What is our primary use case?
All our servers and Windows machines across 15 sites have Symantec Endpoint Security, which we use for malware prevention, antivirus, intrusion prevention, Windows Firewall management, etc. The whole suite is used on Windows infrastructure.
We have other layers of security outside the Symantec solution; we also use the full Meraki security suite for malware and intrusion prevention and a firewall on each side. We use Darktrace too, so Symantec Endpoint Security is one of the components we use to secure our environment.
We don't allow remote connections, such as VPN access, from IP addresses outside Ireland and the UK. Even if we have Cisco VPN with Duo and it was compromised, hackers from China, Russia, the USA, Brazil, etc., would not be able to get in that way. The same goes for any of our mobile or web applications exposed to the internet, and we have Cisco AMP on each of our sites. Our emails are through the cloud, so there are many elements to our security landscape. Symantec isn't a one-stop shop, but it caters to the fundamentals of securing a Windows PC: firewall management, IPS, malware, and app blocking.
Additionally, we block PowerShell on all our machines because 70-80% of the hacks out there use it.
How has it helped my organization?
Since I joined the company and implemented Symantec and other products, we've had stability on our network and no security incidents or breaches.
We haven't had a security breach in four years, which is significant. There are only so many companies out there who can say that.
What is most valuable?
Firewall management and intrusion prevention are excellent; those are the critical differences between Symantec and most other products on the market, as they don't manage Windows Firewall or offer intrusion prevention.
The solution is a single pane of glass; the firewall management, intrusion prevention, malware protection, and updating are all in a single web browser. For a smaller company like ours without a large IT team, it's ideal. We don't need multiple desktop applications to manage this element of our security, and that's handy.
Symantec is still one of the leading vendors for attack and breach prevention. As with any product, the tool must be configured correctly to maximize its potential. There are products better than Endpoint Security in some respects, but it's excellent as an overall solution to cover all the critical fundamentals. We need a firewall, intrusion prevention, and malware antivirus to protect a Windows machine. The firewall and IPS are just as crucial as the AV, which is missing in most other products. Symantec's solution, on the other hand, provides all three.
What needs improvement?
The solution's browser protection in Chrome needs to be improved, as it's the most troublesome aspect of the tool. I have two devices where the browser protection failed, an issue that has yet to be fixed for two months. When updates occur, the client restarts, and the browser protection for Chrome malfunctions. Broadcom needs to improve its ability to hijack a browser session to filter web traffic because that's important, as well as site blocking. This element is missing in the product; most companies have firewalls with web content filtering to prevent employees from accessing specific sites.
The customer support could be better; Broadcom EU support isn't the best, and they don't seem overly interested in helping smaller companies.
The reseller/partner network is another area for improvement; it was tough for us to find a reseller, as there is only one in Ireland. This may be an issue in other parts of Europe too.
For how long have I used the solution?
I've used the solution for four years at my current company.
What do I think about the stability of the solution?
The solution is stable, except for the browser issue, which needs to be fixed. Overall, the product is stable; I rate it six out of ten here.
What do I think about the scalability of the solution?
Symantec is a scalable product, it's easy to manage, and there is no problem there. I would have used this at a previous company with 180,000 clients.
We don't have plans to increase our usage of the solution outside of incorporating mobile endpoint device protection. We are a Builders Merchant company, and our industry is currently in massive turmoil due to supply chain issues from COVID and the war in Ukraine. I can't see how we would be adding staff at this point.
How are customer service and support?
The customer support is lacking; I rate it a four out of ten. The browser issues have been open for weeks, and the correspondence has been poor. European customers can no longer log support directly with Broadcom, we have to go through Arrow, so the support is outsourced. I don't appreciate that European customers aren't significant enough to them to log tickets centrally.
Since COVID, the support from most companies has been generally poor, with Cisco being the exception. Cisco, Check Point, and VMware are industry-leading in terms of support, while Dell and Microsoft are two of the worst. Symantec is better than the last two but far from the leaders. It could be better.
How would you rate customer service and support?
How was the initial setup?
The initial setup was straightforward; I built the packages and the rules and configured all the different policies. The policy rollout and deployment are very easy, though overcomplicated somewhat by the sheer number of policies. The solution doesn't need to be as diverse as it is in this regard, but as products grow, unnecessary elements are removed.
The policy configuration took several weeks, and the following deployment took two weeks. However, we have a security team of two responsible for managing the solution over 15 sites and 300 end users. I carried out the initial deployment by myself.
The solution could be more intuitive and requires training or experience to configure correctly, including a basic knowledge of firewalls.
The solution requires some maintenance. After configuring the policies and packages correctly, I still need to log into the portal daily.
What was our ROI?
Our ROI is significant; one ransomware attack from a relatively small hacker could cost 4000-5000 euros or more, not to mention lost revenue. Thankfully, we haven't had a ransomware attack. As we are a manufacturing company, if our shops or computer systems went down, then our lost revenue would be enormous.
What's my experience with pricing, setup cost, and licensing?
We have Symantec Endpoint Security Enterprise, and it's very competitively priced. However, there is a considerable jump in price for upgrading to the EDR, so that's more compatible with enterprise-level organizations.
We are a small shop with 240 licenses but have different sites and only two IT staff. The tool is easy to manage, though it has flaws such as browser protection, and we would prefer if this were a managed solution, as the associated cost is very high. We want to see a more significant price gap between the enterprise and SME levels, but this isn't the case.
Which other solutions did I evaluate?
I used Symantec in a previous company, where I implemented it in the first year with them, and then Broadcom took over and said they didn't want to deal with smaller companies. At that point, I evaluated all the other products in this field during COVID, including McAfee, Microsoft, Kaspersky, and CrowdStrike offerings. Some of them were better in specific areas than Symantec, but none could do everything that Symantec does. The other solutions could be better regarding ransomware protection and antivirus, but they didn't have firewall management or intrusion prevention. That was the real benefit we saw as a smaller company, and Broadcom decided to allow smaller companies to continue using the Symantec product. It was a no-brainer decision for us.
What other advice do I have?
I rate the solution seven out of ten.
We have the Symantec Endpoint Security Enterprise license, so we don't use Slack, the threat intelligence generated by its Global Intelligence Network, or prebuilt apps for SIEM orchestration and ticketing systems.
We don't use the solution's mobile protection element, but that's a project we have planned for 2023. I could be more familiar with it as it's been a few years since I looked at it; back then, it didn't have some elements we needed. Our requirements for mobile device protection are a firewall, highlighting and blocking insecure apps, and a web filter to block dubious links.
Regarding the solution's capability to protect against advanced attackers using stealthy techniques, there are better products like Darktrace and CrowdStrike. However, we haven't been exposed to such an attack, and I prefer to remain anonymous to prevent drawing attention to the company.
Symantec is a class-leading product, though the opposition is catching up because of developments during COVID. There are more robust solutions in certain areas, but we prefer having Symantec over three separate apps on a machine to do the same job.
Symantec Endpoint Security reduced the number of solutions our company uses because we would otherwise be using two if not three, different applications depending on the products.
As to the solution saving employees' time, it's hard to tell. There's a whole security suite outside of Symantec that we operate, and it doesn't impact the end user, aside from the browser plugin issue. However, user data hasn't been compromised, and we haven't been hacked. Outside of scheduled maintenance, we haven't had a system outage in the last two years, and a hardware failure and a server caused the only outages during the previous four years. Even though we're a small company, we don't have outages, so we are very lucky or good at what we do.
My advice to potential customers is to determine the requirements for protecting an endpoint, then ask all the providers if they have a single solution that fulfills those requirements. The majority probably don't, but Symantec does. It has a few weaknesses like the cloud, browser protection, and web filtering, plus browser protection and the firewall for the mobile side. If Broadcom can resolve these issues, it's an open-and-shut case. CrowdStrike and Darktrace are much more sophisticated in advanced attacks and tracing what happens, while Malwarebytes is better in ransomware and rollback. However, they don't have firewalls and IPS elements like Symantec. Our alternative would be CrowdSrike with Intune for firewall management, but that's two products instead of one, and we would be without IPS protection.
Which deployment model are you using for this solution?
Private Cloud
*Disclosure: I am a real user, and this review is based on my own experience and opinions.
