RSA FirstWatch Advanced Threat Research and Intelligence

RSA FirstWatch is a research and analysis organization focused on emerging and sophisticated threats from around the globe.


The RSA FirstWatch mission is to provide RSA Security Analytics customers covert tactical and strategic threat intelligence on advanced threats and actors. The team focuses on threats that were previously unknown to the security community including malicious code and content analysis, threat research, ecosystem analysis, and profiling threat actors.


The team is made up of elite, highly trained threat research and intelligence experts with backgrounds in government, military, financial services, and information technology. With heritage dating back to the late 1990s, members focus on the threat ecosystem and profiling threat actors.


Tracking millions of IPs and domains and dozens of unique threat sources, RSA FirstWatch delivers situational awareness and threat intelligence from across RSA’s research and incident-response community, helping customers prepare for, respond to, and mitigate advanced cyber threats.


RSA FirstWatch not only conducts world-class research, it operationalizes that research by converting it into threat feeds, rules, blacklists, parsers, and more via the RSA Live Intelligence System. RSA Live then fuses FirstWatch threat intelligence with your organization’s current and historical network and log event data.


Read the latest intelligence on advanced threats, threat campaigns, and threat actors from the RSA FirstWatch research team.

White Papers

The VOHO Campaign: An In Depth Analysis


INTH3WILD: The Current State of Cyber Threats


Link by Link: Crafting the Attribution Chain