Endpoint Threat Detection
Expose More. Analyze Faster. Respond Better.
Expose advanced threats and gain deep endpoint visibility
Analyze and Confirm Infections Quickly
Scope and Take Action on Incidents
Enterprise-level Scalability with Minimal Load on the Endpoint
Explore & Compare
Explore product options and get a quote
Receive an early warning of malware infections
RSA ECAT continuously monitors endpoint activity and alerts on suspicious activity in real time. Alerts can be correlated with other network events in RSA Security Analytics or other SIEM solutions.
Detect advanced threats without relying on signatures or knowledge of specific threats
RSA ECAT doesn’t rely on signatures to detect advances targeted attacks. Instead, RSA ECAT leverages unique behavior monitoring and scanning techniques to go deep into the inner workings of endpoints to thoroughly check the integrity of the system, provide a complete view of what’s happening, and flag anomalous activity.
Gain visibility into any unknown files that load
RSA ECAT detects new, unknown files that load on any endpoint across the enterprise and provides immediate insight into how the file behaves and impacts the system. This helps analysts quickly determine if the file is malicious and take action.
Shorten the time to validate compromised endpoints
RSA ECAT makes it easy for analysts to investigate and confirm infections by providing suspect scores and descriptions highlighting anomalous activity. Security teams can quickly triage and focus investigations on the most suspicious endpoints, using ECAT’s built-in tools that enhance analysts’ efficiency during investigations.
Reduce costs of incident responseWith RSA ECAT, security teams can instantly see how far the infection has spread and identify all other machines that need to be remediated, which eliminates significant manual work that would otherwise be required for incident response.
Monitor, Scan, & Alert
RSA ECAT agents are deployed on Windows and Mac servers and endpoints to provide deep visibility into endpoint activity, with low system impact. The agents continuously monitor and can automatically alert on suspicious activity, providing an early warning of potential compromises. RSA ECAT also provides an expansive set of out-of-the-box alerting rules that identify suspicious behavior, without relying on signatures or knowledge of a specific threat.
Leveraging unique scan techniques, RSA ECAT scans endpoints in a matter of minutes to thoroughly check the integrity of the system, gain an X-ray-like view of what’s happening, and identify anomalous activity. Through per-process live memory analysis, direct physical disk inspection, and network traffic analysis, RSA ECAT gathers a complete inventory of everything running on the system and automatically flags suspicious activity for further review.
The RSA ECAT console presents a complete view of all endpoints in the environment, along with a suspect score that is calculated using unique scoring algorithms. With a clear visual indication of the potential threat level of endpoints and a description of the anomalous activity seen, security teams can easily triage alerts, focus their investigation, and make limited resources more efficient.
RSA ECAT maintains a global repository of all executable files found and IP addresses connected across the environment. With RSA ECAT, security analysts have the flexibility to whitelist known-good (trusted) files and filter them from view during an investigation, and also blacklist known-bad files and IPs, so they’ll be automatically flagged if found on any endpoints. This helps to reduce time spent on an investigation.
Security teams will have context about how many machines a particular file has been found on, whether the file is active or dormant on a machine, and which machines are connecting to a particular IP address. RSA ECAT provides several built-in tools to help security analysts determine if a file is malicious, including the ability to check the legitimacy of file certificates and hashes, check for known threats, identify any code modifications typically made by malware, and more.
In addition, direct integration between RSA ECAT and RSA Security Analytics provides comprehensive visibility into endpoint activity, network packets, netflow, and logs, and enables analysts to seamlessly transition between endpoint and network views during investigations.
The ability to know how far a particular infection has spread is crucial for effective remediation. Without that visibility, security teams don’t know if other machines are infected, and the business could still be at risk. With RSA ECAT, security teams can instantly determine how far the threat has spread by identifying all other infected machines.
For effective remediation, RSA ECAT shows the exact location and persistence mechanism of malicious files so security teams can take appropriate action. One option available to the security analyst is to push out a temporary remediation agent from the ECAT console to clean the endpoint.
RSA ECAT can also gather critical data for a full forensic investigation, including full process and live memory dumps, view the Master File Table (MFT), and see modified and deleted files.
RSA Security Analytics
Provide enterprise-wide visibility into network traffic and log event data to reduce attacker free time from weeks to hours
RSA Critical Incident Response Solution
Detect security threats, prioritize actions based on business impact, and expand your analysts’ expertise.
- ESG: Information-driven Security and RSA Security Analytics and RSA ECAT
- ESG: Rethinking Endpoint Security
- SANS: Building a World-Class Security Operations Center: A Roadmap
- SANS: Roadmap to creating a World-Class Security Operations Center - Infographic
Data and Spec Sheets
- Be the Hunter: Pivoting into RSA ECAT Demo
- Behind the Scenes of RSA ECAT: Signature-less Endpoint Threat Detection and Remediation
- Building End-to-End Advanced SOC Operations with RSA Solutions
- Demo: RSA ECAT Overview
- Demo: What's New in RSA ECAT 4.1
- ESG on Information-driven Security Based on RSA Security Analytics and RSA ECAT
- Logs are Just One Piece of the Puzzle
- Los Angeles World Airports on RSA Security Analytics and RSA ECAT
- RSA ECAT in Action: Endpoint Malware Investigation
- RSA on Intelligence Driven Threat Detection and Response
- Using Endpoint Visibility to Protect Your Enterprise with RSA Security Analytics and RSA ECAT
- RSA Update: Latest Tools, Tactics and Procedures
- Advanced Threats in the Enterprise: Finding an Evil in the Haystack
- ESG: RSA Enterprise Compromise Assessment Tool (ECAT)
News & Blogs
- ESG: RSA ECAT 4.0 for Endpoint Forensics and Enterprise Security Analytics
- Computer Technology Review: RSA Launches RSA ECAT V 3.5
- IT Business Edge: RSA Puts End Point Security in Context
- IT-TNA: Latest ECAT Represents RSA’s Formal Endpoint Security Debut
- Network World: Products of the Week
- RSA Speaking of Security blog
- Key Ingredient to Detecting Advanced Threats
- New RSA Solution Takes Customers from Hunted to Hunter
Training & Events
Recorded WebcastWebcast: Understand Why Packets Are So Powerful & See Why The Endpoint Is So CrucialThis webcast from October 29, 2014 highlights the power of RSA Security Analytics (packets) and RSA ECAT (endpoint)