We just raised a $30M Series A: Read our story

What needs improvement with RSA NetWitness Endpoint?


Please share with the community what you think needs improvement with RSA NetWitness Endpoint.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
55 Answers

author avatar
Top 5Real User

I would like to see Security Orchestration and Response Automation (SOAR) integration. This way, if there is an endpoint that has been compromised, you don't have to go about repairing or blacklisting it manually. Ideally, the system can have its own intelligence so that it can perform automated tasks without human intervention. One of the drawbacks of using this product is that when you deploy, you have to create MSI files. These files have to be created for different operating systems, which means that you have to be conscious of which ones exist in your environment. For example, if you have Linux, MacBooks, and Windows machines, then you have to have MSI files created for each of them. Ideally, a single MSI file would be created to support deployment on any of the supported operating systems.

author avatar
Top 10Real User

The contamination feature could be improved.

author avatar
Top 5Real User

At the moment the solution is working perfectly. I would, however, like to see an improvement in the interface. The only challenge that I see is when you access it through the VPN, you can't always use the interface because it's slow to respond. When you're on-site, however, it works perfectly. I also think that they should adopt multiple identifications in the long run, as well as a web-based graphical interface for the data.

author avatar

This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available.

author avatar
Real User

The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution. However, customers understand the model, so they buy them in modules and put them together.

Find out what your peers are saying about RSA, Carbon Black, CrowdStrike and others in Endpoint Protection for Business (EPP). Updated: October 2021.
540,984 professionals have used our research since 2012.