Coming October 25: PeerSpot Awards will be announced! Learn more

Symantec Endpoint Security OverviewUNIXBusinessApplication

Symantec Endpoint Security is #12 ranked solution in endpoint security software. PeerSpot users give Symantec Endpoint Security an average rating of 7.4 out of 10. Symantec Endpoint Security is most commonly compared to Microsoft Defender for Endpoint: Symantec Endpoint Security vs Microsoft Defender for Endpoint. Symantec Endpoint Security is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Symantec Endpoint Security Buyer's Guide

Download the Symantec Endpoint Security Buyer's Guide including reviews and more. Updated: September 2022

What is Symantec Endpoint Security?

Unmatched Endpoint Safety for Your OrganizationAs an on-premises, hybrid, or cloud-based solution, the single-agent Symantec platform protects all your traditional and mobile endpoint devices, and uses artificial intelligence (AI) to optimize security decisions.

Symantec Endpoint Security was previously known as Symantec EPP, Symantec Endpoint Protection (SEP).

Symantec Endpoint Security Customers

Audio Visual Dynamics, Red Deer Advocate, Asia Pacific Telecom Co. Ltd., Kibbutz Ein Gedi, and AMETEK, Inc.

Symantec Endpoint Security Video

Symantec Endpoint Security Pricing Advice

What users are saying about Symantec Endpoint Security pricing:
  • "The pricing is pretty much at the market standard... Symantec is not that cheap and it's not that expensive compared to CrowdStrike. I would put them in the 'middle block.'"
  • "The pricing was one of the factors that led us to choose this product."
  • Symantec Endpoint Security Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Hakeem_Abdulkareem - PeerSpot reviewer
    Head, Security Technology & Engineering at a financial services firm with 10,001+ employees
    Real User
    The solution has given us visibility into compliance within our whole system and helped us ensure everything is updated
    Pros and Cons
    • "What I like most about Symantec is the intrusion detection module. If you are scanning the environment, it will flag a possible intruder and tell you the IP and where the attack is coming from. Traditional antivirus solutions will never flag that. If you have a traditional SIEM, you might be able to pick that up. Symantec is a holistic endpoint security solution, so when you scan an endpoint, Symantec will let you know that something is happening to it."
    • "Symantec's application security module needs some improvement. You need to create a lot of fingerprints for application security. For instance, let's say I have different brands of ATMs in my environment, like Wincor and NCR. I use GRG to deploy an application control to whitelist some applications. I have to get the exact image of the different models of ATMs. When I tested in the past, some machines would not connect to the server without that."

    What is our primary use case?

    Symantec Endpoint Protection is an antivirus with anti-malware and application control capabilities that we use to protect assets like servers, workstations, and ATMs. There's a central management server we use to manage all the endpoints, regardless of the categories, and we install an agent on all the endpoints that reports to the management server. 

    If I want to check the status of any asset, I need to get the details like the IP address and the hostname of the system. The management server will give me the current status. I have three different kinds of agents on the endpoint that I can use to control access. 

    The agents for the ATMs and servers aren't as heavy as the ones for workstations. It's a stripped-down version that removes some of the components and add-ons that are not part of the endpoint protection engines, so the agent is lighter and can be deployed faster. The activities on servers and ATMs are dynamic, so the antivirus must also be very light. To centrally manage the antivirus, I have to set up distribution points because I have more than 14,000 endpoints altogether distributed across more than 250 branches in Nigeria.

    I set up distributional points on systems and ATMs. The ATMs are always on the network because they're connected with other points at every branch and location. I need them to be distribution points. When I need to send a file to update all the other systems, I send it to these distribution points. These distribution points in Symantec record the data needed to update all the other systems 

    Let's say I have two different locations. I will have the updated data at location one, and I have other data at location two. These different locations have their own IP subnets, so I will configure the update data so that the IP within that subnet can talk to it and no other IP outside the subnet. This one makes ensures my assets, ATMs, workstations, and servers can update as soon as possible.

    I'm always compliant. The servers in the data center don't need to talk to any distribution points. They talk directly to the management server to get the updates regularly because the servers are always on the network at the data center, the workstations that people shut down at the end of the day. Any time people connect to the network, the system will update automatically. That is the normal architecture for Symantec.

    How has it helped my organization?

    Symantec centralized our intrusion detection system while creating additional layers of security at the endpoint level. We're not relying on the central intrusion detection system. It gave us more value than expected. 

    The solution also helped give us visibility into compliance within our whole system and ensure everything is updated. I can tell you the number of outdated systems from the same management server. In the same console, I can remotely trigger an update on any system. Symantec offers more flexible administration than other solutions. Most other antivirus products get updates directly from their portal, install them on the management server, and all the endpoints pull the update from it. Sometimes, an endpoint may not update. The update might be on the endpoint, but the system will still not pick up.

    Most other antivirus solutions can't do a workaround like Symantec, where you can download the JDB file from the portal and copy the file to a specific path on the problem system. You don't even need to install it. Once you drop the script into the system, it will run automatically. After 20 to 40 seconds, the system will be updated, and the status will turn green. 

    Using distribution points is also a game changer because it has saved it. Symantec considers that you may have bandwidth issues in this part of the world. You can leverage the update and push the file through locations with inadequate bandwidth. When you push the file through, the update can pull the data file and distribute it across the other endpoints.

    Having this flexibility makes the solution easy to use. You can also segment the systems according to assets. It lets you classify servers, ATMs, and workstations separately. You can have different versions because of the flexibility. You can remove some components before generating the agent you are installing on the endpoint. 

    I get around 95 percent compliance, meaning that 95 percent of the systems are up to date at any time. I also want to take it a step further to achieve around 98% because I have discovered some systems are not updating.

    Then there is another file called the JDB in Symantec that I download regularly and distribute across all the ATMs, which I use as my distribution points. I will run a script to pick this JDB file and copy it to a specific path on all the outdated MAA workstations to update them automatically.

    Overnight, I usually copy the script to all 256 distribution points across the nation. The next day, I will run another script that goes to the specific distribution point, acquires the JDB file, distributes it to the list of data systems I have prepared by location, and copy the file to those computers. They will be updated automatically. 

    That has been fully automated. I download the file every day at the close of business. It is shared through a script that is already automated across the distribution points the following day at 9:00 am because it's expected that people will resume work by 8:00 am. By 9:00 am, I expect every system to be on. The outdated systems will be targeted with the JDB and updated. 

    What is most valuable?

    What I like most about Symantec is the intrusion detection module. If you are scanning the environment, it will flag a possible intruder and tell you the IP and where the attack is coming from. Traditional antivirus solutions will never flag that. If you have a traditional SIEM, you might be able to pick that up. Symantec is a holistic endpoint security solution, so when you scan an endpoint, Symantec will let you know that something is happening to it.

    Once, there was an unauthorized scan of the environment, and I immediately discovered multiple systems were accessing it. A message will pop up saying that an intrusion was detected scanning from a particular path. We need to check directly because there are multiple similar IP addresses we have to block on our firewall, so the IP cannot access our system again. We've been able to contain attacks using Symantec in the past. It's highly effective.

    Another valuable add-on is application control, which I use to prevent some applications from entering my environment. You can block any program installed with the same fingerprint. If the software isn't aligned with the environment, Symantec will stop it automatically. You don't need to buy a different solution, like an app blocker, and deploy it in the background. 

    What needs improvement?

    Symantec's application security module needs some improvement. You need to create a lot of fingerprints for application security. For instance, let's say I have different brands of ATMs in my environment, like Wincor and NCR. I use GRG to deploy an application control to whitelist some applications. I have to get the exact image of the different models of ATMs. When I tested in the past, some machines would not connect to the server without that. 

    Only the approved software on the ATM should run. Anything outside that should not even come up at all. We did this so that an outside person doesn't introduce malicious software to the ATM. That's the essence of locking down with application control. Using Symantec for application control has been hectic, so I use Carbon Black to do the lockdown.

    Checking that data security will work fine with Carbon Black. Carbon Black worked fine. Setting up approval in Carbon Black works differently than Symantec. In Symantec, we first need the fingerprints of the applications running underneath. Before setting up Carbon Black, you first install the agent, allowing it to learn the environment. It will analyze all the software's behavior and provide recommendations for what should be allowed. It's more straightforward, whereas configuring application control in Symantec is a bit cumbersome.

    Buyer's Guide
    Symantec Endpoint Security
    September 2022
    Learn what your peers think about Symantec Endpoint Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    633,184 professionals have used our research since 2012.

    For how long have I used the solution?

    I've been using this solution since 2014. Before joining this bank, I used Symantec at another financial institution, so I'm well acquainted with the solution. It's taken care of many aspects, especially the endpoint, regarding the environment's security.

    What do I think about the stability of the solution?

    Endpoint Security is stable.

    What do I think about the scalability of the solution?

    When you put it on servers and there are performance issues, you can always check the endpoint that's using the most resources and allow that part to not be scanned. 

    Symantec has the scalability and flexibility to work in line with what the customer really wants. Some parts of a server are not meant to be scanned. You can still monitor it and get reports. From there, you can decide if it should be excluded. That is one thing I like about Symantec.

    How are customer service and support?

    I rate Symantec support an eight out of ten. They are pretty solid in terms of technical know-how and support. My only complaint is the process of handing off between two support engineers. Whoever takes over will ask you to start from the beginning. There isn't proper documentation of the call and communication between engineers. 

    Let's say you have made 60% progress toward resolving your issue. Whoever takes over from that engineer should be able to pick it from 60% and drive it to 100%. In most cases, the new engineer may even take you back down to 20%. It wastes a lot of time. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I use Symantec alongside other security solutions. For example, I don't use Symantec's Global Intelligence Network. I use a different threat intelligence platform called Mandiant in my environment. I also leverage Microsoft for threat hunting. I don't use Symantec for threat hunting.

    In the past, I tried Data Center Security on our servers, but since the normal ICP works for us, we did not decide to use it. I tested the features because I was looking for a solution that can lock down some of my legacy systems. During the POC, I compared it with Carbon Black, the solution I have. Carbon Black does a better job and it's cheaper. 

    I have a separate solution that I use to manage mobile devices. I'm not using Symantec. There's a solution called Sandblast Harmony that is an add-on for Check Point, which I use as a perimeter firewall. This is a solution that was deployed with it, and I have Sandblast on all my mobile devices.

    Before you can install anything like office mail on your mobile devices, you need to be onboarded on that platform before you can set it up. If your device does not have Sandblast installed on it, you won't be able to proceed with the setup. So I don't really even use Symantec to protect my mobile devices.

    How was the initial setup?

    Setting up Endpoint Security isn't complicated. You need to set up a management server to install the agents, then provide the permissions to the appropriate IPs to acquire the update from Symantec. After that, you set up distribution points for the updated data. It's not something that can be completed in a day. For instance, if you have 200 locations, you can set up three or four daily. It depends on the criticality. That's why you deploy distribution points.

    If you are operating a centralized approach, all the workstations, irrespective of the location, can pull the updates from the management server and be managed centrally. However, because of bandwidth challenges, some cannot go to the server and pull the updates. 

    You have the flexibility to determine the components you want to generate. For instance, you can have different agents for workstations, ATMs, and servers by selecting the specific components you want to include. Everything is coming from the same management server. When it's time to update, you can do a workaround by leveraging the JDB from the Symantec portal. You must push that JDB  file to a specific path on those affected systems. It will execute and update automatically.

    What was our ROI?

    There's a return on investment.

    What's my experience with pricing, setup cost, and licensing?

    Symantec is one of the major players in that space, so the licensing isn't as cheap as some other antivirus products like Trend Micro. It's reasonable but not the cheapest. Any entry-level Symantec user is coughing up a lot of money compared to the other antivirus software. 

    Windows Defender is practically free for customers. When you have the option of using Microsoft Defender, and you look at the price of Symantec, the gap is wide. Trend Micro is a bit closer, so competitive pricing is something Symantec may also need to consider. 

    What other advice do I have?

    I rate Symantec Endpoint Security a nine out of ten. I use Symantec for multiple endpoints like ATMs, servers, and workstations, but I think Symantec has evolved. They have some specific solutions for ATMs and servers. Generally, I would recommend only using Symantec Endpoint Protection for workstations. For your server, you should deploy different solutions. 

    When deploying the solution, you should consider each location's bandwidth limitations. You will also need to implement quality of service on the network so bandwidth utilization is prioritized. For example, you might need to schedule workstation updates during off-peak hours. 

    If it is not managed correctly, all the computers might update simultaneously during the peak period, affecting the whole environment and causing service issues. The proper time for updates should be appropriately identified. In my case, we update around 3:30 pm because we close at 4:00 pm. My peak period is between noon and 1:00 pm, so none of my workstations will update at that time. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Security Consultant at InfySec
    Real User
    Remediates infected file, isolates endpoint, and communicates between endpoint and SOC, all automatically
    Pros and Cons
    • "There is no other endpoint solution that will help you in preventing lateral-movement attacks on Active Directory. And Active Directory is one of the more critical assets within an organization."
    • "In a few cases, when we enable the IPS/IDS feature, there are performance-related issues on the end devices. If we run quite a few features of Symantec, especially the IPS/IDF, it consumes a lot of processing and memory capacity."

    What is our primary use case?

    In one of our client's environments, they need securing of their Active Directory. The solution is the only product with a separate feature to secure Active Directory as part of Symantec Endpoint Security Complete. The client was also looking for an automated endpoint detection solution. That's why we went ahead with it.

    How has it helped my organization?

    The very comprehensive machine learning platform has been very helpful and we have been able to prevent most attacks and detect and respond to those threats within minutes.

    The reaction time for any incident has been reduced drastically. When there is an incident, the EDR engine is based on AI/ML behavioral analytics. It takes direct action and remediates the infected file, isolating the endpoint, and establishing communication between the endpoint and Symantec's threat-hunting SOC. It submits the file automatically, meaning that no manual intervention is required. If there is an attack on a weekend, we can completely rely on Symantec, rather than needing someone to manually upload these things.

    Most of our incidents, no matter what has occurred, are automatically addressed. This has reduced our efforts and the time we spend on incidents. That has a direct impact on our business operations. It has improved the efficiency of our operations.

    The major benefit of having Symantec's API is that you get access to all the methodologies and mechanisms, and it's accessed in a single dashboard. That makes it a one-stop solution, where you can have everything integrated. It also helps us in orchestrating and correlating our security incidents.

    An added benefit is that if you have it integrated with your ticketing system, tickets will also be triggered. You get an SMS alert or an email notification, but that's a secondary thing.

    The solution has helped organizations enhance their security posture considerably. We haven't faced any breaches so far, meaning we have been protected adequately. We actively perform quality assessments, penetration testing, and we do forensic analysis. In addition, we have third-party SIEM software monitoring all our assets on a day-to-day basis and they haven't identified any anomalies. That means that Symantec is protecting us well, and we have implemented it and been running it for the last three-plus years for multiple clients.

    What is most valuable?

    The most valuable features include the

    • Active Directory security
    • application controls
    • endpoint detection and response.

    Whenever there is an issue with respect to Active Directory, Symantec identifies the issues and tries to create a signature to mimic the Active Directory-related attacks in their backend labs. They obfuscate the request going to Active Directory. Even though there may be an issue with patches still not being updated by Microsoft, we have compensating control to prevent those kinds of attacks from happening. Once Microsoft releases patches, we immediately implement them. But until then, Symantec will prevent Active Directory compromises.

    And, in some cases, the architecture itself is an important feature because Symantec is one of the very few endpoint services that provides an on-premises management system. Currently, most antivirus and protection providers operate entirely from the cloud. That's a differentiating factor with Symantec. This is very critical in an instance where you should not have access to the internet, or you wanted to have it on-premises. In those situations, Symantec is the go-to product.

    In addition, for threat hunting, the API is integrated so that we get real-time updates. The threat-hunting is excellent. They're one of the largest civilian cyber intelligence networks. Symantec was an early starter with respect to threat hunting. They have a global SIEM and a global threat-hunting team. They have custom, built-in tools, and their own threat-hunting intelligence mechanism. We completely depend on Symantec's threat-hunting methodology. We have no complaints so far, and it has been an excellent experience working with their threat-hunting team.

    Most incidents come through machine learning. In one or two cases we might need the experts, but most of our issues are known. They have a very good AI/ML engine. Based on the signature or the anomaly, when something is detected, the object that is compromised is isolated and we get an immediate response. A link is then initiated between the infected device and Symantec's threat-hunting team.

    Symantec is one of a very limited number of products that supports the entire gamut of devices. It is not only Windows devices that it covers but also mobile devices, Mac, Android, iOS, et cetera.

    What needs improvement?

    In a few cases, when we enable the IPS/IDS feature, there are performance-related issues on the end devices. If we run quite a few features of Symantec, especially the IPS/IDF, it consumes a lot of processing and memory capacity. We would like to enable all the features, but doing so should not have a direct impact on the performance of the system. If they can come up with an agent that consumes less memory, that would be a great enhancement.

    Also, Symantec is not being promoted from a marketing standpoint. I don't see any promotions for it. There are no road shows, marketing efforts, training, or anything organized by Symantec these days, at least in my region. The product is good, but if you're not marketing it people think "Okay, we haven't gotten any updates about the product." We need to have more road shows and promotions, and we need to have people trained in the technical aspects to gain market share.

    For how long have I used the solution?

    I have been using Symantec Endpoint Security for about four years.

    What do I think about the stability of the solution?

    We don't have any issues with respect to its performance, in general. I rate the stability at nine out of 10.

    What do I think about the scalability of the solution?

    It is on the cloud so scaling up is not that difficult. I would rate it a 10 out of 10. It's been helping us for the last three years. We have definitely been growing and Symantec has grown along with us.

    How are customer service and support?

    Because the threat hunting is done by AI/ML, we have only had to reach out to support when there is an issue. If we write them an email, we get responses promptly.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We are actively using other solutions aside from Symantec because we cater to different clients. We have used CrowdStrike, Sophos, and Palo Alto XDR to name a few.

    How was the initial setup?

    We have multiple architectures in place. A few of our clients use it on the cloud and a few have a hybrid with on-prem. The cloud-based setup is very straightforward. Once we create the account, it doesn't take more than 30  to 45 minutes for us to get the setup done.

    The steps involved for a cloud instance are that an account is created, the agent is downloaded, and you probably have to push the agent to different systems. That can be done via different means and depends on the number of client machines. We can push it via SCCM or other modules or can push it manually from the central drive by having end-users download it. The process is seamless and we have been able to install Symantec on at least 150 machines within three hours. We had three resources deploying the agents on those machines in parallel.

    We do regular preventive maintenance as part of our managed services, but with the cloud instance, we have never had any issues. It is on autopilot. What we do is that we regularly check for threats and whether the threats have been quarantined. We download the daily and weekly reports. The maintenance is done by one person.

    What was our ROI?

    We have definitely seen a return on investment. In our clients' environments, we haven't faced any downtime because of ransomware or malware attacks. That itself is a good 30 percent return on investment.

    And when it comes to employees' time for detecting and responding to threats it has saved them about 50 percent. They never spend days off or weekends working. There is no need to have anyone attend to this set of problems. If the system is up and we have EDR running, it takes care of everything, from isolating the devices to quarantining the file and uploading the file back to the Symantec backend SOC. Everything is automated and it's seamless.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is pretty much at the market standard. I don't see any issues with it. It depends on case to case. Symantec is not that cheap and it's not that expensive compared to CrowdStrike. I would put them in the "middle block."

    Which other solutions did I evaluate?

    When compared to other solutions, I would give Symantec Endpoint Protection 4.5 out of five. It has interesting features, starting with Active Directory Security. There is no other endpoint solution that will help you in preventing lateral-movement attacks on Active Directory. And Active Directory is one of the more critical assets within an organization. Nine out of 10 organizations use Active Directory, and it is so often a targeted asset. Symantec is the only product that has Active Directory security.

    Also, it enables us to have a hybrid architecture in which we can have Symantec Endpoint Security on-prem and integrated with the cloud. We can also have the API integrated into our SIEM and SOAR.

    We have been using other endpoint security products as well. The advantage of Symantec is that you don't need a separate product to protect your assets such as Linux or Android. It's equivalent to Intune where we can have a single dashboard and have all devices onboarded. 

    On top of that, with Symantec, we have application control and DLP to a certain extent. It means we don't have to have multiple products running in the ecosystem. It acts as a consolidated solution with multiple features and functionalities. This reduces the costs and resources that you would need to manage different products. When you have different products, it leads to cumbersome processes and it is very complex to manage infrastructure. Having Symantec on the cloud makes endpoint protection seamless. We can download the agent, run it, and we are up and running within 30 minutes.

    What other advice do I have?

    I would recommend it, but you should do a PoC. Every use case is different, so I would definitely recommend seeing whether it blocks legitimate traffic or a legitimate application or process.

    There is a famous saying that only 40 percent of organizations know they are being hacked. The other 60 percent are not aware that they are being compromised. A product like Symantec would certainly enhance the security posture of an organization. It gives senior management pretty decent confidence they have a robust and scalable product with a purpose. We are approaching mitigating 99 to 99.5 percent of attacks from happening. Having said that, other threat-hunting and endpoint detection and response platforms will enhance the overall security posture and drastically bring down the risk level of the ecosystem.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Symantec Endpoint Security
    September 2022
    Learn what your peers think about Symantec Endpoint Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    633,184 professionals have used our research since 2012.
    Computer Systems Administrator at a university with 10,001+ employees
    Real User
    Top 10
    Lacks next-generation behaviour-based detection, offers terrible technical support, and not as robust as competitors
    Pros and Cons
    • "The solution detects malware very well."
    • "The stability was not the best. There were times when antivirus updates broke it. It wasn't necessarily self-updating - at least, not in terms of the virus signatures. It updated in terms of the executable files. Therefore, when Windows updates would come out, they often couldn't be installed, or the computer would hang due to the fact that the updates weren't compatible with the antivirus."

    What is our primary use case?

    The use case for the solution was basically this: any computer or anything used for any sort of official business needed to have endpoint protection and needed to have some sort of antivirus protection. The thing was somewhat more than just an antivirus, it also included a firewall that operated in addition to the Windows or Mac firewall.

    The university policy basically required that all endpoint devices used for official business have to meet certain requirements and one of them was to have an antivirus.

    How has it helped my organization?

    The solution probably caught some malware a certain percentage of the time and that helped the organization. By the time we abandoned it, it was actually less effective, at least on Windows 10 machines, than the built-in antivirus that you get with the Windows 10 Defender Antivirus. It became, in the end, sort-of a liability.

    It also became a liability when the company was sold to Broadcom. The name is actually different now. I don't think it's called Symantec Endpoint Protection. It's called Broadcom Endpoint Protection. We had a very difficult time even getting in touch with the technical support from that company, especially after Symantec was sold. It wasn't a very robust solution.

    What is most valuable?

    The solution detects malware very well.

    What needs improvement?

    It wasn't a very good solution overall, which is why we ended up replacing it.

    Most organizations are choosing a next-gen antivirus, one that's based on artificial intelligence. Symantec Endpoint Protection was one of those legacy products that have been around forever. Symantec was a spinoff from Norton. Norton Antivirus was one of the very first antiviruses to come out in the 1980s. Symantec was very highly rated at one point in its life. It never really caught on to the new trends and antivirus protection. And so it still relied on things like a database of virus signatures that would need to get downloaded and then files would be checked for those signatures.

    Modern antiviruses don't do that. They're based on behavior. They're based on intelligence algorithms. They're honed by artificial intelligence and machine learning from data collected all over the world. And so for that reason, the next-gen antiviruses are much more efficient at detecting viruses. They also take up a lighter load on the computer.

    Next-generation is behavior-based detection rather than signature-based detection. Symantec tried to be a hybrid between the two. It had a behavior-based component called SONAR, however, it was still mostly a signature-based software antivirus application. For that reason, you can never keep up with all the mutations and viruses, and you can't keep up with malicious behavior that isn't based on viruses. Things like downloaded PowerShell scripts, things that computers can do with the components that they already have without needing to put any virus on the computer. A lot of malicious attacks, government-backed attacks, don't use any kind of foreign software. They take advantage of vulnerabilities within existing operating systems like Microsoft Windows or the various versions of Linux or the Mac operating system. They don't need to put additional software on the computer to compromise them.

    That, in a nutshell, is why we switched to a next-gen antivirus. Next-gen antiviruses have probably been around for about five or six years. Some of the old companies made the transition to them seamlessly. Symantec didn't. It remained wedded to the old technology and that made it, you could say, a has-been.

    For how long have I used the solution?

    I've been using the solution for many years. It's probably been about ten years at this point, at least a decade.

    What do I think about the stability of the solution?

    The stability was not the best. There were times when antivirus updates broke it. It wasn't necessarily self-updating - at least, not in terms of the virus signatures. It updated in terms of the executable files. Therefore, when Windows updates would come out, they often couldn't be installed, or the computer would hang due to the fact that the updates weren't compatible with the antivirus. I give it pretty poor score for robustness.

    What do I think about the scalability of the solution?

    It was scalable just due to the fact that had to be installed individually on individual computers. For the unmanaged workstations, it was as scalable as you wanted it to be. There was a new download and a new install on a new computer. There are no limits on that. I'm not sure, however, how true that is, as it wasn't within my area of responsibility. I'm not sure if the managed work points overloaded the servers that were meant to monitor them. I don't think that was the case. The scalability was probably pretty good there too. I never heard any complaints about it not being scalable.

    We likely had between 10,000 and 20,000 users on it. The roles would include, since it's a university, students, faculty, staff, and researchers. That pretty much covered the type of people that work at a university.

    We don't plan to increase usage as we've completely phased out the solution.

    How are customer service and technical support?

    Once Symantec was sold to Broadcom, it became very difficult to reach out to technical support, and they just stopped being responsive. By the end, we were very unhappy with their level of support.

    Which solution did I use previously and why did I switch?

    I've been at the organization for 21, 22 years. Originally, before we had Symantec, it was McAfee antivirus. We had that up until maybe about 2010 or so. Now, we are using CrowdStrike Falcon.

    How was the initial setup?

    The initial setup was not complex. It was simple.

    The deployment was always ongoing due to the fact that, as a university with something like 16,000 employees, computers were getting bought and repurposed all the time. The initial rollout was in fact not a managed version of the antivirus. It was just a standalone version that users could download from a website when they provided their credentials. After that, they would just double click on a downloaded file and run the installer and they'd have the antivirus.

    However, it was completely unmonitored. The antivirus program on their computer was not sending its data anywhere. It couldn't be helped by anyone remotely to do its job of protecting the computer.

    Therefore, almost all organizations now want to have a managed antivirus solution where there's software installed on the computer, but it communicates with the cloud, and IT administrators at the organization can control this behavior and learn from it.

    In terms of the staff required to handle the deployment and maintenance, there was probably the equivalent of maybe two to three full-time staff that were dedicated to antivirus endpoint protection issues. 

    What about the implementation team?

    We handled everything ourselves in-house. We didn't need the help of a consultant or integrator.

    What's my experience with pricing, setup cost, and licensing?

    We pay on a yearly basis. However, I'm unsure of the exact amount.

    Which other solutions did I evaluate?

    We did evaluate a number of other vendors. We entertained some RFPs and we did testing on four other competing products. There was one other competitor that was close. The main factor that tilted us toward CrowdStrike is that they did make a last-minute significant cut in price to their offer. I think they reduced it by something like 30% or 40%.

    CrowdStrike has been in the business longer and is a bigger company than the runner up as well. To us, that mattered. If there is winnowing out of competitors, if the market actually shrinks and there are a few big players in five years, we want to be sure that we're with one of the big players that are going to make it.

    What other advice do I have?

    The solution is a kind of a mix between an on-premise managed server that managing some machines, and other machines just had an unmanaged client that was distributed to students. It's not actually a cloud, it's a server. It's an on-premises server. It's not a cloud-based server that is being used. The antiviruses report to the server and policies can be set on the server.

    I'd advise users to be aware that there are better solutions out there than this. I've learned that technology can change and your solution may be great now, but in a few years, it may drop to the bottom of the barrel. That's what happened here.

    I'd rate the solution one out of ten. In order to get any sort of higher rating, they would need to start it over again from scratch. Instead of trying to make a legacy product better, they should abandon it and invent a new product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    SagarShah - PeerSpot reviewer
    Cyber Security Manager at a tech services company with 10,001+ employees
    Reseller
    Top 10
    Provides good control over external devices, and has good reliability, dashboard view, and reporting
    Pros and Cons
    • "The dashboard view and reporting are valuable. It is stable and easy to integrate, and it provides custom options."
    • "Nowadays, threats are changing, and they are moving more towards script control and zero-day attacks. So, we would like to have more control similar to an EDR solution. Symantec Endpoint Protection has certainly come a long way as a traditional antivirus, but because the threats are changing, we would like to have more EDR features so that we have a detailed view of the source from where the infection entered the environment and whether it has tried to connect any other endpoint. It should provide such a detailed view for investigation. It should protect against zero-day threats, etc. These are the key enhancements that can make it a complete solution for any enterprise. Currently, we have seen organizations going for two solutions: antivirus and EDR. With both these capabilities, it would be a complete package."

    What is our primary use case?

    We have used Symantec for several scenarios depending on a client's requirements. We have used the Symantec solution for host integrity, device control, and communication policies. It has the host integration part where we get the custom option to add certain scripts.

    Most of the clients have been using it on-prem, but we are now looking into the cloud or SaaS environment because it would be much easier to manage the infrastructure. Our clients have Amazon AWS and Microsoft Azure.

    How has it helped my organization?

    Policies are very important and valuable for us. We have to ensure the security of the client environment. We have to ensure that there is no tampering, and restrictions are applied to the devices when one uses third-party devices such as storage and pen drives. It has the flexibility to integrate with other devices.

    It is helpful in identifying the rogue devices in the environment where we don't have any agents deployed. We can identify them through Symantec. We have also heard that with cloud Symantec, we can do remote deployment through the console itself.

    What is most valuable?

    The dashboard view and reporting are valuable. It is stable and easy to integrate, and it provides custom options.

    The agent is lightweight, and the response to the known infections with regular updates from Symantec is also valuable.

    What needs improvement?

    Nowadays, threats are changing, and they are moving more towards script control and zero-day attacks. So, we would like to have more control similar to an EDR solution. Symantec Endpoint Protection has certainly come a long way as a traditional antivirus, but because the threats are changing, we would like to have more EDR features so that we have a detailed view of the source from where the infection entered the environment and whether it has tried to connect any other endpoint. It should provide such a detailed view for investigation. It should protect against zero-day threats, etc. These are the key enhancements that can make it a complete solution for any enterprise. Currently, we have seen organizations going for two solutions: antivirus and EDR. With both these capabilities, it would be a complete package.

    For how long have I used the solution?

    I have been supporting various clients for six to seven years.

    What do I think about the stability of the solution?

    It is stable, and that's why I recommend Symantec, especially when it comes to the server environment.

    We follow the N-1 process. Whenever there is a new version, we don't upgrade immediately because there can be potential risks. We upgrade to a new version immediately only if we get the recommendation from the vendor or they have fixed any vulnerability or issue that was reported. Otherwise, we follow the N-1 version approach for upgrades.

    What do I think about the scalability of the solution?

    I have not seen any challenges with the scalability of the solution. I have worked with multiple clients. One of our clients has about 30,000 end users. They are located in eight to nine countries and have about 15 different remote locations.

    We have plans to increase the usage of the product, but it all comes down to client requirements. It depends on their environment, its size, and how we want to further enhance that.

    How are customer service and support?

    Generally, we get a response, and it works, but we have seen some delays or very generic responses. If there is a quarantined file and we need information about what kind of data is there in that file, it takes a lot of time. We sometimes have to escalate to the next level for getting a proper and timely response because it's our client's data that is in quarantine. I would rate them an eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have worked with multiple solutions, such as McAfee, Cortex, and CrowdStrike. McAfee has several components, and if any component stops, it impacts the compliance status and puts everything at risk because the definition will not be distributed. Symantec has an edge there because it does not have too many components. Only with the GUP server, we can distribute the definition in remote locations, which makes it easier. It also provides a view of all the GUP servers in the console.

    EDR is a different solution. It provides complete visibility and footprint of zero-day and other threats based on the behavior. Symantec also provides that, but it needs more enhancement on the investigation part.

    How was the initial setup?

    Based on what I have seen and the feedback I have received, its deployment is straightforward. It takes almost a week because it goes through various stages, such as planning, designing, and deployment. It also depends on a client's environment.

    The implementation strategy varies, and it depends on a client's environment, such as whether they are a huge organization or whether they have multiple remote locations.

    After the deployment, the next stage is doing the configuration, which takes a little while because it involves engaging different departments of a client and doing segregation and restructuring.

    It doesn't take more than four to six months for the technology to mature in the client environment. Immediately after deployment, we start making changes to tune the policies based on a client's requirements and define the exceptions. It takes four to six months to have a stable environment.

    What about the implementation team?

    We have a separate team that does the deployment, but I do share some recommendations depending upon the client environment. After the deployment, that team hands it over to my team for operations, and then we make the changes. So, they do the basic deployment, and we then take over and make the solution mature.

    Generally, its deployment does not require more than two people. At the initial stage, they collect and gather information from various sources and proceed with the deployment, and then it takes some time to do the configuration. So, two people are good enough for initial deployment, but when it comes to rolling out the agent to the entire landscape, it takes time. You have to engage various people from different departments. The people involved in its deployment and configuration are administrators and engineers.

    It usually doesn’t require much maintenance. We do our regular health checks to see whether the definitions are getting updated or not and whether their replications are working or not. Its maintenance is a one-man job, but the operational activities of the organization generally require two to three people, but the number can vary based on the size of the environment.

    What was our ROI?

    Our clients have certainly seen an ROI. They have been using the solution for a long time. They don't want to switch from one solution to another, and that's why we recommend the most stable ones to them.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is handled by a separate team. Whenever a new client asks for a recommendation, we provide it, but they deal directly with Symantec or other vendors for the pricing.

    What other advice do I have?

    You should first understand a client's environment in terms of:

    • What does the client environment look like?
    • What is the size of the environment?
    • What are the features they are looking for?
    • What is the criticality of their environment?

    All these aspects are important. At times, we have seen that clients just ask for the best solution, but they don't have a vision of what would make a solution best for them and what are they expecting from it. They should summarize their requirements, and accordingly, you can propose how Symantec can meet their requirements.

    Overall, I would rate it a nine out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Senior IT Security Officer at Lion International Bank
    Real User
    Top 20
    Lightweight, requires little maintenance, and scans for malware proactively
    Pros and Cons
    • "The application and device control functionality is good. We are able to see which applications are installed using the product management dashboard."
    • "It would be helpful if this product provided patch management functionality."

    What is our primary use case?

    My primary use case is malware protection. I also use it for device control, application control, and more. We are a financial institution.

    How has it helped my organization?

    The stability of this product has improved the way our organization functions. There is little maintenance, and it doesn't take long to install or uninstall. Once it is configured correctly, there is little chance of it failing.

    This means that we have more of our technical staff available to work on other problems that occur.

    What is most valuable?

    The most valuable feature is the proactive malware scanning capability.

    When you are performing simple tasks, it is not as demanding on resources as compared to other security products. This is an aspect that I like.

    The application and device control functionality is good. We are able to see which applications are installed using the product management dashboard. This gives us the ability to monitor workstations, including which applications they have in which tabs.

    There are extensions available, such as the Browser extension, to deal with specific types of attacks. This helps to protect against hackers. I have tested it with samples and it protects the system well.

    The interface is simple to use.

    What needs improvement?

    One issue that comes to mind is that there is no way of specifying categories that the firewall should block. It is able to block specific URLs but other solutions, such as Kaspersky, allow you to block access by specifying a category.

    It would be helpful if this product provided patch management functionality.

    Compared to Kaspersky, the reporting features are not rich. Overall, the reporting capability needs to be improved.

    For how long have I used the solution?

    I have been working with Symantec Endpoint Security for between 12 and 18 months.

    What do I think about the stability of the solution?

    This is a very stable product. It is the feature that I like most about the product because when we were using other ones, we had failures. With this solution, there is no frequent failure of the components.

    For example, in other products that we've used, the virus definitions didn't update and systems were compromised because of it.

    What do I think about the scalability of the solution?

    We have approximately 3,000 users that are protected by this solution. We add branches and more computers weekly, and we don't have problems doing so.

    We were able to easily integrate with Active Directory using the Symantec Manager, so I would say it's very scalable.

    As we add more branches, our usage of the product will continue to increase.

    How are customer service and support?

    We have not been in direct contact with Symantec technical support.

    The training and documentation that they provide are helpful. There is a good amount of documentation that helped to provide us with a complete picture of the product. It's nice, neat, and easy to understand.

    Which solution did I use previously and why did I switch?

    Prior to Symantec, we used a solution by Kaspersky.

    We use other anti-virus products and this one is less resource intensive and more stable than the others. It is also simpler to use.

    Symantec Web Security Service (WSS) has some good features that I wish were in this product. Unfortunately, it is another subscription.

    How was the initial setup?

    It does not take long to install this solution.

    Unfortunately, the order that we followed was not recommended. We just deployed and then obtained subscriptions after that. This is not a recommended approach for deployment. However, we have a good partner and a good support team.

    Due to our limited bandwidth, we had to install manually rather than use the web-based deployment. This meant that it took us longer because we had to visit each of the physical workstations. In total, it took approximately two months to deploy.

    What about the implementation team?

    We deployed the solution ourselves. There were seven or eight people io the team and different staff members were given different duties. All of them are system administrators.

    We have three people that handle the maintenance. They monitor the dashboard for possible compromises, and our specialists have to use the device protection and application controls.

    There are also tasks related to reporting issues that arise during monitoring, including those concerning possible attacks or infections. One of the managers in our IT staff is responsible for updating the definitions that we get from Symantec.

    There was an incident where we had problems with a password and we had difficulty recovering it. We contacted our local partner and I think they contacted Symantec. After that, we recovered the password. That was the only maintenance-related problem that we had.

    What's my experience with pricing, setup cost, and licensing?

    The pricing was one of the factors that led us to choose this product.

    That said, I was not the decision maker. I simply proposed it to our manager.

    Which other solutions did I evaluate?

    When our subscription to Kaspersky ended, we were tasked with comparing features between different solutions. The three options we considered were Symantec, Kaspersky, and Sophos.

    One of the things that we liked about Symantec is the low resource utilization. I am not the person who completed the analysis but I know that the fact it is lightweight was one factor.

    We liked the functionality that Sophos provided but the deployment scenario functionality was not useful for the workstations in our environment. It involved deploying the dashboard to workstations in the cloud, which is not our preferred approach.

    Kaspersky has richer reporting capabilities. This is an area that could be enhanced in our Symantec solution.

    What other advice do I have?

    We deployed the product one and a half years ago, and we received training to configure and maintain it. It was recommended that we complete our training in terms of policies, which is something that we also did. Once that was finished, we experienced the stability and good features that the product provides.

    This is a product that I have recommended for use in another company. I have been told that after they adopted it, they were pleased with the fact it consumes fewer resources than their previous solutions. They manage it from the cloud.

    Currently, I am referring another company to this product and my understanding is that they're going to implement it.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Sr. Professional Services Engineer at a computer software company with 11-50 employees
    Real User
    Top 5
    Offers excellent advanced and modern features and does a great job at protecting your environment
    Pros and Cons
    • "The firewall, IPS and device control are useful at protecting the environment."
    • "There is a lack of reporting and alerts."

    What is our primary use case?

    The primary use case for this solution is to protect all endpoints in a complex enterprise environment, including it's servers, workstation, Citrix-based systems, includes Windows, Linux and Macs. We're a small company, under 50 users. But we deploy Symantec to companies that have from a few hundred to dozens of thousand users, therefore I have extensive experience with the product. We are partners and resellers and I'm a senior professional services engineer. 

    What is most valuable?

    All the features are great with the core being antivirus, spyware, Artificial Intelligence and Advanced Machine Learning, and capabilities like reputation analysis based on their huge footprint, firewall, IPS and device control are very useful at protecting the environment. Unfortunately many companies just use the basic, out of the box solution. Even when they turn on the firewall, they will use it just with its default settings, but if you really learn how to use it and deploy it correctly, it provides much more protection. With Symantec adopting the AI and many of the new protection features like file-less attacks and other modern technologies, it's very attractive and makes a big difference. EPPs by nature have so many parts to it, they can be daunting, even to those with experience, but once deployed it's quite easy to use.

    This is a very complete solution. It has all the pieces that you need. Like many companies, Symantec also sell an EDR solution, and it is a feature you'd want to add to an endpoint solution. 

    What needs improvement?

    I think Symantec, like many of its competitors, doesn't have comprehensive built-in reporting. The product keeps improving, but reporting and alerting is not keeping pace, and these are critical.

    For how long have I used the solution?

    I've been using this solution for about 13 years. 

    What do I think about the stability of the solution?

    This is a very stable solution. 

    What do I think about the scalability of the solution?

    In terms of scalability, it's one of the best out there. I did a project for a major hotel chain that also has rental properties. Some of these places have five users, and then others have 200 users. When you deploy in a company like that, scalability and the ability to protect remote places without having to put a server out there, is critical. And Symantec just really scales up. It's very efficient. It can be used in a company that has a lot of remote users, like oil companies with remote locations. It's a solution that allows you to support a worldwide company that might have offices in dozens of countries, and it just works.

    How are customer service and technical support?

    The technical support is similar to other companies. You're assigned a low level guy on your first call. We don't have issues with the basic things, it's more about the bigger problems so we always have to escalate and they do a good job of it.

    How was the initial setup?

    The initial setup is super easy. Deployment is faster than in other solutions but it still takes time. It needs to be done in steps. You initiate it with a test and pilot to discover false positives or whether it might be blocking things or creating an issue on your network. A lot of companies have custom code programs and typically any EEP would trigger false positives. The companies we deploy to are generally medium or large so you have to be strict on your load because the impact can be brutal if not done right. You then carry out an expanded pilot and once you're satisfied that it's not going to bring your network down, you deploy it almost at once. You go from deploying it to 25 endpoints as a test to maybe 200 endpoints as an expanded pilot, and then you deploy it to 5,000 computers over a relatively short period of time.

    We generally offer up to a six-month window for implementation and it usually takes between two weeks to six months to fully deploy. The process isn't difficult, you just have to be careful. You can deploy all the features in a month if it's a small environment including all the testing and pilot phases. 

    What's my experience with pricing, setup cost, and licensing?

    My understanding is that the price is quite good and competitive. My advise is to invest the necessary time and effort to deploy it correctly and with minimal disruption. In the enterprise arena, if you don't have the in-house expertise in the more complex areas of the product do your organization a favor and get expert assistance.

    Which other solutions did I evaluate?

    Many, there are numerous great solutions in this market and they all offer great protection. The differences are in the feature sets, some for example don't have firewall, device control or Intrusion Preventions, or for example don't have the scalability required to deploy to companies that have hundreds of remote offices that have a few computers and hardly any bandwidth, and they can cause bottlenecks.

    What other advice do I have?

    It's like any enterprise solution, it needs to be done professionally. People complain about Symantec, claiming it's messed up their system but I've deployed it to hundreds of places of all sizes and have had few issues. The problems are self-induced because the people deploying didn't know what they were doing, and didn't understand the solution. They didn't do the pilot, they didn't do the best practices. And so something happened, messed up the system, and created problems, and they blamed the product. 

    This remains a very viable solution. There's a lot of sexier stuff out there, but Symantec brings a lot to the table with their introduction of AI and the latest technologies. They continue to be a well-designed system that just works. 

    I would rate this solution a nine out of 10. 

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    IT Director at a comms service provider with 10,001+ employees
    Real User
    Top 20
    Offers good scalability capabilities and nice stability with great protection against any kind of malware
    Pros and Cons
    • "The product has been quite stable."
    • "The technical support could be a bit better."

    What is our primary use case?

    The primary reason we use the solution is to protect the device and to be sure there isn't any kind of malware. The device is protected from any kind of malware is the basic level of the solution. We use the control applications to blacklist applications that we don't need to use, and that we have blocked on the Microsoft group policy. We use the antivirus to do the same thing. That way, if the final user tries to install any non-approved software, the antivirus removes or blocks the application.

    What is most valuable?

    The protection against any kind of malware is the most important feature of this product. It really helps to keep the operations system clean.

    The product has been quite stable.

    We've found the scalability to be very good.

    What needs improvement?

    Today, it's just a question of understanding the update package of the operating system as the antivirus software in and of itself is not enough.

    This is due to the fact that if I have not updated Windows, I have a huge breach of security. The idea for us, from our point of view, is that the antivirus needs to understand how if Windows is safe. If the operating system is safe, the antiviral has less work to do. From a security point of view, both of them need to work together. It's not just the task of the antivirus to keep all the computers safe. The operating system needs to be updated too.

    The operating system and the antivirus need to communicate better with each other and exchange information so that I know everything is secure. It needs to be more clear when things aren't aligned and need to be repaired, in order to avoid the risk of a security breach.

    The technical support could be a bit better.

    For how long have I used the solution?

    We've been using the solution for just about a year or so. I'm quite new to the company. That said, it's my understanding that the company has been using the solution for about six years or so.

    What do I think about the stability of the solution?

    The stability is very good. It's reliable. It doesn't crash or freeze. There are no bugs or glitches. It's quite good.

    What do I think about the scalability of the solution?

    We have no problem with scalability so far. We are a growing team and company and so far it's been growing with us. It scales well. 

    As of today, we have around 4,000 users, however, we are still growing.

    How are customer service and technical support?

    Technical support is a bit of an issue. In Brazil, when we need technical support we use a partner. Every time that we contact Symantec, it will take a long time to get the answer. The primary contact is the partner who implements the software here. It's a local company from Brazil that handles all the support information and services for us. We just needed to make contact with Symantec one time however, the answer was so long that the partner got the answer to us first and therefore we really stopped trying to directly reach out.

    How was the initial setup?

    We don't have too much trouble with deploying the solution. 

    We have a policy software that controls all the policies and deploys with the software. I really don't know too much beyond that, however, as we have a security team that handled the installation, deployment, and maintenance. I haven't heard anything negative, however, which makes me assume everything is very straightforward.

    What's my experience with pricing, setup cost, and licensing?

    We pay a yearly licensing fee. The fee was paid last year, however, I don't have access to the exact costs. It may have been renewed before I started working with the company.

    Which other solutions did I evaluate?

    Today, we are looking at Kaspersky. We want to see if it can handle dealing with Windows updates in a better way than Symantec. They have some interesting features that take a pretty deep look inside the Windows system in order to protect it. We feel the antivirus needs to go farther into the Windows system and down to the endpoints themselves and really take a look around in order to effectively protect it from attacks. We're currently searching for more information to see how Kaspersky stacks up.

    The pricing is also quite different between the two solutions and this may affect our decision as well.

    What other advice do I have?

    We're just a customer and end-user.

    I'm finding that, in Brazil, Symantec's services need to be closer to the customer and the antivirus itself is not enough for an IT department to keep the company safe. It can't just protect user data. It needs to go further and protect all of the company's devices and software. 

    I can have the best antivirus software, however, we find that if our Windows disk is not updated or has a security branch, something can attack the security branch in the Windows and sometimes it's a virus software. That's why Windows needs to work more closely with this product - or any antivirus.

    In general, I would rate the solution at an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Marbella Ibarra - PeerSpot reviewer
    CEO at CT AMERICA
    Reseller
    Top 5
    Scalable with good central management but needs better technical support on offer
    Pros and Cons
    • "The solution, especially in older versions, is quite stable."
    • "The support needs to be better. When we upgrade, we can run into issues, and it's hard to get the help we require."

    What is our primary use case?

    We use the solution in order to protect all the computers and servers that we are using on the premises to have some controls against some threats. We are using it as anti-malware protection on the Endpoint Security side, and for encryptions for the high-risk drives on the encryption side.

    What is most valuable?

    Symantec has similar functionality and characteristics compared to other solutions in the market. However, we found it was easier for us to upgrade Endpoint Encryption. The main characteristic and the main advantage that we saw was that it could handle all the settings through a central point.

    The solution, especially in older versions, is quite stable.

    The scalability is good.

    What needs improvement?

    We have many issues with the way that Symantec is a data entity in our active directory. 

    We need to protect all personal devices such as mobile phones. We can't do it at the moment via this product. It is a very important aspect that is missing at this moment. If they could add mobile detection, that would be ideal. Currently, we are using a lot of mobiles as we work from our home. 

    The support needs to be better. When we upgrade, we can run into issues, and it's hard to get the help we require.

    Newer versions can be a bit less stable.

    For how long have I used the solution?

    We've been using the solution for the last eight years, more or less.

    What do I think about the stability of the solution?

    The solution is mostly stable, however, when we need to upgrade, at this moment we need help due to the fact that we don't have good technical support locally. 

    We have been using older versions, as they are stable versions for us and we don't know how to upgrade completely to the latest version. That is the issue that we have at this moment. We need to be trained, however, we don't have any access to training, especially from Symantec. For the last two years, and it is hard.

    What do I think about the scalability of the solution?

    The scalability is pretty good. We can increase the number of computers managed by the solution, and we can increase the passes. We have been using these solutions for the last eight years due to the fact that we don't have any kind of problems. 

    That said, when we tried to upgrade, when we got the newest features, the newest protections, we had a lot of problems as we don't have any Symantec specialists available for us to help us, to train us, and to give the appropriate support. That is the main issue that we have right now.

    How are customer service and technical support?

    Technical support needs to be better. We don't have any specialists available for us. We are located in Latin America. We are located in El Salvador, in Central America. We don't have any specialists available for us in order to help us or to teach us how to solve our problems. We are looking online mostly at this point for some advice in blogs and forums. That's not what our expectations were when we signed up. We open tickets through the webpage and nobody happens. We are a little disappointed in that sense.

    Which solution did I use previously and why did I switch?

    We have not moved to another security solution due to the pandemic, as we have been working irregularly. We have been closed for around one and a half years. Then we have been working some days in the office, some days from home. It has not been a good moment for us to change the solutions, however, we are thinking about it, not due to its scalability or stability, or even due to licensing. We have been talking about changing because of the lack of good technical support.

    How was the initial setup?

    It's easy to set up all the devices that are managed by the active directory, however, many devices that we are using right now to work are not managed by the active directory. For example, cell phones or any other intelligent devices. We can't protect them through Symantec Endpoint Protection, Endpoint Security.

    For laptops and desktops managed by the active directory, it's relatively easy to deploy. It's not a problem as we only set a policy when a laptop or server or desktop is added to the active directory so that it's transparent. It's added immediately to the Symantec console in a transparent way. 

    The deployment is immediate. With the equipment managed by the active directory, it's five minutes or less.

    What other advice do I have?

    We are a reseller.

    We are using Symantec Endpoint Security and we're using Symantec Endpoint Encryption.

    We have it implemented on-premises.

    I'd advise other companies to consider the solution. It's necessary. If you have a good team of specialists around you, it's a good option.

    The most important thing is to have someone to help you, especially if all of your users are working regularly from different places, with different issues, with different connections through your infrastructure. If you don't have the skills, or you don't have good advisers or good technicians to help you, you are lost. 

    I'd rate the solution at a seven out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Buyer's Guide
    Download our free Symantec Endpoint Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free Symantec Endpoint Security Report and get advice and tips from experienced pros sharing their opinions.