commitment to staying at the forefront of cybersecurity innovation.
What NetWitness 12.3 Delivers:
- Advanced visibility across hybrid and cloud environments.
- Intelligent asset discovery and prioritization using AI/ML.
- Integrated support for remote workforce monitoring.
- Strengthened role as a centralized threat detection platform.
6. NetWitness: A New Era
In 2023, NetWitness marked a defining moment in its history by announcing its separation from RSA. This move positions NetWitness as an independent entity, free to chart its own course and pursue its vision of cybersecurity excellence.
Strategic priorities for the new era:
- Accelerate roadmap for threat detection and response innovations.
- Offer scalable managed threat detection and response services.
- Continue supporting global enterprises with elite incident handling.
- Deepen integrations across the security ecosystem for faster time-to-value.
“We are thrilled to embark on this new chapter as an independent company. This separation will empower us to sharpen our focus on cybersecurity innovation, strengthen our partnerships, and better serve the evolving needs of our customers. We are committed to providing best-in-class solutions that help organizations stay ahead of cyber threats and protect their digital assets.” – Ken Naumann, CEO, NetWitness
As an independent entity, NetWitness remains unwavering in its commitment to investing in its people, technology, and processes. This dedication ensures that NetWitness maintains its position as a leader in the cybersecurity industry, delivering exceptional value to its customers and partners while fostering a culture of innovation and excellence.
At its core, NetWitness sees itself not just as a standalone company but as a dedicated partner, collaborating closely with its clients to safeguard their organizations, users, and clients. This commitment to partnership and a relentless focus on solving customer problems define NetWitness’ identity in this new era of independence.