NetWitness originated in 1997 as a research project for a U.S. intelligence agency focused on capturing and analyzing network communications. The company was acquired by RSA Security in 2011, which expanded its capabilities beyond network traffic forensics to include endpoint and log analysis. The NetWitness Platform provides a unified threat detection, investigation, and response solution that combines multiple security functions. The platform includes Network Detection and Response (NDR) with packet capture capabilities, Security Information and Event Management (SIEM) for log analysis, Endpoint Detection and Response (EDR), and Security Orchestration, Automation and Response (SOAR) functionality. The platform also offers User Entity Data Analytics and integrations with Secure Access Service Edge technologies. NetWitness uses behavioral analytics, AI, and machine learning for threat detection, along with patented parsing and indexing technologies for network, log, and endpoint activity analysis. The platform provides forensic capabilities for investigation and compliance reporting, with visibility across traditional IT environments as well as IoT and OT systems. The company serves security-conscious organizations across multiple sectors including financial services, energy, healthcare, government and defense, logistics, transportation, retail, technology, and telecommunications. NetWitness reports that 35 of the Fortune 100 companies use its platform. In addition to its technology platform, NetWitness offers incident response services, professional services, and educational training programs.