RSA, The Security Division of EMC, announces the release of RSA ECAT v4.1

Document created by RSA Admin Employee on Jul 30, 2015Last modified by Jeff Shurtliff on Feb 7, 2016
Version 2Show Document
  • View in full screen mode

RSA is pleased to announce the general availability of  RSA ECAT 4.1, the newest release of the endpoint  threat detection solution that exposes advanced malware and instantly determines the scope of a compromise to help security teams stop advanced threats across the enterprise.   This point release includes several exciting new features and improvements to RSA ECAT that enhance threat detection and visibility as well as overall improvement to the platform.  These include:


RSA ECAT 4.1 continues to expand the reach of its agents, including extended features for the Apple Mac OS X, support for remote systems, and the maintenance of agent compatibility through endpoint system upgrades. In addition, it promotes rapid response through enhanced threat characterization, additional analyst tools, and remediation workflows, all supported by roles and permission management. RSA ECAT 4.1 is also ready for 3rd party integration, tooling and intelligence exchange through the REST API and STIX support. Access to any external malware analysis engine -- including  RSA Malware Analytics -- is a right-click away.


Improved Analyst Experience and Threat Detection:

-                      A new Risk Score, leveraging threat intelligence and data analytics, to provide a more precise module threat characterization.

-                      Automatic Whitelist / Blacklist / Greylist updates for known certificate signers, as well as known behaviors.

-                      Enhanced Module Analyzer with text and hex views for deeper visual analysis

-                      Module History for deleted or inactive modules.

-                      Visual diagrams for Hooks, Module and Machine.


Extended Agent Support:

-                      Enhanced support for the OS-X operating system, including behavior tracking system and network monitoring for Mac agents.

-                      Roaming Agent Relay to extend the visibility of endpoints disconnected from a corporate network.  The Roaming Agent Relay can be                            deployed as a cloud service, or in a private DMZ.

-                      Kernel Adaptation System, to ensure agent compatibility through endpoint upgrades

-                      Multi-server configuration for flexibility in agent visibility and management.


Additional Incident Response capabilities:

-                      New Blocking System: workflows to safely block in-place, or quarantine and remove suspicious modules detected by ECAT.

-                      Roles: fine-grain Access Control to manage users and permissions. Profiles enable the provisioning of users with a repeatable pattern                           of controls.


Added Integration capabilities:

-                      REST API supports a growing community of power users, tools developers and integrators.

-                      STIX support, allowing the exchange of threat intelligence.

-                      External malware analysis engine integration, so files and artifacts can be submitted through a right-click action directly from ECAT.


Additional enhancements and details are available in the Release Notes.


Recommendation for RSA ECAT customers:

For existing RSA ECAT customers: Review the Release Notes for RSA ECAT 4.1 for more information about the updates made in this version and guidance about how to migrate from earlier versions. There is a separate Migration Guide available, which provides specific details about migration from all supported versions to RSA ECAT 4.1.




Obtaining more information:


For more information about RSA ECAT, visit:




For instructions on obtaining your ECAT license, follow the instructions here: