Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
EPP (Endpoint Protection for Business)
September 2022
Get our free report covering Microsoft, Palo Alto Networks, SentinelOne, and other competitors of Check Point Harmony Endpoint. Updated: September 2022.
633,184 professionals have used our research since 2012.

Read reviews of Check Point Harmony Endpoint alternatives and competitors

Hakeem_Abdulkareem - PeerSpot reviewer
Head, Security Technology & Engineering at a financial services firm with 10,001+ employees
Real User
The solution has given us visibility into compliance within our whole system and helped us ensure everything is updated
Pros and Cons
  • "What I like most about Symantec is the intrusion detection module. If you are scanning the environment, it will flag a possible intruder and tell you the IP and where the attack is coming from. Traditional antivirus solutions will never flag that. If you have a traditional SIEM, you might be able to pick that up. Symantec is a holistic endpoint security solution, so when you scan an endpoint, Symantec will let you know that something is happening to it."
  • "Symantec's application security module needs some improvement. You need to create a lot of fingerprints for application security. For instance, let's say I have different brands of ATMs in my environment, like Wincor and NCR. I use GRG to deploy an application control to whitelist some applications. I have to get the exact image of the different models of ATMs. When I tested in the past, some machines would not connect to the server without that."

What is our primary use case?

Symantec Endpoint Protection is an antivirus with anti-malware and application control capabilities that we use to protect assets like servers, workstations, and ATMs. There's a central management server we use to manage all the endpoints, regardless of the categories, and we install an agent on all the endpoints that reports to the management server. 

If I want to check the status of any asset, I need to get the details like the IP address and the hostname of the system. The management server will give me the current status. I have three different kinds of agents on the endpoint that I can use to control access. 

The agents for the ATMs and servers aren't as heavy as the ones for workstations. It's a stripped-down version that removes some of the components and add-ons that are not part of the endpoint protection engines, so the agent is lighter and can be deployed faster. The activities on servers and ATMs are dynamic, so the antivirus must also be very light. To centrally manage the antivirus, I have to set up distribution points because I have more than 14,000 endpoints altogether distributed across more than 250 branches in Nigeria.

I set up distributional points on systems and ATMs. The ATMs are always on the network because they're connected with other points at every branch and location. I need them to be distribution points. When I need to send a file to update all the other systems, I send it to these distribution points. These distribution points in Symantec record the data needed to update all the other systems 

Let's say I have two different locations. I will have the updated data at location one, and I have other data at location two. These different locations have their own IP subnets, so I will configure the update data so that the IP within that subnet can talk to it and no other IP outside the subnet. This one makes ensures my assets, ATMs, workstations, and servers can update as soon as possible.

I'm always compliant. The servers in the data center don't need to talk to any distribution points. They talk directly to the management server to get the updates regularly because the servers are always on the network at the data center, the workstations that people shut down at the end of the day. Any time people connect to the network, the system will update automatically. That is the normal architecture for Symantec.

How has it helped my organization?

Symantec centralized our intrusion detection system while creating additional layers of security at the endpoint level. We're not relying on the central intrusion detection system. It gave us more value than expected. 

The solution also helped give us visibility into compliance within our whole system and ensure everything is updated. I can tell you the number of outdated systems from the same management server. In the same console, I can remotely trigger an update on any system. Symantec offers more flexible administration than other solutions. Most other antivirus products get updates directly from their portal, install them on the management server, and all the endpoints pull the update from it. Sometimes, an endpoint may not update. The update might be on the endpoint, but the system will still not pick up.

Most other antivirus solutions can't do a workaround like Symantec, where you can download the JDB file from the portal and copy the file to a specific path on the problem system. You don't even need to install it. Once you drop the script into the system, it will run automatically. After 20 to 40 seconds, the system will be updated, and the status will turn green. 

Using distribution points is also a game changer because it has saved it. Symantec considers that you may have bandwidth issues in this part of the world. You can leverage the update and push the file through locations with inadequate bandwidth. When you push the file through, the update can pull the data file and distribute it across the other endpoints.

Having this flexibility makes the solution easy to use. You can also segment the systems according to assets. It lets you classify servers, ATMs, and workstations separately. You can have different versions because of the flexibility. You can remove some components before generating the agent you are installing on the endpoint. 

I get around 95 percent compliance, meaning that 95 percent of the systems are up to date at any time. I also want to take it a step further to achieve around 98% because I have discovered some systems are not updating.

Then there is another file called the JDB in Symantec that I download regularly and distribute across all the ATMs, which I use as my distribution points. I will run a script to pick this JDB file and copy it to a specific path on all the outdated MAA workstations to update them automatically.

Overnight, I usually copy the script to all 256 distribution points across the nation. The next day, I will run another script that goes to the specific distribution point, acquires the JDB file, distributes it to the list of data systems I have prepared by location, and copy the file to those computers. They will be updated automatically. 

That has been fully automated. I download the file every day at the close of business. It is shared through a script that is already automated across the distribution points the following day at 9:00 am because it's expected that people will resume work by 8:00 am. By 9:00 am, I expect every system to be on. The outdated systems will be targeted with the JDB and updated. 

What is most valuable?

What I like most about Symantec is the intrusion detection module. If you are scanning the environment, it will flag a possible intruder and tell you the IP and where the attack is coming from. Traditional antivirus solutions will never flag that. If you have a traditional SIEM, you might be able to pick that up. Symantec is a holistic endpoint security solution, so when you scan an endpoint, Symantec will let you know that something is happening to it.

Once, there was an unauthorized scan of the environment, and I immediately discovered multiple systems were accessing it. A message will pop up saying that an intrusion was detected scanning from a particular path. We need to check directly because there are multiple similar IP addresses we have to block on our firewall, so the IP cannot access our system again. We've been able to contain attacks using Symantec in the past. It's highly effective.

Another valuable add-on is application control, which I use to prevent some applications from entering my environment. You can block any program installed with the same fingerprint. If the software isn't aligned with the environment, Symantec will stop it automatically. You don't need to buy a different solution, like an app blocker, and deploy it in the background. 

What needs improvement?

Symantec's application security module needs some improvement. You need to create a lot of fingerprints for application security. For instance, let's say I have different brands of ATMs in my environment, like Wincor and NCR. I use GRG to deploy an application control to whitelist some applications. I have to get the exact image of the different models of ATMs. When I tested in the past, some machines would not connect to the server without that. 

Only the approved software on the ATM should run. Anything outside that should not even come up at all. We did this so that an outside person doesn't introduce malicious software to the ATM. That's the essence of locking down with application control. Using Symantec for application control has been hectic, so I use Carbon Black to do the lockdown.

Checking that data security will work fine with Carbon Black. Carbon Black worked fine. Setting up approval in Carbon Black works differently than Symantec. In Symantec, we first need the fingerprints of the applications running underneath. Before setting up Carbon Black, you first install the agent, allowing it to learn the environment. It will analyze all the software's behavior and provide recommendations for what should be allowed. It's more straightforward, whereas configuring application control in Symantec is a bit cumbersome.

For how long have I used the solution?

I've been using this solution since 2014. Before joining this bank, I used Symantec at another financial institution, so I'm well acquainted with the solution. It's taken care of many aspects, especially the endpoint, regarding the environment's security.

What do I think about the stability of the solution?

Endpoint Security is stable.

What do I think about the scalability of the solution?

When you put it on servers and there are performance issues, you can always check the endpoint that's using the most resources and allow that part to not be scanned. 

Symantec has the scalability and flexibility to work in line with what the customer really wants. Some parts of a server are not meant to be scanned. You can still monitor it and get reports. From there, you can decide if it should be excluded. That is one thing I like about Symantec.

How are customer service and support?

I rate Symantec support an eight out of ten. They are pretty solid in terms of technical know-how and support. My only complaint is the process of handing off between two support engineers. Whoever takes over will ask you to start from the beginning. There isn't proper documentation of the call and communication between engineers. 

Let's say you have made 60% progress toward resolving your issue. Whoever takes over from that engineer should be able to pick it from 60% and drive it to 100%. In most cases, the new engineer may even take you back down to 20%. It wastes a lot of time. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I use Symantec alongside other security solutions. For example, I don't use Symantec's Global Intelligence Network. I use a different threat intelligence platform called Mandiant in my environment. I also leverage Microsoft for threat hunting. I don't use Symantec for threat hunting.

In the past, I tried Data Center Security on our servers, but since the normal ICP works for us, we did not decide to use it. I tested the features because I was looking for a solution that can lock down some of my legacy systems. During the POC, I compared it with Carbon Black, the solution I have. Carbon Black does a better job and it's cheaper. 

I have a separate solution that I use to manage mobile devices. I'm not using Symantec. There's a solution called Sandblast Harmony that is an add-on for Check Point, which I use as a perimeter firewall. This is a solution that was deployed with it, and I have Sandblast on all my mobile devices.

Before you can install anything like office mail on your mobile devices, you need to be onboarded on that platform before you can set it up. If your device does not have Sandblast installed on it, you won't be able to proceed with the setup. So I don't really even use Symantec to protect my mobile devices.

How was the initial setup?

Setting up Endpoint Security isn't complicated. You need to set up a management server to install the agents, then provide the permissions to the appropriate IPs to acquire the update from Symantec. After that, you set up distribution points for the updated data. It's not something that can be completed in a day. For instance, if you have 200 locations, you can set up three or four daily. It depends on the criticality. That's why you deploy distribution points.

If you are operating a centralized approach, all the workstations, irrespective of the location, can pull the updates from the management server and be managed centrally. However, because of bandwidth challenges, some cannot go to the server and pull the updates. 

You have the flexibility to determine the components you want to generate. For instance, you can have different agents for workstations, ATMs, and servers by selecting the specific components you want to include. Everything is coming from the same management server. When it's time to update, you can do a workaround by leveraging the JDB from the Symantec portal. You must push that JDB  file to a specific path on those affected systems. It will execute and update automatically.

What was our ROI?

There's a return on investment.

What's my experience with pricing, setup cost, and licensing?

Symantec is one of the major players in that space, so the licensing isn't as cheap as some other antivirus products like Trend Micro. It's reasonable but not the cheapest. Any entry-level Symantec user is coughing up a lot of money compared to the other antivirus software. 

Windows Defender is practically free for customers. When you have the option of using Microsoft Defender, and you look at the price of Symantec, the gap is wide. Trend Micro is a bit closer, so competitive pricing is something Symantec may also need to consider. 

What other advice do I have?

I rate Symantec Endpoint Security a nine out of ten. I use Symantec for multiple endpoints like ATMs, servers, and workstations, but I think Symantec has evolved. They have some specific solutions for ATMs and servers. Generally, I would recommend only using Symantec Endpoint Protection for workstations. For your server, you should deploy different solutions. 

When deploying the solution, you should consider each location's bandwidth limitations. You will also need to implement quality of service on the network so bandwidth utilization is prioritized. For example, you might need to schedule workstation updates during off-peak hours. 

If it is not managed correctly, all the computers might update simultaneously during the peak period, affecting the whole environment and causing service issues. The proper time for updates should be appropriately identified. In my case, we update around 3:30 pm because we close at 4:00 pm. My peak period is between noon and 1:00 pm, so none of my workstations will update at that time. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Owner at a security firm with 1-10 employees
Reseller
Top 10
Very customizable but slow in the cloud environment
Pros and Cons
  • "The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
  • "Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."

What is our primary use case?

Our primary use cases for Fortinet FortiEDR are cash registers and endpoint, and point of sales.

The reason we originally started with FortiClient with one of our clients in the first place was that they were able to have legacy cash registers, a really old technology, which we had to get to run in a small resource space, and FortiClient, which was the predecessor, allowed us to literally pick and choose what features we wanted in the client and reduce its size, which you couldn't do with any other types of clients that were out there. That's how we started with that.

It is mostly on premise and any cloud services that we use are directly from Fortinet themselves. I would call that public cloud. We do run some of the customer's environment in private cloud, basically co-location. This has provided the services back to their dataset. I am talking about Fortinet's cloud for the public. For the private stuff it was basically out at Q9, which is the co-location provider.

How has it helped my organization?

Fortinet FortiEDR has the ability to customize the footprint of the client or the agents on the device and on the endpoint.

What is most valuable?

The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers. The customer has literally about 800 cash registers. That was the use case for Fortinet FortiEDR - to get that down into a tiny space. The only way to do that was to use this product because it had that ability to unbundle services that were a surplus.

What needs improvement?

In terms of what could be improved, I would say everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation.

A classic example of that would be products like FortiMail where you're basically acting as a mail relay. So say you're on a support call and I'm sending you a mail with document that you expect to come to you immediately, or within 30 - 60 seconds, could take up to 45 minutes because of the load on the cloud services. This can result in trouble tickets and other customer side issue.

In the next release I would like to see more investment in their cloud services. Additionally, they definitely need better integration into their FortiSIEM and FortiSOAR solutions.

They should continue to improve that and possibly include a managed threat hunting feature, an MDR solution.

For how long have I used the solution?

I'm a Fortinet Gold Reseller but primarily we're a consulting company, not a product company. We tend to be agnostic with the one caveat being Fortinet, and only because I was the first guy in Canada to get certified in that, and also the first guy to sell it. There is a personal preference there. But I'm looking deeper into more enterprise security solutions that are SASE and endpoints and EDR, XDR, MDR, all that kind of stuff.

We've done work primarily with FortiGate deployments, but we've also done multiple SD-WAN projects and we've worked with FortiEDR, which is similar to their version of EDR. We've worked with FortiClient before that. As far as FortiCloud goes, we've worked with FortiMail in the cloud, we've worked with FortiManager in the cloud, but we haven't gone into CASB stuff yet.

We also do some Fortinet managed services in our customer base. So I have worked with Fortinet since 2004, 2005.

Fortinet FortiEDR has only been out for a couple of years. We've been working with it for a couple of months, primarily migrating a customer from FortiClient to FortiEDR.

We haven't done full scale deployments of FortiEDR yet, it's still fairly new.

What do I think about the stability of the solution?

In terms of stability, EDR is a pretty decent solution, but it's not best of breed. One of the challenges with Fortinet, and all of these vendors, is that they are doing acquisitions and doing things to retrofit into their environment, but there's a dependency on legacy or other features that Fortinet has, and Prisma from Palo Alto has. They have their own products, which are how their system is designed. It's really a suite of products. Fortinet is now FortiFabric, with Palo Alto it's Prisma, Prisma Cloud and XSOAR and all that stuff.

All these types of companies are not as flexible. I think in the future, people are not going to be interested in having these huge complex suites of products in order to take advantage of integration.

If you look at a true SASE solution, for example Zscaler, it's a product on its own. And it typically integrates with industry best of breed products first. So Zscaler would work with CrowdStrike or Microsoft Defender before it's going to work with an integrated solution like Palo Alto or Fortinet.

I'm finding more and more that these companies, Palo Alto, Fortinet, Check Point, Juniper, are all doing well right now. But I think in the next year to two, you're going to see a transition away from that type of technology.

It is actually one of Fortinet's big selling points that they're not maintenance heavy and they've got their gang leveraging all the other components. It actually updates itself automatically if you choose. And it has the ability, using FortiManager and other products, where you can push out policies very easily across multiple appliances, although that requires proper design and architecture from the beginning to make sure that you've got cookie cutter configurations across your enterprise.

What do I think about the scalability of the solution?

Scalability is Fortinet's sweet spot, even though they're heavily focused trying to sell into enterprise, their sweet spot is still mid-size, SMB, customers.

Those products work well in an environment which is below 3000 users. It also works well in in terms of large enterprises, like a bank.

I don't see EDR really expanding. Fortinet Firewalls is another story. Firewalls can scale up to very large enterprises, including Telcos, but I don't see the EDR product deployed in those environments.

How are customer service and support?

Their support is getting better.

Right now it is not that good. Fortinet was never big on technical support. I think they went by the theory that if it was hard to write, it should be hard to understand. Their technical support is getting better, but if you compare it to Cisco, it's not as good and it never was. It is one of their weak points. Its response time is not bad, but the attitude of the people on the phone is. It's the amount of information they ask for to do an RMA, for example. They can be very challenging to work for. That's an opportunity for managed security providers, because if you confront them, and take it away from the customer, it makes the customer's experience much better. So a bad support center is good for an MSSP.

How was the initial setup?

The initial setup is complex compared to stuff like CrowdStrike or other products where you can just sign up and download and it, and it works.

It's a little bit more complex with FortiEDR because you're dealing with the setup and management of it, whereas in products like CrowdStrike, it's pretty automatic and it's just a question of a radio button to turn on or turn off additional features that you may want.

For example, going EDR to XDR or going EDR to MDR in CrowdStrike, you can do that in Fortinet but you have to implement FortiSOAR and all this other stuff.

Initially the setup took us a while, simply because we had to mess around with the client. We are talking weeks because we had to test and make sure that there were no performance issues and no interruptions in the flow of data, etc...

That took us probably five, six weeks to get up in a POC type environment. Once we got that, it's cookie cutter. You have an image that you deploy that already has that compiled in it, and it works pretty easily.

What's my experience with pricing, setup cost, and licensing?

Fortinet FortiEDR is priced pretty competitively if you compare it to other companies that are in the same boat, like Palo Alto, who have similar product suites. It is reasonable. In the industry, they call Fortinet the Chevy of Perimeter Security and Palo Alto the Cadillac. I think that's undeserved. I think Fortinet is actually, in the long run, a better product, but it has that reputation because of their pricing. Palo Alto, right off the bat, charged a much higher premium, which created the illusion that you're getting a better product. Palo Alto products are brutally expensive.

But that's the way Palo Alto works and it works for them. Although, I've heard rumors that they're changing their channel model where they're going after enterprise customers directly, rather than forcing it through the channel. Fortinet is a 100% channel, Palo Alto is not. And that's affecting them. If you look at stock prices and earnings, Fortinet is actually doing better.

What other advice do I have?

With any of these products, you need to step back and look at where the wave of technology is going in the security posture. I think that you need to step back and say, "Here's my current situation, what's the best solution two to three years from now?" If you look at that, I don't see Fortinet or Palo Alto or any of those traditional product vendors being the future state.

These companies are like system integrators. A lot of system integrators went out of business mostly because they couldn't make the paradigm shift from a product led business to a service led business. I see the same type of thing happening in the traditional Perimeter Security companies, that are not designed from the ground up. They make an acquisition of a product and they try to integrate it into their business model, and to leverage all their other products in a suite. That's not the way the industry is going.

On a scale of one to ten, I would rate Fortinet FortiEDR somewhere around a six.

It goes back to what I said that I don't think it's got a huge future. If you compare it to CrowdStrike or those type of products, it is very similar to Palo Alto's Cortex, they didn't even come out with an an EDR solution, they went directly to an XDR solution. What is XDR penetration? About 2% of the market right now. It's just not a fit to the future. That's why I give it a six.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
IT Manager at a construction company with 201-500 employees
Real User
Top 20
Excellent at capturing malicious threats together with an aggressive next generation firewall
Pros and Cons
  • "Anti-virus captures malicious threats and an aggressive next generation firewall."
  • "Deployment on cloud needs to be carried out manually."

What is our primary use case?

The main use cases of this solution are for protection from ransomware and malware. Although we don't have EDR because of its high cost, we do have the capability to filter the website. Our use case is more about capturing crypto and the like that can encrypt files. I'm a system administrator and we are customers of Sophos. 

What is most valuable?

I've found that the most valuable feature is the anti-virus that captures malicious threats and the next generation firewall which is more aggressive in terms of not only looking for viruses, but also for SaaS and the movement of equipment. If something strange comes up we're automatically notified and it's either blocked or quarantined. It enables you to prevent future viruses and enables us to inform the user of malicious websites they have visited.

To date, we haven't had any incidents related to viruses or any types of attacks and we barely get any false positives. It's good to know that any malicious anti-virus detected is automatically blocked, although it makes things more difficult for our IT department.

What needs improvement?

There is an issue when deploying on cloud because it needs to be done manually. For an enterprise company that can have 10,000 or even 50,000 end users, it's a lot to deploy manually. An additional feature they might include would be the ability to control the lockdown on hardware; to control all the entry points such as a USB, a camera or any external storage. 

For how long have I used the solution?

I've been using this solution for three years. 

What do I think about the stability of the solution?

I think this solution is stable. It doesn't allow you to do anything that may cause a problem. If you try to download something that is prone to hacking, the solution won't allow it. It's important to use the admin lock to prevent malicious programs being downloaded. It's good at preventing remote users from downloading malware. 

What do I think about the scalability of the solution?

The solution is very scalable because they don't generally deal with small size office deployments of 10 or 15 users. The solution can scale to 100,000 or even up to 200,000 users.  

How are customer service and technical support?

Initially we didn't have phone support, but now it's part of the enterprise portfolio which we have. We only use the support if we have an issue with the server. It's the benefit of the cloud, there are no concerns about the server whereas on-premise you need to synchronize your server or upgrade the new version to get those features.

Which solution did I use previously and why did I switch?

We migrated from Symantec enterprise to Sophos and SentinelOne. The approach is the same for all of them. 

How was the initial setup?

Initial setup for the cloud is very straightforward because it's managed by the company. It's just a matter of downloading the agent and installing to your end point. The on-premise implementation is more difficult, particularly if you're not familiar with it but the support is very helpful. I believe there's a way to roll out without the need to visit individual users. I believe they integrate with an active directory, and then post from there. Deployment time depends on availability of the user's desktop or and/or laptop. If it's on premise, you can push that one, it would take less than 15 minutes. To deploy in a company would take less than a month. 

What's my experience with pricing, setup cost, and licensing?

If you start with the standard solution, move to Intercept X, and then go to the EDR version, it's almost double the price in comparison to other vendors. It's a choice for any company. Check Point's SandBlast, for example, has two payables but the additional payable includes encrypting your hard drive - not everyone needs that feature. 

What other advice do I have?

This is a good product but it comes at a high price. As a result, I would rate this solution an eight out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
FrançoisNolin - PeerSpot reviewer
Cybersecurity architect at Alithya
Real User
Top 20
Easy to set up and user-friendly with good support
Pros and Cons
  • "It’s really easy to use."
  • "It would be interesting if the solution offered a way to try to investigate and create a use case to trace vectors."

What is our primary use case?

FortiClient is for the VPN. FortiClient is used with FortiGate. We have 100 users across both North America and Europe. We created a rule with the firewall to authorize the countries we are in, and we have rules to authorize specific IPs. We have to link to the internet.

How has it helped my organization?

The incidents in the log have been very useful. Some projects are really a pain to investigate. This helps.

What is most valuable?

The solution is user-friendly. It’s really easy to use. It is not like Cisco where GUI is really bad.

I don't have really issues with them. In terms of features, everything is easier.

When you want to find any information, you have documentation on hand that is easy to use.

You have good support and the price is good.

The solution is very easy to set up.

What needs improvement?

I’m not sure what exactly can be improved.

It would be interesting if the solution offered a way to try to investigate and create a use case to trace vectors.

For how long have I used the solution?

I’ve used the solution for more than two years.

What do I think about the stability of the solution?

We don’t have any issues with stability. It’s been fine. There are no bugs or glitches and it doesn’t crash or freeze. We don’t have any issues with the internet or power supplies.

What do I think about the scalability of the solution?

We have about 100 users on the solution currently. We don’t really scale it.

How are customer service and support?

Technical support has been excellent. They are fantastic.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used a different solution. However, it does not cover the same responsibilities.

Sometimes, for SOCs, I’ve looked at WatchGuard, Palo Alto, Cisco, and Check Point.

How was the initial setup?

The initial setup was simple and straightforward. It wasn’t difficult at all.

I wasn’t a part of the initial setup and we tried to switch since the first time the person deployed it. In FortiGate, he used the wrong setting and the wrong methodology. We had to try to make some changes without creating any issues with the production.

It is very easy when you start at the beginning. It is not long to deploy.

What about the implementation team?

We handled the setup ourselves in-house. However, when I leave the company, likely they will try working with a third party as they don’t have the time and have a contract with other clients.

What was our ROI?

I don’t deal with anything related to pricing or costs or ROI.

What's my experience with pricing, setup cost, and licensing?

I don’t know the exact pricing of the solution. It’s not an aspect I worry about.

Which other solutions did I evaluate?

To compare every project on FortiClient you have and compare it with Palo Alto. Palo Alto offers a few more powerful new features. You can automate the use case. You have internet analysis and endpoint analysis. I would like to see the same options in FortiClient.

What other advice do I have?

I administrate FortiGate.

Within my new job, I am trying to be a partner with FortiGate and FortiClient to sell it to other clients. I have to get my certification just to be expert

I’d advise users to just look into best practices. Maybe try to join a training session. You can also simply go on the internet and try to find the best practices that make sense for you.

I’d rate the solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
IT Security Administrator at a tech services company with 1-10 employees
Real User
Provides more visibility than expected and lets us know if anything unusual happens on our network
Pros and Cons
  • "Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
  • "They've been having some issues with updating their endpoint agents, and it has been quite frustrating."

What is our primary use case?

We have Cortex XDR on our endpoints, and we have managed threat hunting. We are using it for everything related to security. If we have a device we believe is compromised, we can do a scan of the device to check for malware. We look for indicators of compromise in our network. We also look for behavioral things, such as if people are, for some reason, sending a bunch of information out. We also monitor USB file copies to make sure sensitive data isn't leaving our systems. It is also for any kind of denial of service attack.

We are using its latest version. It is deployed on-prem. We have agent software on all our endpoints, and then we have on-prem devices managed through Panorama.

How has it helped my organization?

It has quite a bit of functionality. So, if anything weird happens on our network, Cortex normally lets us know.

What is most valuable?

Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful.

What needs improvement?

They've been having some issues with updating their endpoint agents, and it has been quite frustrating.

For how long have I used the solution?

I have been using this solution for about a year.

What do I think about the stability of the solution?

It's incredibly stable. It's Palo Alto; it's top of the line.

What do I think about the scalability of the solution?

It's enterprise-grade. They cover everybody from the federal government to large corporations. We're probably a pretty small network for them. We have about 2,000 endpoints.

How are customer service and support?

I have used their support. I would rate them a four out of five.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used to have Check Point. We switched because there were a lot of added features with Palo Alto that Check Point didn't have. It was an upgrade for us.

How was the initial setup?

It is incredibly complex. It has a lot of parts. Its implementation took six months.

What about the implementation team?

We worked with Palo Alto directly to look at our old firewalls and translate their configuration to Palo Alto.

There are three of us for deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff.

What other advice do I have?

You get out what you put in. So, the more you work with it, customize it, monitor it, and manage it, the more you'll get out of it.

I would rate it an eight out of ten. There are some bug updates that they were having issues with. Everything else has been pretty great. There is a lot more visibility than I expected.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
EPP (Endpoint Protection for Business)
September 2022
Get our free report covering Microsoft, Palo Alto Networks, SentinelOne, and other competitors of Check Point Harmony Endpoint. Updated: September 2022.
633,184 professionals have used our research since 2012.