IT Central Station is now PeerSpot: Here's why

Symantec Endpoint Detection and Response OverviewUNIXBusinessApplication

Symantec Endpoint Detection and Response is #11 ranked solution in EDR tools. PeerSpot users give Symantec Endpoint Detection and Response an average rating of 8 out of 10. Symantec Endpoint Detection and Response is most commonly compared to Microsoft Defender for Endpoint: Symantec Endpoint Detection and Response vs Microsoft Defender for Endpoint. Symantec Endpoint Detection and Response is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.
Buyer's Guide

Download the Endpoint Detection and Response (EDR) Buyer's Guide including reviews and more. Updated: June 2022

What is Symantec Endpoint Detection and Response?

Quickly discover and resolve threats with deep endpoint visibility and superior detection analytics, reducing mean time to remediation.
Overcome cyber security skills shortages and streamline SOC operations with extensive automation and built-in integrations for sandboxing, SIEM, and orchestration.
Fortify security teams with the unmatched expertise and global scale of Symantec Managed Endpoint Detection and Response services.
Roll out Endpoint Detection and Response (EDR) across Windows, macOS, and Linux devices using Symantec Endpoint Protection (SEP)-integrated EDR or a dissolvable agent.

Symantec Endpoint Detection and Response Video

Symantec Endpoint Detection and Response Pricing Advice

What users are saying about Symantec Endpoint Detection and Response pricing:
  • "The price is okay, but it really depends on the customer's requirements."
  • "The more devices we have the more expensive it becomes, which is where the challenge is."
  • "The price is really high and it should be lower."
  • Symantec Endpoint Detection and Response Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Hamsa PP - PeerSpot reviewer
    Function Head Corporate Desktop Services at a tech services company with 5,001-10,000 employees
    Real User
    Top 20
    Provides great blocking features quickly; customer support has deteriorated significantly
    Pros and Cons
    • "The solution has great blocking features."
    • "A significant deterioration in customer support."

    What is our primary use case?

    Our primary use case is for HP advanced threat protection. The product gives us an edge when it comes to antivirus. We use a cloud connector and the solution is locally deployed, taking data live from the cloud and syncing. We are customers of Symantec, but we have a global agreement when it comes to pricing. I'm function head of corporate desktop services.

    How has it helped my organization?

    We call this solution the next-generation antivirus and it provides advanced threat protection. Although it can be a little slow, the ATP is live. If there are any issues, it's immediately reported to the appliance which is connected to the cloud. The main benefit for us is that the protection occurs a lot more quickly than it used to. 

    What is most valuable?

    The blocking features in Endpoint Protection are good. Problematic patterns can be blocked across the 11,000 workstations we have throughout India. If you apply a blocking policy it will take effect within about 30 minutes across all machines. The console has multiple features for monitoring and seeing alerts. It's working well for us.

    What needs improvement?

    Their customer support has deteriorated significantly since Symantec was purchased by Broadcom. We have issues interfacing with Broadcom. eg: There is no TAM / sales team in Broadcom for Symantec products. We have faced up to 3 months delays in getting a quote to renew the license through their partners.
    Buyer's Guide
    Endpoint Detection and Response (EDR)
    June 2022
    Find out what your peers are saying about Broadcom, Microsoft, Trellix and others in Endpoint Detection and Response (EDR). Updated: June 2022.
    609,272 professionals have used our research since 2012.

    For how long have I used the solution?

    I've been using this solution for over two years. 

    What do I think about the stability of the solution?

    very stable

    What do I think about the scalability of the solution?

    Scalability is easy, we have 92,000 users globally, 11,000 are in India.

    How are customer service and support?

    We don't use customer support for technical issues, only for insulation configuration. After Symantec was bought by Broadcom the operating model changed. They scaled back on the account managers, who provided us with support and everything went haywire. Now we don't know where to go because Broadcom is not interested in Symantec. When I want to extend a license or purchase additional devices or training credits, I have to do all the work; the support is slow and careless. We have to chase them. 

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    No

    How was the initial setup?

    The deployment process was complex, starting with having the device shipped from somewhere in the Asia Pacific region. It was not a normal scenario because of Covid. It was a big job because we wanted to go for Quantram. Deployment took almost three months of work with the data center, network team, network security, data center security, the server team, and then project management, end-user computing, and end-user security. Over the three-month period, we had 25 people working on implementation at different times and in different areas. The solution requires annual maintenance with the monitoring, maintenance and upgrades carried out by our team. 

    What about the implementation team?

    In-house

    What was our ROI?

    It's difficult to judge ROI because the last couple of years has seen a lot of companies losing data. It's impossible for us to calculate.

    What's my experience with pricing, setup cost, and licensing?

    The solution is premium priced. I don't want to say it's expensive because the product is good and we have to pay for it, which is okay. We pay an annual fee for a support contract. 

    Which other solutions did I evaluate?

    NA

    What other advice do I have?

    Symantec is an industry leader and I have no second thoughts about that.  The product itself is excellent. Taking into account the entire user experience, I rate the solution a seven out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Kishan Kendre - PeerSpot reviewer
    Project Manager at a consultancy with 501-1,000 employees
    Real User
    Top 5
    Threat protection that is priced well, easy to deploy, and allows you to use the same agent for detection and response
    Pros and Cons
    • "The most valuable feature is that the same agent can act as the endpoint detection and response agent."
    • "Reporting is a major issue, as it is not user friendly."

    What is our primary use case?

    The primary use case of this solution is for protection.

    What is most valuable?

    The most valuable feature is that the same agent can act as the endpoint detection and response agent. You don't need to deploy an additional agent. As you do with other solutions.

    If you try to deploy a new solution you have to replace the existing agent with a new agent, but with Symantec, you can use the same agent.

    What needs improvement?

    Reporting is a major issue, as it is not user friendly. It's the biggest challenge we are facing. I have raised this issue multiple times.

    With virus detection, if one OEM vendor is detecting the virus at 1:10 am, within 24 hours all others will detect it. For example, Symantec will detect the virus, then McAfee will detect it then Trend Micro, all within 24 hours, everyone will have it covered.

    In the next release, I would like to see the option to customize the report as per our needs, and better reporting in general.

    For how long have I used the solution?

    I have worked with all Symantec products. Detection and response is a new technology that they have come up with and I have been working with it for two years.

    What do I think about the stability of the solution?

    If the solution is updated regularly then there is no challenge with stability.

    What do I think about the scalability of the solution?

    This solution is definitely scalable.

    How are customer service and technical support?

    The technical support is very bad. It's been outsourced. The level one support does not have the expertise to support people properly, from a technical perspective. 

    I'd say that the level of understanding has been reduced as a result of outsourcing to a third party.

    Which solution did I use previously and why did I switch?

    Previously, I was working with Trend Micro. Before the detection and response were included, I would have recommended Trend Micro. However, Symantec Endpoint has now taken the lead.

    Endpoint detection and response have not been developed into Trend Micro.

    How was the initial setup?

    The initial setup is straightforward. It's not complex. You will have to license it, then you are good to go.

    If you try to establish the replication then you should plan it properly. If you do proper planning then it manages well. As an example, with one of my customers, I updated 3,000 machines that were in remote sites in less than a month's time.

    What's my experience with pricing, setup cost, and licensing?

    The price is okay, but it really depends on the customer's requirements.

    What other advice do I have?

    I am a user of Symantec as well as an admin with the Symantec support team. I was the technical support account manager and I would support other customers.

    Symantec release updates two or three times per day. If you have a low bandwidth it will never get updated, although there are options to resolve this.

    First, you have to decide on your requirements and what features you are looking for, then you can consider any endpoint detection and response solution.

    There are good products on the market; there is one in particular that is cloud-based, where you don't need a single investment, but you will need to have good bandwidth. 

    Before looking for any solutions the planning must be done.

    Overall, this is a good product but it is still in the early stages and there are some improvements that need to be made.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Endpoint Detection and Response (EDR)
    June 2022
    Find out what your peers are saying about Broadcom, Microsoft, Trellix and others in Endpoint Detection and Response (EDR). Updated: June 2022.
    609,272 professionals have used our research since 2012.
    Muhammad Atif Shafique - PeerSpot reviewer
    Senior Security Architect at a tech services company with 11-50 employees
    Real User
    Top 20
    Easy to scale and setup, but should offer more granular timeline analysis
    Pros and Cons
    • "The setup is quite easy."
    • "It would be nice to see more granular timeline analysis."

    What is our primary use case?

    We employ the latest version. 

    Our clients make general use of the solution for endpoint detection. They are interested in its EDR capabilities. 

    What is most valuable?

    There is no need to do an additional installation for the EDR, as the one belonging to Symantec is pretty much dependent on the endpoint agent, which is already deployed. This is my favorite feature, as it saves a person from the complexity involved in the deployment of additional EDR agents. 

    What needs improvement?

    The solution should offer more features, such as ones which are forensic and timeline. 

    The tech support was very bad in the immediate aftermath of the merger, although it is now slightly better. The problem came down to the ownership of the case. Support was horrible when the Broadcom entered the picture, but they have done much work in this area and things are mostly better. 

    It would be nice to see more granular timeline analysis. 

    For how long have I used the solution?

    We have been using Symantec Endpoint Detection and Response for ten years. 

    What do I think about the stability of the solution?

    While the earlier version had many bugs, the current version is relatively quite stable.

    What do I think about the scalability of the solution?

    The solution is easy to scale and its methods of deployment are totally up to the needs of one's organization, be them on-cloud, on-premises or hybrid. 

    How are customer service and support?

    Just following the merger, the tech support was very bad, although it has since slightly improved. Ownership of the case was the real issue. At the time when the Broadcom came into the picture, the support was terrible, yet much work in this area has since been undertaken and things are, for the most part, better.   

    How was the initial setup?

    The setup is quite easy. 

    What's my experience with pricing, setup cost, and licensing?

    I do not deal with the pricing. As such, I cannot comment on it. 

    What other advice do I have?

    The method of deployment varies with the client. 

    Rather than handling the implementation on one's own, it is important to engage a good system integrator. Although a person's expertise may make the process seem straightforward, the experience a good system integrator brings to bear can benefit one beyond what is written in the documentation. Such a person can evaluate one's infrastructure and advise on the best approach. 

    I rate Symantec Endpoint Detection and Response as a seven out of ten. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Head: Cyber and Information Research Centre at Council for Scientific and Industrial Research
    Real User
    Top 5
    Regular updates, high performance, but integration could improve
    Pros and Cons
    • "The most valuable feature of Symantec Endpoint Detection and Response is its ability to conduct large scans on the endpoints without affecting the network."
    • "In the future, it would be nice to have playbooks in the tool, to allow for some of the common activities to be automated. For example, some of the scannings of the malware can be too manual for a specific device. Additionally, a vulnerability manager would be beneficial."

    What is our primary use case?

    Symantec Endpoint Detection and Response is mainly used for endpoint protection against malware and other threats.

    What is most valuable?

    The most valuable feature of Symantec Endpoint Detection and Response is its ability to conduct large scans on the endpoints without affecting the network.

    What needs improvement?

    In the future, it would be nice to have playbooks in the tool, to allow for some of the common activities to be automated. For example, some of the scannings of the malware can be too manual for a specific device. Additionally, a vulnerability manager would be beneficial.

    For how long have I used the solution?

    I have been using Symantec Endpoint Detection and Response for approximately three years.

    What do I think about the stability of the solution?

    The stability of Symantec Endpoint Detection and Response is good.

    What do I think about the scalability of the solution?

    Symantec Endpoint Detection and Response scalability depends on the agents. You have to discover the devices. It's scalable, but it's not as flexible as one would like.

    We have approximately 10,000 endpoints using this solution. We use the solution every day.

    How are customer service and support?

    I rate the support from Symantec Endpoint Detection and Response a four out of five.

    They have given quick resolutions to our questions.

    Which solution did I use previously and why did I switch?

    I have not used other solutions. However, if you compare what Microsoft may provide to Symantec Endpoint Detection and Response, the integration with other systems, such as AD, Microsoft EDR solution treats it much better than Symantec Endpoint Detection and Response.

    Symantec Endpoint Detection and Response advantages are the ease of use, quick introduction of new technicians, and it's much faster. It doesn't require a lot of training. In terms of usability, it's something that you can deploy and run quickly.

    How was the initial setup?

    The initial setup of Symantec Endpoint Detection and Response was not complex, it was easy.

    What about the implementation team?

    We had access to the Symantec Endpoint Detection and Response consultant to assist us with the implementation.

    What's my experience with pricing, setup cost, and licensing?

    I rate the price of Symantec Endpoint Detection and Response a three out of five.

    The more devices we have the more expensive it becomes, which is where the challenge is.

    What other advice do I have?

    I rate Symantec Endpoint Detection and Response a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Threat Intelligence and Forensics Investigation Specialist at True Digital Group
    Real User
    Top 5
    Effective process review, useful machine isolation, and reliable
    Pros and Cons
    • "There are times when Symantec Endpoint Detection and Response tags an executable as malicious when it is trying to get executed on the machine. In this case, it prevents the execution and it gives you a process view of things where you can look into what has happened and whether it is a genuine process trying to access some system activities, or it's a malicious one. Depending upon the process, it gives you a clear identification, and we can do the containment from the interface itself and isolate the machine from the network. The process review on network isolation is good."
    • "Symantec Endpoint Detection and Response could improve the reporting. It is very difficult to create reports from the user interface."

    What is our primary use case?

    Symantec Endpoint Detection and Response is used for threat protection.

    What is most valuable?

    There are times when Symantec Endpoint Detection and Response tags an executable as malicious when it is trying to get executed on the machine. In this case, it prevents the execution and it gives you a process view of things where you can look into what has happened and whether it is a genuine process trying to access some system activities, or it's a malicious one. Depending upon the process, it gives you a clear identification, and we can do the containment from the interface itself and isolate the machine from the network. The process review on network isolation is good.

    What needs improvement?

    Symantec Endpoint Detection and Response could improve the reporting. It is very difficult to create reports from the user interface.

    For how long have I used the solution?

    I have been using Symantec Endpoint Detection and Response for approximately six months.

    What do I think about the stability of the solution?

    Symantec Endpoint Detection and Response is a stable solution.

    What do I think about the scalability of the solution?

    The stability of Symantec Endpoint Detection and Response is good.

    We have the solution running on 3,000 endpoints. After two years after we have more clients, we might increase usage.

    How are customer service and support?

    I have not contacted support. The administrator of the platform is taking care of the support for us. They might have contacted the support but I have not.

    Which solution did I use previously and why did I switch?

    I have not used another solution previously.

    How was the initial setup?

    The initial setup of Symantec Endpoint Detection and Response is straightforward.

    What about the implementation team?

    We have three people that are supporting the solution.

    Which other solutions did I evaluate?

    I have evaluated McAfee.

    What other advice do I have?

    I would recommend this solution to others.

    I rate Symantec Endpoint Detection and Response an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Security information and incident handling at a financial services firm
    Real User
    Top 20
    Quick and easy to set up with good reliability
    Pros and Cons
    • "The pricing is good."
    • "They do need to minimize the number of agents installed on a server."

    What is our primary use case?

    It's part of the endpoint and is an EDR product. There are many use cases we're looking at, including power share and general detection.

    What is most valuable?

    The initial setup is quick and easy.

    We found the product to be scalable.

    The stability is good. It's reliable. 

    The pricing is good.

    Technical support is okay.

    It's easy to add hash files. 

    What needs improvement?

    I have not picked up anything that is lacking in terms of features while using this tool. 

    They do need to minimize the number of agents installed on a server.

    The response time for technical support takes too long. 

    For how long have I used the solution?

    I've been using the solution for two and four months years now. 

    What do I think about the stability of the solution?

    The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. it's reliable. 

    What do I think about the scalability of the solution?

    The solution is scalable. That's not a problem. 

    We have about 2,500 endpoints. It's actually even more than that as it is deployed on the server as well. 

    How are customer service and support?

    While technical support is great, it does take up to two days before I get a response. They are a bit slow.

    How was the initial setup?

    The implementation process was quick and easy, and we didn't need a DBU, a database administrator.

    Two people handled the initial setup it was done over one day.

    What about the implementation team?

    Our team handled the deployment in-house. We didn't need any outside assistance. 

    What's my experience with pricing, setup cost, and licensing?

    The cost of the solution is affordable and manageable. 

    What other advice do I have?

    We are a customer and an end-user.

    I'd rate the solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    IT Security Specialist at TT Systems LLC
    Real User
    Top 10
    Customizable Application and Device control, but it is expensive and there are a lot of false positives
    Pros and Cons
    • "In Symantec, we have found that the most important feature is Application and Device Control."
    • "Technical support is not as good as we expect, and resolving problems should be more timely."

    What is our primary use case?

    We were using this product for our endpoint protection.

    What is most valuable?

    In Symantec, we have found that the most important feature is Application and Device Control. You can customize it to help stop attacks, and we have done that many times in our different environments.

    What needs improvement?

    Some fine-tuning is required because we often see false positives.

    For how long have I used the solution?

    I had been working with Symantec Endpoint Detection and Response for more than six years. However, we are no longer using it because we are transitioning to another product.

    What do I think about the stability of the solution?

    This is a stable solution in our experience. We have read in the community communications that there are some corruptions that occur, which is something that should be fixed.

    What do I think about the scalability of the solution?

    This product is scalable. We have approximately 3,700 users.

    How are customer service and technical support?

    Technical support is not as good as we expect, and resolving problems should be more timely.

    Which solution did I use previously and why did I switch?

    We are currently doing a PoC with Trend Micro. We are looking at Apex One and Deep Security. We are switching because we are interested in using a central management console in a cloud-based deployment.

    Symantec has a cloud-based solution, but it not compatible with all of the departments in our organization.

    I also have experience with the Websense solution.

    How was the initial setup?

    Installing on a Windows Server was straightforward.

    What about the implementation team?

    We have two people for maintenance.

    What's my experience with pricing, setup cost, and licensing?

    We are currently using the trial version of the latest release. The price is really high and it should be lower.

    What other advice do I have?

    I would rate this solution a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    MilindKule - PeerSpot reviewer
    Data Protection Specialist at CompuCom
    MSP
    Integration with antivirus provides better security posture
    Pros and Cons
    • "A great feature of this solution is that it is very well-integrated with antivirus software. Other ADR solutions are implemented as single technologies and are not integrated with the provider, but Symantec offers AV plus ADR."
    • "I think we have experienced some technical issues because the company focuses mainly on bigger clients. Also, sometimes the solution fails to detect zero-day attacks, so that feature needs some enhancement because it is lacking compared to other solutions."

    What is most valuable?

    A great feature of this solution is that it is very well-integrated with antivirus software. Other ADR solutions are implemented as single technologies and are not integrated with the provider, but Symantec offers AV plus ADR.

    What needs improvement?

    I think we have experienced some technical issues because the company focuses mainly on bigger clients. They should treat every client equally instead of only targeting high-profile or high-revenue-generation clients. The focus should be client-centric, not only revenue-centric. 

    Also, sometimes the solution fails to detect zero-day attacks, so that feature needs some enhancement because it is lacking compared to other solutions.

    For how long have I used the solution?

    I have been implementing this solution for almost four years.

    What do I think about the stability of the solution?

    The stability of the solution is good. 

    What do I think about the scalability of the solution?

    The scalability of the solution is quite good.

    How are customer service and support?

    The turnaround time of the technical support team is quite good. 

    How was the initial setup?

    The initial setup is a little bit complex because the solution gets integrated with the existing antivirus software.

    What's my experience with pricing, setup cost, and licensing?

    The licensing costs depend on the number of endpoints that are involved. 

    What other advice do I have?

    To anyone looking into Symantec Endpoint Detection and Response, I would say that it's the best solution that can be integrated with AV, thus providing better security posture.

    I would rate this solution as an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
    Flag as inappropriate
    Buyer's Guide
    Download our free Endpoint Detection and Response (EDR) Report and find out what your peers are saying about Broadcom, Microsoft, Trellix, and more!
    Updated: June 2022
    Buyer's Guide
    Download our free Endpoint Detection and Response (EDR) Report and find out what your peers are saying about Broadcom, Microsoft, Trellix, and more!