Please share with the community what you think needs improvement with RSA NetWitness Endpoint.
What are its weaknesses? What would you like to see changed in a future version?
The contamination feature could be improved.
At the moment the solution is working perfectly. I would, however, like to see an improvement in the interface. The only challenge that I see is when you access it through the VPN, you can't always use the interface because it's slow to respond. When you're on-site, however, it works perfectly. I also think that they should adopt multiple identifications in the long run, as well as a web-based graphical interface for the data.
This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available.
The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution. However, customers understand the model, so they buy them in modules and put them together.