Kaspersky Endpoint Security for Business alternatives and competitors

We use it for endpoints, to protect all the workstations in our company. Endpoints are just one layer requiring security in our environment, and we use the solution for anti-malware and for endpoint detection and response.

The best benefit, of course, is the protection against viruses and phishing attacks. In addition, we are using fewer solutions than before for endpoint protection. Symantec is enough for us.

Symantec is important for our organization. We have confidence in it to protect our workstations. We use it for many different types of protection, such as blocking ports, like TCP and UDP. We don't need to use GPOs from Active Directory to block anything or to use Windows files. It's the only solution that we install on our workstations. If we don't have it on a workstation, that is a cause for concern.

I like the endpoint detection and response. That's the best feature. I also like the fact that we don't need to use a file on the computer, whereas some anti-malware solutions work with a file on the endpoint. Symantec is a very good option compared to solutions from other vendors.

And when it comes to attack and breach prevention for mobile endpoint devices, Symantec is good. Until today, we haven't had any cases of malware on our smartphones. I suppose that the solution is protecting all the mobiles that we have in our company.

It's also very good, based on the last test I did, at fully exposing the extent of advanced attacks, especially when attackers use stealthy techniques to evade detection. While there was something that it didn't protect against, that was 10 percent of the test, which is not huge when compared with other anti-malware on the market.

One suggestion I have for both regular and mobile would be to collect all the information about installed software, such as versions, and give that information to the manager to help with software management. That would be a huge advantage for everyone who administers these tools.

For example, EDR gives me some applications with a version linked to a CVE or a MITRE attack. That's really interesting, But we don't know about other software that is installed and that means we need to install and use other software on the workstation to collect that information. If Symantec could do that, it would help managers improve their security, as they would know all the software installed on each device.

Because Symantec is already installed on a workstation, it would not be difficult for the agent to collect information about the software installed. It wouldn't need to do anything other than collect and share the information. That would be a huge advantage for the administrator. The more information we have about a device, the more secure we can make it. For example, there are types of software that can open a port that an attacker can use. If we know that such software is installed, we could just act before something happens. If Symantec could collect that software information, it would be amazing.

I have been using Symantec Endpoint Security for almost three years.

It's very stable. I have never experienced an unstable system with Symantec.

On the cloud, scaling is very easy, of course. But on-premises, we have had some difficulties, although these are the normal difficulties that any on-prem software would have. If I was using any other system on-prem I would also need to be thinking about disaster recovery and backup and load balancing.

We have Symantec deployed on all the company's workstations, on about 1,400 devices. We have also installed it on about 400 Windows Servers. And we are testing it on two Linux servers as a proof of concept, to see if we will install it on all our Linux servers.

We have contacted their technicians to help us with issues. The last one was very good. He tried to help us with different kinds of troubleshooting, as it was very important to find a solution.

Positive

I have used CrowdStrike, Deep Security from Trend Micro, and Kaspersky. I have also tested Sophos and Check Point Security.

Although in both companies where I have used Symantec it was already there when I started, it has positive evaluations in industry reviews of many anti-malware tools and a good price as well. It provides a good solution at a good price. I expect those are the reasons that these companies chose it.

At this moment, I'm responsible for changing it from the on-premises to the cloud tenant.

We are working with a company, a reseller here in Brazil, that is helping us with some troubleshooting and some of the more complex things. After we tried many scripts, we found one that works really easily. But importing some things to the cloud version is not so good. For example, we exported device control from the on-premises version and imported it to the cloud version and it didn't work. So we will probably need to do it manually. This isn't great for us, because we have many devices and we will need to put them on the cloud one by one. But in general, it's not bad.

In terms of maintenance, on-prem we have to keep an eye on some features because some of our internal vulnerability tests have found that some patches had some CVEs and we had to do some updating. But that was on the management side of the solution that we use to control the devices and agents, not the agent itself. We haven't needed to worry about the maintenance of the agents.

Our experience with our current reseller has been really good. They are good guys with good knowledge of the tools. They have helped us a lot. This reseller is a new one for us. We used another that was very bad, with poor response times.

The new reseller has also helped with the data loss protection solution that we have installed, and with our Web Security Services, which is another software package we use.

The price of Symantec is very good compared to other vendors. I had access to information about pricing when we were renewing. I don't know if the renewal was cheaper than when contracting it the first time, but the renewal price was better than many other vendors' first-time prices.

I formed a good impression of Symantec Endpoint Security when we used a penetration tool on it and on other anti-malware solutions as part of a proof of concept. Symantec was one of the best in that penetration test and that was a surprise for me because I thought it would not be that good. But it gave us really good results in the penetration test.

I have used different solutions, but I prefer Symantec's cloud solution when compared with, for example, CrowdStrike.

My advice would be to start using the EDR as soon as possible to have a good view of your environment.

The management functions in the cloud are better than they were in the past with Symantec's on-premises version, which was not good. The management functionality in that version was terrible. Although it was still very good for protection, the management interface was not good. Now, with the tenant in the cloud, it's better than it was.

We just renewed our license for Symantec a month ago, and we are changing our implementation from on-premises to the cloud platform. As part of that process, we will implement the solution's threat defense for Active Directory, but we still don't have it working. So I can't say, at this moment, if Active Directory is already protected against any type of this attack. But we know SES has that feature.

With the EDR solution, it has helped save us time when it comes to responding to threats, but with only the endpoint solution, I can't see that being the case.

We've been using it for endpoint protection. We're using this solution to protect our endpoint devices e.g. laptops, mobile devices, servers, and gateways. We're also handling encryption and patch management for our software, especially on operating systems and sales software.

Compared to whatever we had before, this solution gives us some advanced services, including protecting our network security. In the past, we used to have people who were able to expand the network to other devices which are unauthorized. Now, with this solution, that is no longer possible because of the network security protection feature.

I find the network security protection feature the most valuable.

There is no perfect solution. There are areas that we wish could be improved, especially on upgrades. Sometimes upgrades are too heavy that they require backup like you're installing the solution for the first time. Sometimes the configuration is also quite a tedious process for the solution to be configured the way you want. It's quite complex. There are also some features that need to work with iOS. At the moment, we find that a problem. We are not able to fully protect our iOS products, but more or less, this is a good solution.

We've been using this solution for the last three years.

I have no complaints about the stability of this solution, apart from some issues that have to do with updates. When they're doing major updates, we find that sometimes it doesn't go through, unless we back up and reinstall it fresh, but after doing that, it works. This solution's okay.

This solution is scalable. We started with GravityZone, but because other needs emerged, we were able to scale up the functionalities to Elite, plus we also increased the number of devices and endpoint protections. At the moment, we have a license of 600 endpoints.

The technical support was on point.

In our environment, setup was a little bit complex, but working together with their technical team, they were able to do it successfully. Though the time it took was a little bit longer, at the end of the day, we got what we wanted. It was complex, but because the engineers understood, they were able to install and configure per our environment.

We implemented through their technical team.

We evaluated Kaspersky.

I can't really remember how long the deployment of this solution took with their technical team because it was two years ago and we were migrating from another solution. It was a one-off. What we did was to do the virtual installation first, confirm that everything is running well, then migrate the devices one by one. I can't really give an exact duration, but it was within the timelines that we set for the migration.

We don't really need a lot of staff for the maintenance of this solution. Our environment is simple and clear. We only have one person and an assistant who are responsible for the maintenance. It doesn't require much support from the team because it's working well every day. So far, we haven't experienced any difficulties in the local administration of the system. In terms of installation and setup, of course, that is done by the technical service provider, but in terms of management and maintenance, we haven't seen any major challenges.

As for licensing costs, at the initial stage, when we took a lease, we took it for three years. It's expiring next year. When it expires, we also plan to renew for two years, because doing it monthly, quarterly, and yearly is a tedious process, so we would always want to do it just once, as long as we are sure that the solution is working for us.

At the moment we really don't have an additional cost, unless we want to get some additional services. The cost that we incur is for the maintenance of our own infrastructure where the solution is installed, but not a payment to the service provider.

My advice to people who want to implement this solution is that it's important for them to understand their needs first, for them to know which product works well for them. Some of these products differ slightly, but you might find that may be a slight difference really makes a very big impact on your need for that particular solution. It's important for them to fully understand their needs and also understand the functionalities of the system, whether it's going to fully meet their requirements. That is what we did so we ended up getting this solution. For us, based on our environment and needs, this solution works.

The features that we want already exist in this solution. The only problem is that we haven't scaled it enough for those features to be activated. In our discussion with them, we told them we would want the system to do these things, which they said are already available. We just need to make a provision in our budgeting to be able to activate some of those features, because what we got was just endpoint protection, and in terms of endpoint protection, it's good enough.

It's very good to rate a product when you have a range of products you're doing a comparison with. At this moment, I can only do a comparison between two products: the one I was using before and the one I'm currently using, so I might be biased because I don't have experience with other solutions. For the Bitdefender GravityZone Elite, I'll give an 8.5. If I'm choosing between an eight or a nine, I choose nine.

I'm rating this solution a nine out of ten.

The reason why I'm not giving a rating of ten out of ten is because of the challenges we've been getting because we are on-premise. Otherwise, if we were on a cloud, then we will not have any of those challenges, like the issue of upgrades, because it would be seamless so I would be able to give the solution a rating of ten.

Most of the solutions we are using are local and customized to our environment, so you might not have reviews on them. What we have which might be within your radar of review is Untangle. There's one: NextGen Security, NextGen Firewall, which is called Untangle. That's what we used, otherwise the rest like Microsoft OS, are basically a monopoly in our environment, so I don't think there are any other solutions we can discuss.

We use this product for endpoint security and threat remediation.

The fact that this is a cloud-native solution that provides us with flexibility and always-on protection is absolutely important, especially with a good majority of our staff working remotely, now.

We've had security incidents that occurred and within a matter of just a couple of minutes, they were completely remediated and fixed and we didn't even have to think about it. We just got the report after the fact.

Falcon's ability to prevent breaches is excellent. It's affected us in that we haven't had any downtime as a result of breaches or any malware or anything like that. Ultimately, it's given us a lot of our time back. On the IT side, this is at least five to ten hours per week. On the user side, it is probably more.

The most valuable feature is threat remediation. We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur.

CrowdStrike takes care of all of the updates, so we don't even think about it or see it. This is great because we definitely spent a lot of time doing that kind of thing with our previous solution. Now that we haven't had to do it in four months, it's not even something we consider anymore.

We use both the endpoint and cloud workload protection and the detection and prevention it provides are excellent. It's tuned well to the fact that there can be a lot of false positives, so there's not a lot of potential issues that we're getting alerted about that aren't real. This means that when we do get alerts, we know that they're real and they're already being remediated for us.

It would be nice if the dashboard had some more information upfront, and looked a little better. Having a cooler dashboard is nice to have, although it is not as important as the functionality, which is very good.

I have been using CrowdStrike Falcon for approximately four months.

The stability is great and we haven't had a single issue.

It was originally deployed to 200 users and we haven't really grown since we started, so I can't speak to scalability. This represents 100% adoption in our organization, and there are no current plans to grow. As we hire more people, our usage will increase.

There are two people who work with it on a daily basis. There is the director of IT and a network administrator.

The technical support is excellent. I've only used it a couple of times and they were extremely responsive and very fast.

Prior to implementing CrowdStrike, we used BlackBerry Cylance. We switched for the ability to have full remediation so that we didn't have to do it ourselves. Also, this product is pretty much best-in-class for endpoint protection.

The only real difference that we have found with CrowdStrike, compared to Cylance, is that we no longer have to spend time remediating our issues. The detection and prevention capabilities are similar, although, with CrowdStrike, we have fewer false positives.

The initial setup is extremely easy. It took me about five minutes to deploy it to my entire organization of about 200 users. The single-center process is extremely important because it's something that we were worried about, but it turned out to be a non-issue because it only took five minutes and we haven't had to think about it again.

We initially had a plan for deployment but once we found out how easy it really turned out to be, it was basically a one-step plan.

Our return on investment comes from the fact that there is less downtime for people that do get malware and other such problems. That is something that can be quantified.

We made use of the free trial and the process for getting set up was extremely easy. We spoke to our sales rep and in our discussions and demos, they offered the free trial. We accepted, they sent me a link and I downloaded the agent. I was then able to install it and login in less than five minutes.

Having the free trial was very important in making our decision to implement CrowdStrike because without being able to test it, it's not something that we would have chosen.

The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market. That said, it's definitely one of the highest. There are no costs in addition to the standard licensing fees and the fact that it's keeping us safe, and it's proven that it works, is worth it.

We evaluated solutions from several vendors including Sophos, Trend Micro, McAfee, Kaspersky, and perhaps another one. A lot of these other endpoint solutions don't offer a full remediation option, and that was a big deal for us.

Also, reputation was important. We had used a couple of others in the past and there were issues where they would make an update that would negatively affect all of our computers. For example, our users could no longer access certain important websites. We haven't had that problem with CrowdStrike.

In terms of ease of use, CrowdStrike is extremely easy. Comparatively, we've had less time in the administration console than we have previously.

My advice for anybody who is looking into implementing CrowdStrike is to go ahead and do it. There is nothing to worry about and they deliver as promised.

I would rate this solution a nine out of ten.

We use Trend Micro Apex One on our systems and servers for endpoint protection.

The most valuable features of Trend Micro Apex One are it has its own machine learning and it is quite fast, compared with the other solutions. When you're comparing the other solutions, each has pros and cons, you cannot claim one is 100 percent suitable for you. None of the solutions dominate in all areas.

We had some problems with Trend Micro Apex One doing the updates and patches. Some of the other vendor's support has said that Trend Micro Apex One receives database signatures updates too late.

Trend Micro Apex One consumes a bit more resources of your PCs than we would like to have consumed. We do not scan during busy hours of the network because it slows down my data network. What we have done is, we have kept everything after business hours. We have a scheduled scanning in our networks.

I have two operating systems running on my computer and when I start scanning Trend Micro Apex One consumes too many resources, such as processor power. For example, when you are in business hours and the scanning starts, your other operations in software, such as Excel, will have the performance slow down. Overall his solution is good.

I have worked with other solutions, such as Kaspersky, and it consumes approximately 35 to 40 percent of the maximum resources and Trend Micro Apex One consumes approximately 40 percent of the resources. The best thing is the delegation gene of this Trend Micro is amazing.

I have used Trend Micro Apex One within the last 12 months.

The stability of Trend Micro Apex One depends on how you use it. Additionally, the strength of the data connectivity from one branch to another matter. If your main server is on-premises, the solution's updates and patches should be sent from over the network. For example, if you have a data network, ERP, and internal intranet servers or data connectivity when the server sends the package the bandwidth is important. The bandwidth is something you have to consider with the cloud solution you have. If it is on-premises, your data will be updated quickly.

We have not needed to contact the support from Trend Micro Apex One. We have a support vendor that has certified engineers. The access to our servers is with our support vendors. We do not need to log into our server often because we have installed a thread on this server. If the server is disrupted, it loses connectivity or shut down for some reason, we receive a thread through email,  MMS, or network monitoring system we have. We can have alerts from there. If we have any modification required, we call up the support team or support vendor and they will send an email. Once they're done, they will ask us to check if what they did resolve our issues.

I have previously used other solutions, such as Kaspersky Endpoint. 

Trend Micro Apex One and Kaspersky Endpoint are close to being the same solution. I would rate Kaspersky Endpoint higher than Trend Micro Apex One.

The drawback with Kaspersky Endpoint is if the computer systems are out of the network for a long time and the system comes back online, it takes a long time to synchronize and to receive updates. It updates, but it updates very slow, regardless, of whatever internal bandwidth you have. Even if you have changed the source from the on-premises server to the Kaspersky website to the Kaspersky cloud, it takes time. In Kaspersky Endpoint, some of the hash files are hard to find.

The most valuable feature of Kaspersky is, the moment you install the Net Agent, it immediately starts the inventory. This happens regardless of whether you have a system in your domain or non-domain, it scans your network fully.

We only prepare the servers with Trend Micro Apex One for the customers. We give them VPN access with one server and their team is working on it to maintain it. However, we are receiving monitor reports from the solution. 

The solution is completely monitored and maintained by our third-party solution provider.

I am looking to upgrade Trend Micro Apex One to another solution. Both Kaspersky and SentinelOne, are under my budget and I am planning to move to one of them soon.

We are looking for a change because I have Windows 7 which is considered a legacy OS. It has been made completely obsolete by Microsoft. We're planning to update our machine to Windows 11 and then we will think of changing the Trend Micro Apex One. I have not found a good deal or sales, I would stick with Trend Micro Apex One because I have never faced any problem. Whatever I want, this solution has. I cannot give you any negative feedback. We are using two threat protection solutions. We have different locations and they are in different countries. In some countries, we are using Kaspersky and Trend Micro Apex One, and they both are on the same platform.

We have not purchased the EDR module for Trend Micro Apex One, we use the basic endpoint. At this moment I'm looking for the EDR option, endpoint detection response, and the rollback. Trend Micro Apex One Apex One doesn't have the rollback feature.

I rate Trend Micro Apex One an eight out of ten.

The endpoint of Trellix itself should be placed within an enterprise with more than 200 or 300 endpoints. And then, an administration council should be used to administrate these endpoints and get the updates, including any virtual batching needed, and so on. This is the most usual case for this product. However, of course, there are other supportive add-ons, or sensors, to be added to this endpoint - including the EDR, the endpoint detection response, sensor. 

The user behavioral analysis feature is great.

It patches the operating system which is running on it until there is an available patch for the operating system itself.

The user experience of the administration has to be reviewed or refined. It's not friendly, not that easy.

If I could sell my customers the endpoint protection software in addition to the EDR software as a single package, that would be ideal. 

Technical support needs improvement. 

I started using the solution around four years ago.

The stability depends on the version. I'd rate reliability eight out of ten. With some other versions, especially the old ones, you cannot even rate them five out of ten. The newer versions are much more stable?

The scalability is okay. I'd rate it seven or eight out of ten in terms of ease of scaling. 

We can just embed new features to the original package just to include everything so that you do not need to ask the customer to get full coverage by adding an add-on license, and so on.

Typically, enterprises use the solution. It's used, for example, within the financial sector and most of the customers are banks, FinTech companies, or financial organizations. Organizations may have 500 to 5,000 users.

Some of our products have a first and second line owned by us. We are giving support services to the customers instead of the vendor. Some other products are supported directly by the technology vendor, however.

Technical support from the vendor is very bad. 

Usually, when the customer submits a ticket, they put a severity level on the case. Whenever the case is very important, and there is a real malfunction in the product on the customer side, and there is something down that needs someone to have a look immediately, it takes more time than it should to even engage with the customer. 

When someone has to contact the customer and have a remote session within the customer environment, they sometimes lack in terms of communication with the customer. The support centers are located in the East and not all have an acceptable level of English in order to communicate directly with the customer. 

Neutral

We did previously work with Trend Micro. We also worked with Kaspersky and also ended the contract. 

Trend Micro is more attractive than Trellix from a sales perspective since most of the features are already gathered within it as one solution. The interface is much more user-friendly for the customers as well. In addition, the customer does not have to prepare a huge infrastructure requirement, to have the products already deployed. It's much easier to deal with and very stable as well. Some customers do not like Trend Micro since it doesn't have many integration points with other technology.

The solution can be easy or complex. It depends on the environment in which we are going to implement or deploy the product on. 

It becomes complex, especially when it's a virtualized environment.

The time it takes to deploy depends on the number of endpoints running within the organization. The initial setup for the administration part may take two business days.

There should be an updated operating system first, in order to host the administration console of the product. Then certain batches have to be installed, including batches on updates for the product itself. Then we usually install the main orchestrator of this product. After that, we generate the endpoint package to be distributed on other endpoints.

Usually, one to three people are needed to deploy the solution. 

I'd rate the solution seven out of ten. 

We do have a technical arm. It's an independent professional service provider. It's a company itself. However, it's under the umbrella of the main one, which is acting as the technical arm of the main company. It typically handles the initial setup. 

Trellix may cost around $46 to $47 for a single license without an EDR. In contrast, Trend Micro may cost $23 to $25 USD without an EDR sensor. Trend Micro is much cheaper. 

Trellix may have extra costs in terms of managed services. That might be around $200 to $250.

I'd rate the solution six or seven out of ten in terms of affordability.

We're a partner and reseller. 

We're working with the most recent three versions. It is 10.9 right now. Previously, it was 9.5 and then 8.7.

We have the solution deployed on-premises and on the cloud as well. 

I'd advise potential new users to look at all packages before implementing Trellix and to look into configurations right at the outset. 

I'd rate the solution seven out of ten.