IT Central Station is now PeerSpot: Here's why

Symantec Advanced Threat Protection OverviewUNIXBusinessApplication

Symantec Advanced Threat Protection is #13 ranked solution in top Advanced Threat Protection (ATP) tools. PeerSpot users give Symantec Advanced Threat Protection an average rating of 8 out of 10. Symantec Advanced Threat Protection is most commonly compared to Microsoft Defender for Office 365: Symantec Advanced Threat Protection vs Microsoft Defender for Office 365. Symantec Advanced Threat Protection is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 21% of all views.
Buyer's Guide

Download the Advanced Threat Protection (ATP) Buyer's Guide including reviews and more. Updated: July 2022

What is Symantec Advanced Threat Protection?

Symantec Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and remediates advanced attacks. The product fuses intelligence from endpoint, network, and email control points, as well as Symantec’s massive global sensor network, to stop threats that evade individual security products. It leverages your existing Symantec Endpoint Protection and Symantec Email Security.cloud investments, so it does not require the deployment of any new agents. You can deploy a new installation of Symantec Advanced Threat Protection and start to discover suspicious activity in under an hour. Using the proven technology in Symantec Insight reputation based detection, Symantec SONAR behavioral analysis with the new Symantec Cynic sandbox and file analysis platform, Symantec Advanced Threat Protection provides better detection and prioritization than other vendors, allowing security analysts to “zero in” on just those specific security events of importance.

Symantec Advanced Threat Protection Customers

ECI

Symantec Advanced Threat Protection Video

Symantec Advanced Threat Protection Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Bálint Kamarás - PeerSpot reviewer
Lead IT Security Consultant at Compliance Data Systems Kft.
Consultant
Top 10
Good incident management and great integrations but needs to improve its on-premises appliances
Pros and Cons
  • "The incident management on the solution is very good. You get a lot of detailed information about an incident. You also get a lot of documentation in connection with the CVI or integration."
  • "Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly."

What is our primary use case?

We primarily use the solution for its integration capabilities.

What is most valuable?

Their integrations are pretty good as are their Sandbox solutions, their proxies, and their LTAs with API or ICAP protocols. Symantec has good experience in the field. They're good at picking up on trends. They have one of the biggest background cloud networking internet solutions due to the fact that they have a lot of customers everywhere in the world and they have a lot of data. The incident management on the solution is very good. You get a lot of detailed information about an incident. You also get a lot of documentation in connection with the CVI or integration.If you have to integrate it with CM solutions, you can correlate data more with other solutions, for example, with firewalls. The result of this integration is that it gives you much more information. There are customers where the engineers have enough time to investigate all of the incidents. However, you can also collect this data in a CM and then in an incident and response management solution. It ends up saving a lot of time

What needs improvement?

Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly. Symantec ATP doesn't offer add-ons or anything of that nature. It's a closed architecture, a closed system. It's based on a Linux OS, and we haven't got a lot of privileges to change anything. That said, if you are integrated with content analysis, then you have to use a lot of very good add-ons for the content analysis to find and analyze and investigate. If you only have ATP it's not enough to be effective. You have to use other solutions from Symantec, like its content analysis. You have to integrate the messaging gateway or email security and so on. 

For how long have I used the solution?

I've been using the solution for two years.
Buyer's Guide
Advanced Threat Protection (ATP)
July 2022
Find out what your peers are saying about Broadcom, Trellix, Palo Alto Networks and others in Advanced Threat Protection (ATP). Updated: July 2022.
610,229 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is mostly stable. However, these types of solutions can be blocking items and will need to be adjusted. If you have any LAN, for example, and an on-premise solution, then you need to change it. When you do you will lose the connection. Therefore, if you have LAN solution, you need to change the mode out of work hours.

What do I think about the scalability of the solution?

In terms of the on-premises appliances, you need very big appliances to handle the storage. Users of on-premises solutions really need to size things up correctly at the outset, as it isn't easy to scale a physical environment.

How are customer service and support?

We've contacted technical support in the past.  As of right now, with the Broadcom acquisition, many people are changing roles which causes support to be rather slow. The senior engineers are now moving to premium support. Due to these changes the customers aren't the happiest as they have to wait longer for help or information. This has only been happening for about a year, which, in thte scheme of things, isn't too long.

Which solution did I use previously and why did I switch?

We've worked with Palo Alto in the past and have just started using Check Point.

How was the initial setup?

Whether the initial setup is straightforward or complex depends on on the company and its requirements and if it plans to integrate the solution into other products. Deployment times vary; it really depends on the organization's existing architecture and on the integration. For example, if you like to only implement systems for the EDR facility, all the EDR, along with the manager, is a pretty fast process. However, if you would like to integrate it with your email security or with your web proxy, or with anything else, that will be complicated and will lengthen the processes. The implementation can take anywhere from one month to one year.

What's my experience with pricing, setup cost, and licensing?

The solution isn't the least expensive option. Other solutions do cost more, however.

What other advice do I have?

We have been platinum partners with Symantec. The solution is at a bit of a crossroads due to its acquisition by Broadcom and they changed their EDI solution because Broadcom had an EDI network solution too. There were EDI scanners in the network, but it's on the side. Now they have a new direction in this area, due to the fact that they want to solve these processes only from the endpoint side. Frankly, I am still waiting for the restart of this new direction. I do not think it's enough.  While most deployments are using on-premises, we have some hybrid and cloud solutions too. It depends on the customer. Whether or not this is a suitable solution for a company depends on its network and requirements. Different products offer different benefits. A company needs to shop around to see which fits best. For example, it's not the best solution for enterprise companies. Also, their price is not the cheapest, however, there are many more that are more expensive as well.  I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Director Security Operations at a tech company with 201-500 employees
Real User
Integrated with an email security platform, protects against new threats, but needs tighter support for new OSs and is limited in behavioral and algorithm-based detection capabilities
Pros and Cons
  • "You don't have to buy a separate email security platform. You can enable that using their endpoint, and I like that. You don't have to have two agents running on the same box."
  • "The support for new OSs and older OSs could be a little tighter. They need to be more upfront about what protection services they're going to provide on new OSs. I haven't seen the Windows 11 version out yet. It is either already released in Beta, or the Beta will be released soon. There could be a little bit more advanced updates on what they're doing to help protect Windows 11 environments. They can let us know in advance so that we know it is going to be protected. We can't roll out the new OS without putting end-point protection on it. So, they should tell us what is their support model for that, and what are they doing to protect Windows 11. They're not telling me, and that's a criticism. The same issue is applicable to all the other antivirus tools. It is not just Symantec; all of them have this problem."

What is our primary use case?

We use it for advanced antivirus protection. It is primarily used for protecting the workstations and servers from Zero-Day and other emerging threats. 

I am using its latest cloud-enabled version. Its deployment model varies. We recommend the full cloud version, so we try to get everybody moved over to the cloud. Most of the time, it is a hybrid for a while, until you get moved fully into the cloud.

What is most valuable?

You don't have to buy a separate email security platform. You can enable that using their endpoint, and I like that. You don't have to have two agents running on the same box. 

They have advanced their product line with other detection capabilities outside the traditional hashes. They have added Zero-Day in the emerging Advanced Threat Protection series. So, it gives the customers a better feel that they're protected. It is not just traditional AV-only protection. It also protects against new and emerging threats.

Its agent is also pretty solid. It is a good product.

What needs improvement?

The support for new OSs and older OSs could be a little tighter. They need to be more upfront about what protection services they're going to provide on new OSs. I haven't seen the Windows 11 version out yet. It is either already released in Beta, or the Beta will be released soon. There could be a little bit more advanced updates on what they're doing to help protect Windows 11 environments. They can let us know in advance so that we know it is going to be protected. We can't roll out the new OS without putting end-point protection on it. So, they should tell us what is their support model for that, and what are they doing to protect Windows 11. They're not telling me, and that's a criticism. The same issue is applicable to all the other antivirus tools. It is not just Symantec; all of them have this problem.

Solutions like CrowdStrike, ESET, and SentinelOne have really jumped ahead on behavioral and algorithm-based detection capabilities. Symantec is trying to catch up, but they still have some limitations of being an old-school AV protection program and adding AI and behavioral learning and detection algorithm.

For how long have I used the solution?

I have been using this solution for eight years.

What do I think about the stability of the solution?

As far as I could tell, it is pretty stable. I don't get a lot of complaints. I have some concerns about their growth strategy. The market is a little bit more competitive than it used to be. We have more tools and technologies out there for AV protection, but for now, it is in really good shape.

What do I think about the scalability of the solution?

They can scale to very large enterprises. I don't see any problems with that.

Each individual customer has their own licenses, so I don't have a roll-up of how many users are actively using it.

How are customer service and support?

Their sales cycle is pretty good. Their support is very good. We've had a good experience with them. We are usually able to get to who we need to in a timely manner. They have a good group of guys over there.

How was the initial setup?

They have a very simple and easy implementation. They have been around for a long time, and they have been very easy to deploy, support, and manage.

The deployment duration depends on the size of the environment. It depends on whether you have 100 workstations or 10,000 workstations. Regardless, it scales very well. It takes minutes per workstation versus days.

After the installation, you have to configure it. They've made that pretty easy. It takes maybe five minutes per workstation to make sure it is working and running, but then you also have alerting and monitoring. So, you got to monitor it. Otherwise, it doesn't do any good if you're not telling people what's going on. The monitoring, detection, and response piece of it can be very expensive.

What about the implementation team?

We are an MSSP, so we do all the work ourselves for customers. Typically, you have to have at least one SME who is dedicated to it. It also depends on the size of the organization. So, if there are five computers, then you would probably have one person doing everything. If you have 5,000 computers, then there would probably be one person doing just Symantec. So, the ratio is 1 to 5,000.

What other advice do I have?

I am not a big fan of them being bought out by Broadcom. They're not their own entity, but it didn't turn out to be a bad thing so far. So, I'd just be cautious about a company that is bought out by an investment company like Broadcom. They typically buy companies to let them die. That would be the only concern I have.

I would rate Symantec Advanced Threat Protection a seven out of 10, just because there is so much competition. Five years ago, I would have rated it higher than that.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Advanced Threat Protection (ATP)
July 2022
Find out what your peers are saying about Broadcom, Trellix, Palo Alto Networks and others in Advanced Threat Protection (ATP). Updated: July 2022.
610,229 professionals have used our research since 2012.
Faisal Mian - PeerSpot reviewer
CTO at ABM Info. tech
Real User
Top 5Leaderboard
Easy to set up and quick to deploy but needs to be more scalable

What is our primary use case?

We have two departments, two clients on Advanced Threat Protection.

Advanced Threat Protection usually helps in identifying and protecting against non-signature virus attacks. With this product, you can protect yourself from attacks.

What is most valuable?

The solution has proven so far to be quite stable.

It's mostly an effective product and it's good to have on the side.

We have found the initial setup to be simple. The deployment is also very fast.

Technical support has been helpful and responsive.

What needs improvement?

Scalability could be better. 

For how long have I used the solution?

We've been using the solution since 2015. It's been quite a few years at this point.

What do I think about the stability of the solution?

The stability is excellent. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

The solution is slightly scalable. It's not diverted to different collectors so that they can perform effectively, however. It could be more easily scalable. 

We have a few customers on this solution. 

How are customer service and support?

Technical support is great. They are helpful and responsive. We're quite satisfied with the level of support that's available. 

How was the initial setup?

The initial setup is very straightforward. It's not overly difficult and not complex. A company shouldn't have any issues with the process.

The deployment might have taken two hours. It's quite fast.

What's my experience with pricing, setup cost, and licensing?

Customers do have to pay in order to receive a license. It's a yearly license. 

What other advice do I have?

I'd rate the solution at a seven out of ten. It's mostly okay, however, it could be better in some areas.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free Advanced Threat Protection (ATP) Report and find out what your peers are saying about Broadcom, Trellix, Palo Alto Networks, and more!
Updated: July 2022
Buyer's Guide
Download our free Advanced Threat Protection (ATP) Report and find out what your peers are saying about Broadcom, Trellix, Palo Alto Networks, and more!