Symantec Protection Engine Reviews

My main use case for Symantec Protection Engine in our organization involves both scanning and protection. We have nearly 200 servers in our environment with the Symantec agent installed. I use Symantec Protection Engine daily as part of our business-as-usual activities, primarily for real-time scanning and protection across SharePoint, web applications, and servers.

Scanning is performed online during file transfers, with optional scheduled scans to catch any missed items. The incident response team at Kyndryl also leverages this tool, integrating it with other platforms to forward logs to our SOC monitoring team.

Symantec Protection Engine's been a game-changer for us at Kantar—blocks like 80-85% of file-based threats right at the gateway before they hit our 200 servers, cutting down endpoint incidents big time.

The main win is that real-time ICAP scans on NAS and SharePoint uploads quarantine ransomware or phishing docs instantly with ML, so instead of 20+ CrowdStrike remediations a week, we're down to 8-10. SOC shifts save 1-2 hours daily on handovers thanks to the central dashboard and syslog feeds to ServiceNow, freeing us up for phishing deep dives with Trend Micro or CySA+ studying.

Also slashed MTTR by half on server threats 90 mins vs 4 hours by auto-exporting hashes for L3 analysis.

The best features of Symantec Protection Engine include machine learning, file reputation, and real-time scanning. It efficiently handles heavy loads through ICAP and cloud-based processing, reducing the burden on endpoints compared to Trend Micro and other endpoint security solutions. Its centralized control is also noteworthy.

Through machine learning, it detects both known and unknown malware and malicious URLs, in addition to performing signature-based scans that assist SOC teams in analysis. The solution is highly effective in leveraging both machine learning and file reputation. Regarding centralized control, it offers a unified management console for policy deployment and provides real-time visibility through dashboards, helping save significant administrative time.

Symantec Protection Engine has had a positive impact on our organization by enhancing our overall security posture. It effectively blocks a high volume of file-based threats across more than 200 servers, saves SOC analysts time in endpoint remediation, and streamlines compliance processes. It further strengthens security through real-time scanning and machine learning-based quarantine, blocking phishing payloads in SharePoint uploads before they reach endpoints, thereby reducing incidents by 30–40% compared to signature-only tools.

To improve Symantec Protection Engine, I suggest simplifying its integration with other tools, as it is more complex compared to Trend Micro and CrowdStrike. Making the integration process easier would be highly beneficial.

I have used Symantec Protection Engine for approximately two to three years.

The reduction has positively impacted our team's workload, decreasing ticket volume by approximately 30 to 40 percent. This means less work for our SOC team, as they now receive fewer tickets. From a cost and resource perspective, this change has been beneficial.

In my experience, Symantec Protection Engine offers efficient scalability, allowing the easy addition of multiple servers. While the on-premises setup depends on the capacity of the installed servers, in AWS we can easily scale from 200 to 500 instances—and sometimes even to thousands daily—through ICAP load-balancing mirroring.

I have interacted with the customer support team for Symantec Protection Engine, and it was excellent to work with them. They provided solutions that were very effective.

I have previously worked with multiple tools before using Symantec Protection Engine, including Trend Micro, CrowdStrike, and Microsoft Defender. I used these tools in different projects, alongside Symantec Protection Engine.

Straightforward

consultant

Pricing for Symantec Protection Engine was decent.

I didn’t evaluate many other options before choosing Symantec Protection Engine, as it was already part of the project when I joined, so I couldn’t change it. However, I would recommend exploring other tools when the renewal opportunity arises.

Symantec Protection Engine scans incoming content and occasionally raises alerts if it detects anything concerning. It is currently deployed on-premises in our environment. I recommend others consider using Symantec Protection Engine because it is cost-effective. 

However, I suggest opting for the cloud version instead of on-premises or hybrid deployments, as the cloud offers better scalability and easier troubleshooting. Overall, I would rate this product 8 out of 10.

I tried using Symantec Protection Engine on AWS cloud and have constructed some implementations. It was purchased through AWS marketplace.

What I appreciate in Symantec Protection Engine is the Virtual Policy Manager (VPM) and the Application Name feature, which are really effective. The simple match request URL features are basic but highly efficient. The header and request header controls represent a significant improvement compared to other vendors. The categorization and custom categorization features are also excellent. These four elements represent the strongest parts of Symantec Protection Engine.

The seamless integration of Symantec Protection Engine benefits my IT infrastructure, although the Symantec proxy only works with Symantec solutions such as DLP or Content Analyst. Sometimes it works with accounts like Okta or SAML, but third-party solutions usually do not integrate well with Symantec. Only Symantec products work effectively with Symantec.

The high-performance scanning impact on my organization includes improved policies that allow specific redirection to people. The policies are very detailed, enabling me to specify which person receives which policy and how to control company users through these policies. This represents a significant improvement compared to other proxies.

Symantec Protection Engine has fewer issues during installations. However, some customers find it confusing to distinguish between the normal proxy and the web proxy because Symantec Protection Engine only controls port 80 and 443, which are HTTP and HTTPS. Because of this limitation, applications or browsers that are not supported sometimes may not work, and certain government sites or other sites may not function. Other national proxies made in Korea and other vendors support all ports.

Complexities can arise when customers use the proxy. The Web UI is good and has many improvements, but there are still some things that need enhancement.

Price is a significant area for improvement. The pricing is quite expensive, and it is particularly high for regular customers. Many customers are considering other vendors because the price is too high.

The Symantec proxy limitation to work only with Symantec products represents another weakness. While it sometimes works with accounts like Okta or SAML, third-party solutions usually do not integrate properly with Symantec. Only Symantec products work with Symantec.

It is difficult to assess whether it remains beneficial to use Symantec Protection Engine in terms of costs because the price is very high. Although the product has benefits, the pricing is extremely high. Symantec Protection Engine works very well for huge companies, but when company size is large, network size is also large, requiring a bigger proxy and significantly higher pricing. The cost multiplies based on scale, making it highly effective for Symantec but at multiple times the standard price.

I have been working with Symantec Protection Engine for almost three to four years.

The technical support of Symantec deserves a 10 because they provide extensive support.

Positive

The deployment timeframe depends on the size of the implementation, but deployment may require around one hour. I can complete the deployment within one hour since I personally participate in the deployment process. The installation is straightforward, but when the company is large with substantial size and many policies, stabilization may take additional time. However, the deployment itself takes approximately one hour because it is very simple to deploy and install.

I use policy management capabilities with the Visual Policy Manager. The impact of policy management on my security and my customers' security allows me to install policies for specific options, a specific person, or a specific group. The policy layers are very detailed, which I appreciated greatly.

The effectiveness of Symantec Protection Engine's Threat Intelligence Network in protecting against evolving threats is beneficial for the proxy because it has a threat risk level. Symantec officially supports levels 1 through 10, and I would consider levels 8 through 10 acceptable, while levels 5 through 7 are warnings. This system is helpful for customers. In threat protection, the categorization is excellent because Symantec provides strong support for it. Symantec effectively supports categorization, specifying which sites are threat sites, and when I set a suspicious category to deny, it functions effectively.

I do not use the real-time content scanning feature with Symantec Protection Engine; I only use the web proxy structure.

My overall rating for this product is 7.

Clients usually use Symantec Protection Engine primarily for protecting their computers from malware or any kind of attacks, which includes viruses or trojans, as a comprehensive security solution provided by Symantec.

Symantec Protection Engine provides me with the option of both cloud and on-premise solutions, which stands out for both me and my clients. Within one stable environment, I can get multiple products in Symantec, such as Symantec Endpoint Manager, Data Loss Prevention, proxy, and other complete security products. Symantec Protection Engine provides me centralized management, antivirus, anti-malware, firewall, and host-based IPS, as well as device control where I can block USB drives or application control.

The real-time content scanning feature in Symantec Protection Engine is indeed helpful for detection purposes. The benefit from that scanning is that it detects and blocks threats so that files cannot spread viruses or malware into my system. It also detects any suspicious activity, such as when an executable is installed that encrypts my files or during cross website transactions which could indicate a ransomware attack. This helps me to lower the risk of infection spread.

Integration with infrastructure, especially regarding third-party integration, is generally good. Symantec Protection Engine integrates with third-party solutions, such as SIEM; I have integrated it recently with Elastic for forwarding logs. Active Directory and ITSM integrations are also possible, which are basic necessities for many solutions, including Symantec. Additionally, it provides integration with Symantec EDR solution for threat hunting or endpoint isolation.

While I have mentioned many advantages of Symantec Protection Engine, there are areas for improvement, particularly the dashboard features. I find that some features are not available, leading us to rely on third-party solutions like Elastic for dashboard creation. Additionally, the console experience is quite traditional, especially compared to competitors like Carbon Black, which have more visually appealing and informative dashboards. Support from Broadcom is another area needing improvement since it has issues that affect customer experience.

Comparing Symantec Protection Engine to other vendors, the primary difference lies in the dashboards, which lack intuitiveness and the comprehensive information that a CXO would expect on a single page.

Symantec product solutions are indeed stable enough, achieving reliability in operation.

There are minor issues with scalability in Symantec Protection Engine, especially for large-scale deployments, where policy administration can become complex.

My experience with customer service from Broadcom is generally acceptable, though there is room for improvement. As a Broadcom partner implementing their products across the Middle East and Eastern Europe, I currently do not face major issues.

Support from Broadcom could indeed be improved; the quality of support often depends on the region, with varying experiences based on location.

If I were to rate support from zero to ten, I would give it an eight for its overall performance.

The return on investment for deploying Symantec Protection Engine varies depending on whether a customer likes Broadcom. While there are better solutions like Carbon or CrowdStrike, it largely depends on customer budget and the level of support provided by Broadcom. If Broadcom enhances its products and supports customers effectively, it is a good buy.

The performance during scanning totally depends on the client-to-client environment, so I have not seen major issues with high performance regarding the installation of agents occupying excessive RAM or CPU cycles.

Regarding threat protection, Symantec Protection Engine has a robust threat intelligence network because it publishes new signatures for evolving viruses and threats. This capability, often referred to as LiveUpdate, ensures that systems can be kept up to date with the latest definition files.

Policy management does impact my security approach overall because I have used it multiple times and found it easy to create different types of policies. Symantec Endpoint Protection, referred to as SEPM, has components that include antivirus, anti-spyware policies, firewall policies, and intrusion prevention systems. It provides complete security with respect to host-based security and allows configuration of various component policies to ensure that my PC is secure.

The price of Symantec Protection Engine is fair; in fact, I believe it is a very fair price for what is offered and not excessive compared to competitors.

I would rate this review seven out of ten overall.

I use the real-time content scanning feature, and it has helped me with proactive threat detection.

Seamless integration has benefited my existing IT infrastructure.

I have utilized the tailored policy management capabilities, and this impacts my security approach positively.

The high-performance scanning has impacted my efficiency in significant ways.

I have been using this solution for three years.

The best features that I like the most include the threat intelligence network, which is effective in protecting against evolving threats.

Blocking and integration are areas that have room for improvement.

Regarding pricing, I find it to be cost-efficient.

I have been using this solution for three years.

I rate the stability at eight out of ten.

I have concerns about scalability.

I rate the technical support at five out of ten.

Symantec Protection Engine is deployed on-premises.

The deployment is not overly complex.

The deployment takes one or two months for policy configuration.

I would recommend Symantec Protection Engine to others looking to implement this product, and they should consider doing a proof of concept.

I give this product an overall rating of nine out of ten.