Symantec Endpoint Security Reviews

Symantec Endpoint Protection has an antivirus with anti-malware and application control capabilities that we use to protect assets like servers, workstations, and ATMs. There's a central management server we use to manage all the endpoints, regardless of the categories, and we install an agent on all the endpoints that reports to the management server. 

If I want to check the status of any asset, I need to get the details like the IP address and the hostname of the system. The management server will give me the current status. I have three different kinds of agents on the endpoint that I can use to control access. 

The agents for the ATMs and servers aren't as heavy as the ones for workstations. It's a stripped-down version that removes some of the components and add-ons that are not part of the endpoint protection engines, so the agent is lighter and can be deployed faster. The activities on servers and ATMs are dynamic, so the antivirus must also be very light. To centrally manage the antivirus, I have to set up distribution points because I have more than 14,000 endpoints altogether distributed across more than 250 branches in Nigeria.

I set up distributional points on systems and ATMs. The ATMs are always on the network because they're connected with other points at every branch and location. I need them to be distribution points. When I need to send a file to update all the other systems, I send it to these distribution points. These distribution points in Symantec record the data needed to update all the other systems 

Let's say I have two different locations. I will have the updated data at location one, and I have other data at location two. These different locations have their own IP subnets, so I will configure the update data so that the IP within that subnet can talk to it and no other IP outside the subnet. This one makes ensures my assets, ATMs, workstations, and servers can update as soon as possible.

I'm always compliant. The servers in the data center don't need to talk to any distribution points. They talk directly to the management server to get the updates regularly because the servers are always on the network at the data center, the workstations that people shut down at the end of the day. Any time people connect to the network, the system will update automatically. That is the normal architecture for Symantec.

Symantec centralized our intrusion detection system while creating additional layers of security at the endpoint level. We're not relying on the central intrusion detection system. It gave us more value than expected. 

The solution also helped give us visibility into compliance within our whole system and ensure everything is updated. I can tell you the number of outdated systems from the same management server. In the same console, I can remotely trigger an update on any system. Symantec offers more flexible administration than other solutions. Most other antivirus products get updates directly from their portal, install them on the management server, and all the endpoints pull the update from it. Sometimes, an endpoint may not update. The update might be on the endpoint, but the system will still not pick up.

Most other antivirus solutions can't do a workaround like Symantec, where you can download the JDB file from the portal and copy the file to a specific path on the problem system. You don't even need to install it. Once you drop the script into the system, it will run automatically. After 20 to 40 seconds, the system will be updated, and the status will turn green. 

Using distribution points is also a game changer because it has saved it. Symantec considers that you may have bandwidth issues in this part of the world. You can leverage the update and push the file through locations with inadequate bandwidth. When you push the file through, the update can pull the data file and distribute it across the other endpoints.

Having this flexibility makes the solution easy to use. You can also segment the systems according to assets. It lets you classify servers, ATMs, and workstations separately. You can have different versions because of the flexibility. You can remove some components before generating the agent you are installing on the endpoint. 

I get around 95 percent compliance, meaning that 95 percent of the systems are up to date at any time. I also want to take it a step further to achieve around 98% because I have discovered some systems are not updating.

Then there is another file called the JDB in Symantec that I download regularly and distribute across all the ATMs, which I use as my distribution points. I will run a script to pick this JDB file and copy it to a specific path on all the outdated MAA workstations to update them automatically.

Overnight, I usually copy the script to all 256 distribution points across the nation. The next day, I will run another script that goes to the specific distribution point, acquires the JDB file, distributes it to the list of data systems I have prepared by location, and copy the file to those computers. They will be updated automatically. 

That has been fully automated. I download the file every day at the close of business. It is shared through a script that is already automated across the distribution points the following day at 9:00 am because it's expected that people will resume work by 8:00 am. By 9:00 am, I expect every system to be on. The outdated systems will be targeted with the JDB and updated. 

What I like most about Symantec is the intrusion detection module. If you are scanning the environment, it will flag a possible intruder and tell you the IP and where the attack is coming from. Traditional antivirus solutions will never flag that. If you have a traditional SIEM, you might be able to pick that up. Symantec is a holistic endpoint security solution, so when you scan an endpoint, Symantec will let you know that something is happening to it.

Once, there was an unauthorized scan of the environment, and I immediately discovered multiple systems were accessing it. A message will pop up saying that an intrusion was detected scanning from a particular path. We need to check directly because there are multiple similar IP addresses we have to block on our firewall, so the IP cannot access our system again. We've been able to contain attacks using Symantec in the past. It's highly effective.

Another valuable add-on is application control, which I use to prevent some applications from entering my environment. You can block any program installed with the same fingerprint. If the software isn't aligned with the environment, Symantec will stop it automatically. You don't need to buy a different solution, like an app blocker, and deploy it in the background. 

Symantec's application security module needs some improvement. You need to create a lot of fingerprints for application security. For instance, let's say I have different brands of ATMs in my environment, like Wincor and NCR. I use GRG to deploy an application control to whitelist some applications. I have to get the exact image of the different models of ATMs. When I tested in the past, some machines would not connect to the server without that. 

Only the approved software on the ATM should run. Anything outside that should not even come up at all. We did this so that an outside person doesn't introduce malicious software to the ATM. That's the essence of locking down with application control. Using Symantec for application control has been hectic, so I use Carbon Black to do the lockdown.

Checking that data security will work fine with Carbon Black. Carbon Black worked fine. Setting up approval in Carbon Black works differently than Symantec. In Symantec, we first need the fingerprints of the applications running underneath. Before setting up Carbon Black, you first install the agent, allowing it to learn the environment. It will analyze all the software's behavior and provide recommendations for what should be allowed. It's more straightforward, whereas configuring application control in Symantec is a bit cumbersome.

I've been using this solution since 2014. Before joining this bank, I used Symantec at another financial institution, so I'm well acquainted with the solution. It's taken care of many aspects, especially the endpoint, regarding the environment's security.

Endpoint Security is stable.

When you put it on servers and there are performance issues, you can always check the endpoint that's using the most resources and allow that part to not be scanned. 

Symantec has the scalability and flexibility to work in line with what the customer really wants. Some parts of a server are not meant to be scanned. You can still monitor it and get reports. From there, you can decide if it should be excluded. That is one thing I like about Symantec.

I rate Symantec support an eight out of ten. They are pretty solid in terms of technical know-how and support. My only complaint is the process of handing off between two support engineers. Whoever takes over will ask you to start from the beginning. There isn't proper documentation of the call and communication between engineers. 

Let's say you have made 60% progress toward resolving your issue. Whoever takes over from that engineer should be able to pick it from 60% and drive it to 100%. In most cases, the new engineer may even take you back down to 20%. It wastes a lot of time. 

Positive

I use Symantec alongside other security solutions. For example, I don't use Symantec's Global Intelligence Network. I use a different threat intelligence platform called Mandiant in my environment. I also leverage Microsoft for threat hunting. I don't use Symantec for threat hunting.

In the past, I tried Data Center Security on our servers, but since the normal ICP works for us, we did not decide to use it. I tested the features because I was looking for a solution that can lock down some of my legacy systems. During the POC, I compared it with Carbon Black, the solution I have. Carbon Black does a better job and it's cheaper. 

I have a separate solution that I use to manage mobile devices. I'm not using Symantec. There's a solution called Sandblast Harmony that is an add-on for Check Point, which I use as a perimeter firewall. This is a solution that was deployed with it, and I have Sandblast on all my mobile devices.

Before you can install anything like office mail on your mobile devices, you need to be onboarded on that platform before you can set it up. If your device does not have Sandblast installed on it, you won't be able to proceed with the setup. So I don't really even use Symantec to protect my mobile devices.

Setting up Endpoint Security isn't complicated. You need to set up a management server to install the agents, then provide the permissions to the appropriate IPs to acquire the update from Symantec. After that, you set up distribution points for the updated data. It's not something that can be completed in a day. For instance, if you have 200 locations, you can set up three or four daily. It depends on the criticality. That's why you deploy distribution points.

If you are operating a centralized approach, all the workstations, irrespective of the location, can pull the updates from the management server and be managed centrally. However, because of bandwidth challenges, some cannot go to the server and pull the updates. 

You have the flexibility to determine the components you want to generate. For instance, you can have different agents for workstations, ATMs, and servers by selecting the specific components you want to include. Everything is coming from the same management server. When it's time to update, you can do a workaround by leveraging the JDB from the Symantec portal. You must push that JDB  file to a specific path on those affected systems. It will execute and update automatically.

There's a return on investment.

Symantec is one of the major players in that space, so the licensing isn't as cheap as some other antivirus products like Trend Micro. It's reasonable but not the cheapest. Any entry-level Symantec user is coughing up a lot of money compared to the other antivirus software. 

Windows Defender is practically free for customers. When you have the option of using Microsoft Defender, and you look at the price of Symantec, the gap is wide. Trend Micro is a bit closer, so competitive pricing is something Symantec may also need to consider. 

I rate Symantec Endpoint Security a nine out of ten. I use Symantec for multiple endpoints like ATMs, servers, and workstations, but I think Symantec has evolved. They have some specific solutions for ATMs and servers. Generally, I would recommend only using Symantec Endpoint Protection for workstations. For your server, you should deploy different solutions. 

When deploying the solution, you should consider each location's bandwidth limitations. You will also need to implement quality of service on the network so bandwidth utilization is prioritized. For example, you might need to schedule workstation updates during off-peak hours. 

If it is not managed correctly, all the computers might update simultaneously during the peak period, affecting the whole environment and causing service issues. The proper time for updates should be appropriately identified. In my case, we update around 3:30 pm because we close at 4:00 pm. My peak period is between noon and 1:00 pm, so none of my workstations will update at that time. 

In one of our client's environments, they need securing of their Active Directory. The solution is the only product with a separate feature to secure Active Directory as part of Symantec Endpoint Security Complete. The client was also looking for an automated endpoint detection solution. That's why we went ahead with it.

The very comprehensive machine learning platform has been very helpful and we have been able to prevent most attacks and detect and respond to those threats within minutes.

The reaction time for any incident has been reduced drastically. When there is an incident, the EDR engine is based on AI/ML behavioral analytics. It takes direct action and remediates the infected file, isolating the endpoint, and establishing communication between the endpoint and Symantec's threat-hunting SOC. It submits the file automatically, meaning that no manual intervention is required. If there is an attack on a weekend, we can completely rely on Symantec, rather than needing someone to manually upload these things.

Most of our incidents, no matter what has occurred, are automatically addressed. This has reduced our efforts and the time we spend on incidents. That has a direct impact on our business operations. It has improved the efficiency of our operations.

The major benefit of having Symantec's API is that you get access to all the methodologies and mechanisms, and it's accessed in a single dashboard. That makes it a one-stop solution, where you can have everything integrated. It also helps us in orchestrating and correlating our security incidents.

An added benefit is that if you have it integrated with your ticketing system, tickets will also be triggered. You get an SMS alert or an email notification, but that's a secondary thing.

The solution has helped organizations enhance their security posture considerably. We haven't faced any breaches so far, meaning we have been protected adequately. We actively perform quality assessments, penetration testing, and we do forensic analysis. In addition, we have third-party SIEM software monitoring all our assets on a day-to-day basis and they haven't identified any anomalies. That means that Symantec is protecting us well, and we have implemented it and been running it for the last three-plus years for multiple clients.

The most valuable features include the

• Active Directory security
• application controls
• endpoint detection and response.

Whenever there is an issue with respect to Active Directory, Symantec identifies the issues and tries to create a signature to mimic the Active Directory-related attacks in their backend labs. They obfuscate the request going to Active Directory. Even though there may be an issue with patches still not being updated by Microsoft, we have compensating control to prevent those kinds of attacks from happening. Once Microsoft releases patches, we immediately implement them. But until then, Symantec will prevent Active Directory compromises.

And, in some cases, the architecture itself is an important feature because Symantec is one of the very few endpoint services that provides an on-premises management system. Currently, most antivirus and protection providers operate entirely from the cloud. That's a differentiating factor with Symantec. This is very critical in an instance where you should not have access to the internet, or you wanted to have it on-premises. In those situations, Symantec is the go-to product.

In addition, for threat hunting, the API is integrated so that we get real-time updates. The threat-hunting is excellent. They're one of the largest civilian cyber intelligence networks. Symantec was an early starter with respect to threat hunting. They have a global SIEM and a global threat-hunting team. They have custom, built-in tools, and their own threat-hunting intelligence mechanism. We completely depend on Symantec's threat-hunting methodology. We have no complaints so far, and it has been an excellent experience working with their threat-hunting team.

Most incidents come through machine learning. In one or two cases we might need the experts, but most of our issues are known. They have a very good AI/ML engine. Based on the signature or the anomaly, when something is detected, the object that is compromised is isolated and we get an immediate response. A link is then initiated between the infected device and Symantec's threat-hunting team.

Symantec is one of a very limited number of products that supports the entire gamut of devices. It is not only Windows devices that it covers but also mobile devices, Mac, Android, iOS, et cetera.

In a few cases, when we enable the IPS/IDS feature, there are performance-related issues on the end devices. If we run quite a few features of Symantec, especially the IPS/IDF, it consumes a lot of processing and memory capacity. We would like to enable all the features, but doing so should not have a direct impact on the performance of the system. If they can come up with an agent that consumes less memory, that would be a great enhancement.

Also, Symantec is not being promoted from a marketing standpoint. I don't see any promotions for it. There are no road shows, marketing efforts, training, or anything organized by Symantec these days, at least in my region. The product is good, but if you're not marketing it people think "Okay, we haven't gotten any updates about the product." We need to have more road shows and promotions, and we need to have people trained in the technical aspects to gain market share.

I have been using Symantec Endpoint Security for about four years.

We don't have any issues with respect to its performance, in general. I rate the stability at nine out of 10.

It is on the cloud so scaling up is not that difficult. I would rate it a 10 out of 10. It's been helping us for the last three years. We have definitely been growing and Symantec has grown along with us.

Because the threat hunting is done by AI/ML, we have only had to reach out to support when there is an issue. If we write them an email, we get responses promptly.

Positive

We are actively using other solutions aside from Symantec because we cater to different clients. We have used CrowdStrike, Sophos, and Palo Alto XDR to name a few.

We have multiple architectures in place. A few of our clients use it on the cloud and a few have a hybrid with on-prem. The cloud-based setup is very straightforward. Once we create the account, it doesn't take more than 30  to 45 minutes for us to get the setup done.

The steps involved for a cloud instance are that an account is created, the agent is downloaded, and you probably have to push the agent to different systems. That can be done via different means and depends on the number of client machines. We can push it via SCCM or other modules or can push it manually from the central drive by having end-users download it. The process is seamless and we have been able to install Symantec on at least 150 machines within three hours. We had three resources deploying the agents on those machines in parallel.

We do regular preventive maintenance as part of our managed services, but with the cloud instance, we have never had any issues. It is on autopilot. What we do is that we regularly check for threats and whether the threats have been quarantined. We download the daily and weekly reports. The maintenance is done by one person.

We have definitely seen a return on investment. In our clients' environments, we haven't faced any downtime because of ransomware or malware attacks. That itself is a good 30 percent return on investment.

And when it comes to employees' time for detecting and responding to threats it has saved them about 50 percent. They never spend days off or weekends working. There is no need to have anyone attend to this set of problems. If the system is up and we have EDR running, it takes care of everything, from isolating the devices to quarantining the file and uploading the file back to the Symantec backend SOC. Everything is automated and it's seamless.

The pricing is pretty much at the market standard. I don't see any issues with it. It depends on case to case. Symantec is not that cheap and it's not that expensive compared to CrowdStrike. I would put them in the "middle block."

When compared to other solutions, I would give Symantec Endpoint Protection 4.5 out of five. It has interesting features, starting with Active Directory Security. There is no other endpoint solution that will help you in preventing lateral-movement attacks on Active Directory. And Active Directory is one of the more critical assets within an organization. Nine out of 10 organizations use Active Directory, and it is so often a targeted asset. Symantec is the only product that has Active Directory security.

Also, it enables us to have a hybrid architecture in which we can have Symantec Endpoint Security on-prem and integrated with the cloud. We can also have the API integrated into our SIEM and SOAR.

We have been using other endpoint security products as well. The advantage of Symantec is that you don't need a separate product to protect your assets such as Linux or Android. It's equivalent to Intune where we can have a single dashboard and have all devices onboarded. 

On top of that, with Symantec, we have application control and DLP to a certain extent. It means we don't have to have multiple products running in the ecosystem. It acts as a consolidated solution with multiple features and functionalities. This reduces the costs and resources that you would need to manage different products. When you have different products, it leads to cumbersome processes and it is very complex to manage infrastructure. Having Symantec on the cloud makes endpoint protection seamless. We can download the agent, run it, and we are up and running within 30 minutes.

I would recommend it, but you should do a PoC. Every use case is different, so I would definitely recommend seeing whether it blocks legitimate traffic or a legitimate application or process.

There is a famous saying that only 40 percent of organizations know they are being hacked. The other 60 percent are not aware that they are being compromised. A product like Symantec would certainly enhance the security posture of an organization. It gives senior management pretty decent confidence they have a robust and scalable product with a purpose. We are approaching mitigating 99 to 99.5 percent of attacks from happening. Having said that, other threat-hunting and endpoint detection and response platforms will enhance the overall security posture and drastically bring down the risk level of the ecosystem.

With its behavior forensic, advanced threat hunting, integrated response, and Threat Hunter capabilities, it provides good control over security and improves the security posture.

Symantec is a known name in the market for endpoint and server security. The baseline of their products would always be the same, and with the evolving threats, they are also changing the technology. For example, with ransomware or zero-day threats, you don't have any already-known bad files. So, you don't have a signature for those files. They need to be identified based on behavior. If any file is misbehaving, Symantec Endpoint Security can handle it. This proactive approach or IPS is a part of it. Another example would be that you download a PDF file, and this PDF file has a built-in script. When you open the PDF file, in the background, the script starts, but nobody knows that. If you install Symantec, it will see the behavior of the file. If any file other than the required file is being executed, it will detect that and protect the system from that. Recently, a bank had a breach. There was an attempt to copy a file, which was blocked. With threat analysis, we could see that the system was protected but the bad guy had already passed through or gotten inside the network. 

Their Threat Hunter team helps out to know what exactly happened and the type of breach. For example, you clicked on a link that copied malware on a system. Your system is infected but nobody knows how many systems are affected after you. The Threat Hunter team is very good and professional. They would check its footprint on every system. If you have a breach in your environment, you have to contact them to find out what exactly is happening.

Nowadays, people bring their own devices. Most of the time, you don't know what's installed on these devices, which is the biggest threat to the environment. Symantec provides protection based on the analysis of your application, its behavior, and the type of data being sent and received. Sometimes, when you connect your mobile to any other wifi, such as free wifi or hotspot, if there is anything malicious, it can stop the traffic.

It allows you to choose the policies that you want to implement. There are around 7,000 SCSC policies, and of course, you are not going to enable all of them. You can choose the policies that you want. 

It has various components that help you at various stages: pre-attack, attack, breach, and post-breach. It reduces the attack surface. There is a component for breach assessment, device control, application control, behavior analysis, and isolation. All these are a part of its attack prevention capabilities. It also protects Active Directory. There is a tool called Active Directory Defense to stop an attacker from taking control of a user. It detects credential theft and stops intrusion, which is something no other vendor is currently providing. It also allows you to auto-manage policies, and IPS and IDS are also already there. 

It is a complete and the best solution if your use case is small and you need more productivity and more security. With a single console, you get control over Mac, Windows, iOS, and Android. This control is most valuable. 

It provides complete protection with machine learning, behavior learning, and Global Intelligence Network (GIN). The threat intelligence generated by Symantec’s GIN is now a part of the solution. For any file that they find, they get the reference from GIN, and based on the value of their sensors, they are going to say whether it is a bad file or an okay file. This capability is very important.

If there is a suspicious file, it is put into a sandbox where Symantec does an analysis. After the analysis, Symantec marks the file as a risk, but it doesn't blacklist or block the file. If a file is already known to be harmful, I would like them to automatically block or blacklist it to reduce the damage. It will stop the attack by at least 50%. Sometimes, administrators do not see the console on a daily basis, and sometimes, they assume that Symantec will block and delete the file, which is not the case. I would like it to block the file so that you won't be able to open the file. 

Another improvement area is reporting. Its reporting is more technical. As a technical person, it gives me 100% value, but if someone from the business staff wants to see what exactly is going on, you cannot give them these reports, and they won't get the value out of it. Currently, the data is not presentable for any C-level person.

I have been using this solution for the last four to five years.

They have been a leader for the last couple of years. There is no question about its productivity. It is a good name in the market. Every six and seven months, they are adding a new component or feature. If they see any gap in the product, they fix it. 

Their support is good. I would rate them a seven out of ten. Their response time varies. If your case is assigned to the India side, they take extra time. They will ask you for the log files, and the next day, they will do a remote session. Sometimes, the client gets frustrated because this is a security component, and they want to resolve the issue as soon as possible. If the case is assigned to someone on our side and we get a highly qualified person, they can handle it within a day.

Neutral

I got a chance to work with other products, such as Carbon Black, Palo Alto, and McAfee. They all are very good products. No product is bad because they are coming after so much R&D. They all are investing their time, money, and people to enhance productivity, but Symantec has been there from the start. The way they design their solutions is very important, and now, they have GIN, which is very important.

I once deployed Cylance in a bank. It had endpoint protection and EDR, and two agents were installed on the system. One was for protection and one was for recording the incident on EDR. It would capture so many files, which Symantec doesn't do, and mark them as harmful or not. Based on what I was told, it decided that based on the virus total. When they get the file hash, in the back end, they would run a script, scan it, and then give a report based on the virus total. They don't do any technical evaluation of file structure or file behavior. I found Java files to be a big problem with that solution. Symantec is comparatively a much more mature solution, and their support is also very good. They provide support for the whole product and not just a component.

It offers flexible management and deployment options. You can install it by watching a video on YouTube, but for the implementation design, expertise is required. For example, if you are implementing it in a big bank where you have 5,000 to 6,000 endpoints and multiple branches, you need to have an implementation strategy and see how to take care of the database, replication, and other things. At that time, your expertise is going to be used for designing the solution.

It takes about 30 minutes to implement the server and the policies. The rest of the things are going to be installed by the agent, which is dependent on the network. In the same building, if you have SCCM or another deployment tool, it is a one-hour job, and it can be done by one person.

In terms of maintenance, you have to take care of your server and download the updates on a regular basis. This is only for Symantec Endpoint Protection Manager (SCPM). If you are a cloud site, you don't need that. Symantec will do it. For on-prem, you need a person to log in and do the updates, and there might also be a little bit of maintenance of the database.

You get the ROI within the licensing period. It is also in terms of the reputation of an organization. Especially if you are a financial institution, your environment needs to be secure.  Last year, a bank in Nairobi, Kenya had an issue with the system. When I inspected it, five systems were already breached. I didn't find their cybersecurity team competent enough. So, I told their CIO to buy this product and enable all the policies. They don't need to log in daily. When required, they can log in and get all the information. They are very happy with it. The only issue is that when a file is identified as a risk, it is not blocked.

It is normal. If you are an educational institute, they give you a very good discount. If you are coming from the banking side, they may or may not give you a discount. I'm working with seven companies, and normally, they get a 65% to 70% discount on everything.

There are various components. You have to know what exactly you want. If you are just going to protect your endpoint, you won't buy Symantec Endpoint Security Complete. You would buy the Endpoint Enterprise, which is on the lower side. Symantec Endpoint Security Complete is on the higher side because you can also manage your mobiles and other devices. EDR is also a part of it, whereas, with the enterprise version, you don't get EDR. Overall, the price depends on the number of security components you want.

When evaluating a solution, I would advise seeing the simplicity of deployment and usage. Some products are cheap, but the operational cost is much higher, and they are a lot more complex. 

If your organization is small and you have a constraint on your system administrator or security administrator, then the cloud is the best solution for you. If you are a larger bank and you don't want your data to be on the cloud side because most countries don't allow you to share your data on the cloud side, you can install Symantec Endpoint Protection, which is then connected to a Symantec Endpoint SCSC. It will be a hybrid solution. Some components are going to be managed from on-prem and some components are going to be managed from the cloud. Feature-wise, if you're going to the cloud side, you can leverage EDR. Otherwise, you have to install an EDR server on your data center.

I would rate it a 10 out of 10. It is a wonderful product.

We use it for endpoints, to protect all the workstations in our company. Endpoints are just one layer requiring security in our environment, and we use the solution for anti-malware and for endpoint detection and response.

The best benefit, of course, is the protection against viruses and phishing attacks. In addition, we are using fewer solutions than before for endpoint protection. Symantec is enough for us.

Symantec is important for our organization. We have confidence in it to protect our workstations. We use it for many different types of protection, such as blocking ports, like TCP and UDP. We don't need to use GPOs from Active Directory to block anything or to use Windows files. It's the only solution that we install on our workstations. If we don't have it on a workstation, that is a cause for concern.

I like the endpoint detection and response. That's the best feature. I also like the fact that we don't need to use a file on the computer, whereas some anti-malware solutions work with a file on the endpoint. Symantec is a very good option compared to solutions from other vendors.

And when it comes to attack and breach prevention for mobile endpoint devices, Symantec is good. Until today, we haven't had any cases of malware on our smartphones. I suppose that the solution is protecting all the mobiles that we have in our company.

It's also very good, based on the last test I did, at fully exposing the extent of advanced attacks, especially when attackers use stealthy techniques to evade detection. While there was something that it didn't protect against, that was 10 percent of the test, which is not huge when compared with other anti-malware on the market.

One suggestion I have for both regular and mobile would be to collect all the information about installed software, such as versions, and give that information to the manager to help with software management. That would be a huge advantage for everyone who administers these tools.

For example, EDR gives me some applications with a version linked to a CVE or a MITRE attack. That's really interesting, But we don't know about other software that is installed and that means we need to install and use other software on the workstation to collect that information. If Symantec could do that, it would help managers improve their security, as they would know all the software installed on each device.

Because Symantec is already installed on a workstation, it would not be difficult for the agent to collect information about the software installed. It wouldn't need to do anything other than collect and share the information. That would be a huge advantage for the administrator. The more information we have about a device, the more secure we can make it. For example, there are types of software that can open a port that an attacker can use. If we know that such software is installed, we could just act before something happens. If Symantec could collect that software information, it would be amazing.

I have been using Symantec Endpoint Security for almost three years.

It's very stable. I have never experienced an unstable system with Symantec.

On the cloud, scaling is very easy, of course. But on-premises, we have had some difficulties, although these are the normal difficulties that any on-prem software would have. If I was using any other system on-prem I would also need to be thinking about disaster recovery and backup and load balancing.

We have Symantec deployed on all the company's workstations, on about 1,400 devices. We have also installed it on about 400 Windows Servers. And we are testing it on two Linux servers as a proof of concept, to see if we will install it on all our Linux servers.

We have contacted their technicians to help us with issues. The last one was very good. He tried to help us with different kinds of troubleshooting, as it was very important to find a solution.

Positive

I have used CrowdStrike, Deep Security from Trend Micro, and Kaspersky. I have also tested Sophos and Check Point Security.

Although in both companies where I have used Symantec it was already there when I started, it has positive evaluations in industry reviews of many anti-malware tools and a good price as well. It provides a good solution at a good price. I expect those are the reasons that these companies chose it.

At this moment, I'm responsible for changing it from the on-premises to the cloud tenant.

We are working with a company, a reseller here in Brazil, that is helping us with some troubleshooting and some of the more complex things. After we tried many scripts, we found one that works really easily. But importing some things to the cloud version is not so good. For example, we exported device control from the on-premises version and imported it to the cloud version and it didn't work. So we will probably need to do it manually. This isn't great for us, because we have many devices and we will need to put them on the cloud one by one. But in general, it's not bad.

In terms of maintenance, on-prem we have to keep an eye on some features because some of our internal vulnerability tests have found that some patches had some CVEs and we had to do some updating. But that was on the management side of the solution that we use to control the devices and agents, not the agent itself. We haven't needed to worry about the maintenance of the agents.

Our experience with our current reseller has been really good. They are good guys with good knowledge of the tools. They have helped us a lot. This reseller is a new one for us. We used another that was very bad, with poor response times.

The new reseller has also helped with the data loss protection solution that we have installed, and with our Web Security Services, which is another software package we use.

The price of Symantec is very good compared to other vendors. I had access to information about pricing when we were renewing. I don't know if the renewal was cheaper than when contracting it the first time, but the renewal price was better than many other vendors' first-time prices.

I formed a good impression of Symantec Endpoint Security when we used a penetration tool on it and on other anti-malware solutions as part of a proof of concept. Symantec was one of the best in that penetration test and that was a surprise for me because I thought it would not be that good. But it gave us really good results in the penetration test.

I have used different solutions, but I prefer Symantec's cloud solution when compared with, for example, CrowdStrike.

My advice would be to start using the EDR as soon as possible to have a good view of your environment.

The management functions in the cloud are better than they were in the past with Symantec's on-premises version, which was not good. The management functionality in that version was terrible. Although it was still very good for protection, the management interface was not good. Now, with the tenant in the cloud, it's better than it was.

We just renewed our license for Symantec a month ago, and we are changing our implementation from on-premises to the cloud platform. As part of that process, we will implement the solution's threat defense for Active Directory, but we still don't have it working. So I can't say, at this moment, if Active Directory is already protected against any type of this attack. But we know SES has that feature.

With the EDR solution, it has helped save us time when it comes to responding to threats, but with only the endpoint solution, I can't see that being the case.

We have used Symantec for several scenarios depending on a client's requirements. We have used the Symantec solution for host integrity, device control, and communication policies. It has the host integration part where we get the custom option to add certain scripts.

Most of the clients have been using it on-prem, but we are now looking into the cloud or SaaS environment because it would be much easier to manage the infrastructure. Our clients have Amazon AWS and Microsoft Azure.

Policies are very important and valuable for us. We have to ensure the security of the client environment. We have to ensure that there is no tampering, and restrictions are applied to the devices when one uses third-party devices such as storage and pen drives. It has the flexibility to integrate with other devices.

It is helpful in identifying the rogue devices in the environment where we don't have any agents deployed. We can identify them through Symantec. We have also heard that with cloud Symantec, we can do remote deployment through the console itself.

The dashboard view and reporting are valuable. It is stable and easy to integrate, and it provides custom options.

The agent is lightweight, and the response to the known infections with regular updates from Symantec is also valuable.

Nowadays, threats are changing, and they are moving more towards script control and zero-day attacks. So, we would like to have more control similar to an EDR solution. Symantec Endpoint Protection has certainly come a long way as a traditional antivirus, but because the threats are changing, we would like to have more EDR features so that we have a detailed view of the source from where the infection entered the environment and whether it has tried to connect any other endpoint. It should provide such a detailed view for investigation. It should protect against zero-day threats, etc. These are the key enhancements that can make it a complete solution for any enterprise. Currently, we have seen organizations going for two solutions: antivirus and EDR. With both these capabilities, it would be a complete package.

I have been supporting various clients for six to seven years.

It is stable, and that's why I recommend Symantec, especially when it comes to the server environment.

We follow the N-1 process. Whenever there is a new version, we don't upgrade immediately because there can be potential risks. We upgrade to a new version immediately only if we get the recommendation from the vendor or they have fixed any vulnerability or issue that was reported. Otherwise, we follow the N-1 version approach for upgrades.

I have not seen any challenges with the scalability of the solution. I have worked with multiple clients. One of our clients has about 30,000 end users. They are located in eight to nine countries and have about 15 different remote locations.

We have plans to increase the usage of the product, but it all comes down to client requirements. It depends on their environment, its size, and how we want to further enhance that.

Generally, we get a response, and it works, but we have seen some delays or very generic responses. If there is a quarantined file and we need information about what kind of data is there in that file, it takes a lot of time. We sometimes have to escalate to the next level for getting a proper and timely response because it's our client's data that is in quarantine. I would rate them an eight out of ten.

Positive

I have worked with multiple solutions, such as McAfee, Cortex, and CrowdStrike. McAfee has several components, and if any component stops, it impacts the compliance status and puts everything at risk because the definition will not be distributed. Symantec has an edge there because it does not have too many components. Only with the GUP server, we can distribute the definition in remote locations, which makes it easier. It also provides a view of all the GUP servers in the console.

EDR is a different solution. It provides complete visibility and footprint of zero-day and other threats based on the behavior. Symantec also provides that, but it needs more enhancement on the investigation part.

Based on what I have seen and the feedback I have received, its deployment is straightforward. It takes almost a week because it goes through various stages, such as planning, designing, and deployment. It also depends on a client's environment.

The implementation strategy varies, and it depends on a client's environment, such as whether they are a huge organization or whether they have multiple remote locations.

After the deployment, the next stage is doing the configuration, which takes a little while because it involves engaging different departments of a client and doing segregation and restructuring.

It doesn't take more than four to six months for the technology to mature in the client environment. Immediately after deployment, we start making changes to tune the policies based on a client's requirements and define the exceptions. It takes four to six months to have a stable environment.

We have a separate team that does the deployment, but I do share some recommendations depending upon the client environment. After the deployment, that team hands it over to my team for operations, and then we make the changes. So, they do the basic deployment, and we then take over and make the solution mature.

Generally, its deployment does not require more than two people. At the initial stage, they collect and gather information from various sources and proceed with the deployment, and then it takes some time to do the configuration. So, two people are good enough for initial deployment, but when it comes to rolling out the agent to the entire landscape, it takes time. You have to engage various people from different departments. The people involved in its deployment and configuration are administrators and engineers.

It usually doesn’t require much maintenance. We do our regular health checks to see whether the definitions are getting updated or not and whether their replications are working or not. Its maintenance is a one-man job, but the operational activities of the organization generally require two to three people, but the number can vary based on the size of the environment.

Our clients have certainly seen an ROI. They have been using the solution for a long time. They don't want to switch from one solution to another, and that's why we recommend the most stable ones to them.

Pricing is handled by a separate team. Whenever a new client asks for a recommendation, we provide it, but they deal directly with Symantec or other vendors for the pricing.

You should first understand a client's environment in terms of:

• What does the client environment look like?
• What is the size of the environment?
• What are the features they are looking for?
• What is the criticality of their environment?

All these aspects are important. At times, we have seen that clients just ask for the best solution, but they don't have a vision of what would make a solution best for them and what are they expecting from it. They should summarize their requirements, and accordingly, you can propose how Symantec can meet their requirements.

Overall, I would rate it a nine out of ten.

We primarily use the solution to protect our endpoints from viruses, malware, cyber-attacks, etc. We can use it for virus scanning and as an end-to-end security solution for our machines. The product is installed on a server, which connects it to our workstations and provides an effective overall network security solution.

We are spread across geographically diverse locations, with teams in Asia-Pacific and EMEA. We deployed the solution to our servers, with multiple workstations, laptops, notebooks, tablets, and other mobile devices connected to the servers. The solution provides threat scanning on the server level, but we also have it installed on some specific high-value devices.

We use the solution's pre-built apps for SIEM, orchestration, and ticketing systems for our workstations and servers, which has significantly helped our SOC operations. Data security is a top priority because we have millions using our apps, and email security is critical. The product provides excellent email scanning and a clear, analytical view of what happens in our application environment.    

Regarding the product's ability to fully expose the extent of advanced attacks, especially when attackers use stealthy techniques to avoid detection, it has powerful and intelligent features. These can easily recognize security threats, including potential threats. The solution also receives virus updates to its threat intelligence to keep up-to-date with new and emerging threats.  

The solution helped to contain attackers attempting to gain control of our Active Directory, primarily through observing our existing users and groups. Any unauthorized third-party additions or atypical users are recognized, and the solution notifies us. If users don't match existing groups or domains, they are highlighted, and we can respond accordingly. This is a vital function for any organization because the security of users and groups is a top priority; we cannot accept false information and users in our system. The solution provides transparency and flexibility among users and groups for us to identify anomalies and respond as required.  

The solution improved our security posture, and it's perfect for any enterprise to protect against threats, malware, and ransomware. Symantec features the best security against all kinds of threats.    

The solution saved our employees' time in responding to threats in the region of 25-30%. It can scan all our application system files and hard drive files, providing transparency into our systems and great flexibility in dealing with security threats.     

We use the Symantec Global Intelligence Network (GIN), and it's an excellent feature as Symantec is a leader in security solutions. The product has all the security features we require as an organization, including intelligent features such as notification alerts and predicting future attacks. The threat intelligence and detection are excellent, and the solution provides great visuals and logs so that we can analyze any attacks on our servers. GIN is a powerful tool in terms of detection capability across endpoints, email, and web traffic, as it can scan them with its advanced threat intelligence. The product can detect threats, report them to us, and quarantine them.   

Comparing the threat intelligence provided by GIN versus competing solutions, Symantec ES is a robust tool that fits us well.  

My assessment of Symantec Endpoint Security for reducing the attack surface of traditional and mobile endpoint devices is that it performs well. It works perfectly for mobile apps, web apps, and cloud-based apps. The tool quickly and thoroughly scans all of our emails and provides excellent results; we have no issues with that.   

The pricing could be more friendly, as the licensing cost can be challenging for small and medium-sized organizations.

Installation of the tool on a workstation requires some technical knowledge, which could be more straightforward.

Regarding usability, the UI could be improved, especially around reporting and logs, making them more accessible to the end user. 

We've been using the solution for two years. 

The product is stable. 

The solution is highly scalable; we can fully scale it according to our organization's requirements.   

The technical support is excellent; they always provide timely resolution of our queries regarding installation, support, deployments etc.

Positive

We previously used McAfee for our local machines and switched to Symantec because of its beneficial features. It's updated and upgraded more frequently, which was of primary concern to us.

The initial deployment was straightforward; Symantec has some excellent solution architects and consulting staff, and they dealt with us directly.

The solution could be cheaper. 

We evaluated Trend Micro, McAfee, and several open-source tools like Norton. We chose Symantec because it provides excellent features and frequent security updates, and the trial version of the product performed very well, exceeding our expectations.

I rate the product nine out of ten.

We use several of the solution's deployment options; we deploy it in a hybrid cloud and on-prem with some local machines and servers. The product works well, and we didn't have any issues with it; it performs well, which is what we expect from Symantec.

Regarding attack and breach prevention for traditional and mobile endpoint devices, the product works well in a traditional environment but consumes many infrastructure resources; it's high on memory and storage requirements. However, in our latest environment, this isn't the case; the solution runs perfectly, and there have been many improvements in this regard.

Comparing Symantec's protection, detection, and response versus competing solutions, Symantec's response, and detection are excellent, especially compared to McAfee, Trend Micro, and so on. Symantec has significantly improved the usability and scalability of its security solution, and we are happy to use it. 

Symantec Endpoint Security reduced the number of solutions we use for endpoint security. However, we already used other Microsoft solutions such as Azure Key Vault, MS Sentinel, Defender for Endpoint, and Azure DDoS. We deployed Symantec because we have some on-prem and hybrid machines and servers, as well as apps running locally which require protection, and that's what it's for. 

My advice to those evaluating the solution is to go ahead and purchase it; they won't be disappointed. Symantec is a giant in the market space, and their solution provides every security feature necessary to minimize the threat from all kinds of potential attacks.

I'm an admin in an IT consulting company and we have different companies that use Symantec Endpoint Security Enterprise.

Symantec provides a lot of security for the end user. For example, if I'm going to a website that is not trusted, Symantec will alert me that it's not trusted or it will even block it. It's endpoint security that always gives you alerts about the dos and don'ts before you even get into danger. Some antiviruses will only alert you once you are in danger. With Symantec, you get the alert before you even click on or visit a dangerous site. The detection processes are very good and they have a good notification process to tell you if whatever you are opening or working on is not good for the PC.

I have the solution on my phone and that makes it quite secure. It blocks all ads and malware. Before Symantec, I used to get a lot of ads, especially if I was doing research on the internet. Since I started using Symantec on my phone, it has blocked all of them. And it is connected to my main account on the PC, so it gives me a combined report on whatever I'm doing and whichever sites I've visited.

For us, as an MSP, Symantec is the best for breach prevention. We have been using it for almost two years now and we haven't had any major attacks or ransomware. We are always protected. Previously, before we got to Symantec, one of our clients was attacked by ransomware, but since we deployed Symantec on all our users' endpoints, we haven't had any issues.

In the long run, it has made the security side of our company more solid. Now, we don't battle with viruses and malware. It has helped with our company's growth. Symantec has given us a great sense of assurance and protection. We know that all the devices and endpoints are well secured and that there won't be any major attacks or any damage to them.

The mobile application is valuable. You are able to see the reports of intrusions and the like on mobile devices. That is one of the coolest aspects.

Also, they recently upgraded the solution to provide a graphical interface that gives you an overview of the detections and whatever has been blocked. It gives you a pie chart with a breakdown of whoever is trying to access things.

In addition, it's always running and it doesn't consume a lot of memory, which would slow a PC down.

I have been using Symantec for almost two years. I do the admin part of it for Windows and mobile phones, including installations and reports.

It's very reliable. It's very steady and doesn't give us issues.

The scalability is also 100 percent. Its ability to grow with the organization is positive. It's something that our company wants to use in the long term.

We have used their technical support a few times because we have had challenges with licensing issues. 

You have to go to the support site and log a ticket. They will assign it to an agent and then the agent will call and assist you with the issue. They have always been helpful whenever we have contacted them.

Positive

We were using Trend Micro. We switched to Symantec because the intrusion level is very low and the alerting system is very good. Symantec gives you an alert whenever you are doing something that is not right. You don't even need a techie to tell you not to do this or that.

The setup is very easy, especially when done by email. You just add the end-users information on Symantec and they get an invite via email. Once they get the link they click on it. That downloads the installation file and installs it for them. Our IT team of four people work on it together.

We get the key from a local partner and we apply it on our portal. From there we push the installation files to the users and install them. Then we do the reporting system.

In terms of maintenance, it's mostly cloud-based. Updates are done automatically.

We do it ourselves.

We have seen ROI. It has saved us a lot of money.

The pricing is good, very moderate, and the licensing is also good. It gives you more room to install a lot of endpoints and it even gives you the opportunity to install it on your mobile phone without any extra cost.

The one issue we have is that whenever we buy a license, it takes us to a new tenant. We communicate with our local partners and they give us the license key. Then, we have to go to the portal and apply it, but sometimes it doesn't work. We then have to create a new administrative account and migrate all our endpoints. That is the only major issue we have been battling with. Apart from that, it's fine.

We already had our eyes set on Symantec because it was something that some of our clients had been using.

I always tell my colleagues in the IT space that Symantec is one of the best antivirus solutions that we have used. Most of our clients, before we approach them, use different solutions so we do a test. We put a virus on their PC to see if their antivirus is able to detect it, and we find that it does not detect that there is a virus or an intrusion on the device. Once we install Symantec, it blocks everything and immediately detects that there is malware or an intrusion on the PC that needs attention.

Symantec is the best when it comes to other antiviruses and endpoint solutions in the global market.

Symantec Endpoint Protection is something I would recommend. It's one of the best.

My primary use case is malware protection. I also use it for device control, application control, and more. We are a financial institution.

The stability of this product has improved the way our organization functions. There is little maintenance, and it doesn't take long to install or uninstall. Once it is configured correctly, there is little chance of it failing.

This means that we have more of our technical staff available to work on other problems that occur.

The most valuable feature is the proactive malware scanning capability.

When you are performing simple tasks, it is not as demanding on resources as compared to other security products. This is an aspect that I like.

The application and device control functionality is good. We are able to see which applications are installed using the product management dashboard. This gives us the ability to monitor workstations, including which applications they have in which tabs.

There are extensions available, such as the Browser extension, to deal with specific types of attacks. This helps to protect against hackers. I have tested it with samples and it protects the system well.

The interface is simple to use.

One issue that comes to mind is that there is no way of specifying categories that the firewall should block. It is able to block specific URLs but other solutions, such as Kaspersky, allow you to block access by specifying a category.

It would be helpful if this product provided patch management functionality.

Compared to Kaspersky, the reporting features are not rich. Overall, the reporting capability needs to be improved.

I have been working with Symantec Endpoint Security for between 12 and 18 months.

This is a very stable product. It is the feature that I like most about the product because when we were using other ones, we had failures. With this solution, there is no frequent failure of the components.

For example, in other products that we've used, the virus definitions didn't update and systems were compromised because of it.

We have approximately 3,000 users that are protected by this solution. We add branches and more computers weekly, and we don't have problems doing so.

We were able to easily integrate with Active Directory using the Symantec Manager, so I would say it's very scalable.

As we add more branches, our usage of the product will continue to increase.

We have not been in direct contact with Symantec technical support.

The training and documentation that they provide are helpful. There is a good amount of documentation that helped to provide us with a complete picture of the product. It's nice, neat, and easy to understand.

Prior to Symantec, we used a solution by Kaspersky.

We use other anti-virus products and this one is less resource intensive and more stable than the others. It is also simpler to use.

Symantec Web Security Service (WSS) has some good features that I wish were in this product. Unfortunately, it is another subscription.

It does not take long to install this solution.

Unfortunately, the order that we followed was not recommended. We just deployed and then obtained subscriptions after that. This is not a recommended approach for deployment. However, we have a good partner and a good support team.

Due to our limited bandwidth, we had to install manually rather than use the web-based deployment. This meant that it took us longer because we had to visit each of the physical workstations. In total, it took approximately two months to deploy.

We deployed the solution ourselves. There were seven or eight people io the team and different staff members were given different duties. All of them are system administrators.

We have three people that handle the maintenance. They monitor the dashboard for possible compromises, and our specialists have to use the device protection and application controls.

There are also tasks related to reporting issues that arise during monitoring, including those concerning possible attacks or infections. One of the managers in our IT staff is responsible for updating the definitions that we get from Symantec.

There was an incident where we had problems with a password and we had difficulty recovering it. We contacted our local partner and I think they contacted Symantec. After that, we recovered the password. That was the only maintenance-related problem that we had.

The pricing was one of the factors that led us to choose this product.

That said, I was not the decision maker. I simply proposed it to our manager.

When our subscription to Kaspersky ended, we were tasked with comparing features between different solutions. The three options we considered were Symantec, Kaspersky, and Sophos.

One of the things that we liked about Symantec is the low resource utilization. I am not the person who completed the analysis but I know that the fact it is lightweight was one factor.

We liked the functionality that Sophos provided but the deployment scenario functionality was not useful for the workstations in our environment. It involved deploying the dashboard to workstations in the cloud, which is not our preferred approach.

Kaspersky has richer reporting capabilities. This is an area that could be enhanced in our Symantec solution.

We deployed the product one and a half years ago, and we received training to configure and maintain it. It was recommended that we complete our training in terms of policies, which is something that we also did. Once that was finished, we experienced the stability and good features that the product provides.

This is a product that I have recommended for use in another company. I have been told that after they adopted it, they were pleased with the fact it consumes fewer resources than their previous solutions. They manage it from the cloud.

Currently, I am referring another company to this product and my understanding is that they're going to implement it.

I would rate this solution an eight out of ten.