Item: OpenText EnCase Endpoint Security
Rating: 1
Author: Sergil Cave

Use Cases and Deployment Scope

It is being used by our Incident Response Team only. It helps us streamline forensic investigations.

Pros and Cons

Functionality meets minimal requirements, since it performs forensic investigations as advertised.

Their UI definitely needs to be more user-friendly, right now it is very cumbersome to run and view investigations.
Authentication mechanism should be a simple username/password, not certificate-based which is difficult to manage.
Needs better support documentation for the product, it is difficult to find solutions to issues that we run into.

Return on Investment

One negative impact would be that since the UI is cumbersome to use we would need to spend more money on training which is not always feasible.
Another negative impact would be that since there is not much support available this slows down investigations due to finding out how to troubleshoot and fix functionality issues.
One positive impact would be that since it meets minimal requirements when it comes to forensic analysis it gives us visibility on any malicious activity occurring on a user's endpoint.

The other forensic tool that is a direct competitor to EnCase and wasn't listed above is the Forensic Toolkit or FTK. I believe that FTK is a better tool overall simply because it is easier to manage and use when it comes to investigations. Unfortunately, I wasn't part of the decision process and EnCase was the tool selected, otherwise, I would have recommended FTK.

Support Rating

Because support is non-existent whenever you have a functionality issue using the product. Also since the UI is so cumbersome to use we could use as much support as possible. Whenever we ask for support we are told to take the training which costs us more money. I believe that support should be easily accessible and affordable for the client.

Key Insights

Do you think OpenText EnCase Endpoint Security delivers good value for the price?

Are you happy with OpenText EnCase Endpoint Security's feature set?

Did OpenText EnCase Endpoint Security live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of OpenText EnCase Endpoint Security go as expected?

Yes

Would you buy OpenText EnCase Endpoint Security again?

Likelihood to Recommend

It is more suited to environments that have a large internal user base since there will be more incidents that require forensic analysis. It will be less suited for environments that have a small internal user base due to the fact that there would be fewer incidents that require forensic analysis, but it really depends on the industry that a small internal user base is a part of.

Endpoint Security meets minimal requirements but UI is cumbersome to use

Overall Satisfaction with EnCase Endpoint Security