Symantec Endpoint Security Reviews

Symantec provides an anti-malware solution for our infrastructure, including a host firewall, behavioral analysis, and intrusion prevention. It's an essential compliance component of an enterprise.

We have domestic and offshore branch offices, data centers, and headquarters. We initially deployed it to 2,500 workstations and eventually expanded to 3,500.

Symantec detects malicious software in our environment and provides intrusion prevention. We see the benefits immediately after deployment. Our whole platform benefited from Endpoint Security.

Symantec's detection capabilities are strong. It involves run protection and behavioral analysis.

We had an issue with the Broadcom migration. We had some problems with product support, and the deployment is tricky because it's an on-premises technology. Deploying any on-premises security solution is hard because you have to distribute the software. 

There are also some issues with false positives and minor product issues in terms of usability. It comes back to the support team. If we have product issues, then it should be relatively easy for them to resolve the matter. 

We started using Symantec in 2015 or early 2016. We still use the solution, but we plan to decommission it by the year's end.

Symantec is relatively stable, but it's an on-premises solution, so we need to spend more time on version upgrades and patches. We have encountered some major bugs, which cause DSOD on all our machines during updates.

We haven't tried scaling up because we maintain a stable number of users, but it's fairly easy to add some users to Symantec. It's just like migration.

I rate Symantec support six out of ten. They need more specialized support engineers with advanced knowledge of Endpoint Security. We have several people with experience using the product, so we know the basics already. Also, the resolution speed isn't acceptable.

Neutral

We used McAfee VirusScan Enterprise in the past. We transferred to Symantec primarily because our team has prior experience with Symantec. We also considered its Gartner rating. I believe Symantec is in the first or second spot in the endpoint protection category.

We did the deployment and testing ourselves. The deployment wasn't as easy as we would like. The environment and network are complex. That's why we need to consider different types of deployment. We use our software configuration management and also some standalone solutions. We sometimes use DMZ for manual installation. Those were the pain points of the deployment. It's not one source of deployment that we use differently.

It took around three months to completely deploy Symantec and replace McAfee.
Our deployment team was a combination of IT and security operations. A few asset owners were included, as well. After deployment, maintenance is minimal. 

I don't have any data on ROI, but we get what we need. From the moment we deployed Symantec, we haven't had any incidents coming from an endpoint.

I was not involved in the negotiations, but I believe the price was within the range we expect for endpoint protection.

We also considered Trend Micro and Carbon Black. Symantec's sales team won by lowering the price and adding some features in the package like web security services and Symantec EDR.

I rate Symantec Endpoint Security seven out of ten. I would recommend this product for securing endpoints. Hopefully, their support will improve. 

Symantec Endpoint Security is a comprehensive solution that provides all the packages in one product. The most valuable features of Symantec Endpoint Security are endpoint protection, antivirus, firewall, and policy creation.

The one thing I don't like about Symantec Endpoint Security is the amount of resources it uses.

I have been using Symantec Endpoint Security for ten years.

I rate Symantec Endpoint Security an eight out of ten for stability.

More than 500 users are using this solution in our organization.

I rate Symantec Endpoint Security an eight out of ten for scalability.

I rate Symantec Endpoint Security seven to eight out of ten for the ease of its initial setup.

We implemented the solution through an in-house team. Two to three people can deploy Symantec Endpoint Security in a couple of minutes.

We have seen a return on investment with Symantec Endpoint Security.

Symantec Endpoint Security is a moderately priced solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a five out of ten.

I am working with the latest version of Symantec Endpoint Security. One person is enough for the solution’s maintenance.

Overall, I rate Symantec Endpoint Security an eight out of ten.

It is used for detecting and blocking web attacks. 

It has helped me in providing authentication mechanisms, restricting devices, and blocking global threats. There is about 10% to 15% improvement.

All Symantec Endpoint Protection (SEP) features, such as anti-malware, zero-day attack protection, and IPS features, are valuable.

Zero-day threat and device management or device control can be better. The patch implementation or patch management can also be better because sometimes, they are issuing or deploying patches in old versions.

It should support the next-generation IPS. Currently, it supports only IPS.

I have been using this solution since 2010.

We haven't had any issues with SEP. We have been using it for quite a long time, and it has been stable. It is reliable. We are getting upgrade patches. 

We are also using other Symantec solutions, such as Blue Coat, and we have had issues with them but not with SEP.

It can be scaled up with EDR and XDR extensions. We have deployed it at multiple locations, and we have plans to increase its usage.

Their technical support is fine. I didn't find any issues with that. I would rate them a nine out of ten.

Positive

I used to use Trend Micro Quick Scan. I switched because we were getting some attacks, and Trend Micro was not able to detect them.

It was straightforward. We had around 500 systems, and it took about a week. About three to four people were involved in its deployment. Their roles were engineer, team lead, and admin.

We had a consultant from Symantec for its implementation. In terms of maintenance, it doesn’t require that much maintenance, but it requires patch updates on a regular basis. I take care of its maintenance.

The pricing is as per the environment. If all the features are there, there will be a cost for them. There were no additional costs for me. Support and other things were included in the pricing.

We did a PoC of McAfee, Trend Micro, and other solutions in our environment. Symantec was better. So, we went for it.

I would advise using all of its features, such as IPS. These features are very good. I'm using a lot of solutions from Symantec. I am using SEP, and I am also using Blue Coat devices. They provided us with the entire solution design.

I would rate Symantec Endpoint Security a nine out of ten. It is a nice product.

Our client uses Endpoint Security at a school for antivirus protection. For example, if someone plugs in a USB on a classroom computer, Endpoint Security protects the network from infection. We have around 35 classrooms and eight teachers per class, so that's about 280 people.

The school does not use Endpoint Security to its full potential. The use case is basic. For example, it isn't being used to block stealth techniques. Sophos Firewall handles those kinds of attacks. Active Directory isn't used in the classroom, so the ability to block an AD takeover isn't being used. 

We haven't eliminated any other security solutions by adopting Endpoint Security, but we are trying to consolidate our solutions by installing a new FortiGate firewall and client licenses of FortiClient.

Endpoint Security provides the school with fundamental protection against viruses and other malware. It only covers traditional endpoints, not mobile devices, but we've never had any outbreaks. 

The best thing about Symantec is its ability to control our endpoints from a single point. You can manage the antivirus definitions, upgrades, remote scanning, etc., from one console. 

In four years, we had no reason to switch solutions, but lately, we've found that Symantec is slowing down the machines. They are looking to change solutions. I would like to stop the Endpoint Security Client's scan when the device boots. It slows the machine a lot. The scan should only run when the machine is idle. The scan often happens when the machine is at its peak load. 

I would also like Symantec to add ransomware protection. If a machine is infected by ransomware, it's hard to recover the data. We don't have any data on the client, so we're not overly concerned about that. Still, it would be nice to have this feature if there are any future problems. 

My client has been using Endpoint Security for two or three years.

Endpoint Security is stable. 

Endpoint Security is a scalable tool. 

I rate Symantec support a nine out of ten. I only had to contact them once in ten years, and the support was excellent. They solved the problem in ten minutes.

Positive

We're looking at other solutions. We mainly want something that doesn't experience performance degradation during scans or updates. 

I started to work with this client two years after implementation. I have been managing the solution for a year and a half. I provide them with renewals and updates when necessary. It doesn't require much maintenance. I didn't have to visit the premises this year.

The price of Symantec is on the higher end. They face some competition from a company called Quick Heal, which is much cheaper than Endpoint Security. They offer three years of protection at just 900 rupees.

I rate Symantec Endpoint Security an eight out of ten. My first piece of advice is not to deploy Endpoint Security on traditional machines because it'll slow it down. India is a price-sensitive market. Many companies won't pay attention to the speed of a hard drive. They'll only look at the size. They would rather go for a 500 GB hard drive, even if it is not required, rather than a 256 GB SSD. 

If you want to deploy something over and above your operating system's capabilities, you need to have a powerful machine to handle that. Performance is mainly an issue on devices using traditional drives. The performance doesn't deteriorate by more than two percent on an SSD drive, whereas it is more than 15 to 20 percent on an average drive.

We use it to secure our endpoint, especially with employees working from home.

Our company provides amusement park guest hospitality. This solution helps us with our daily operations, managing the amount of traffic in the network coming from the Internet as well as application updates and passwords. 

It lets us control users and their actions when browsing.

Every month, we do an analysis. This allows our systems to be the most effective with all the changes that need to be done. It gives us a dashboard where we can view four or five key components, like malware protection, exploit protection, network intrusion, behavior analysis, and additions to the firewall. We also do daily, weekly, or monthly analyses based on events. This helps us have a clearer picture of our organization, what is wrong with a security event, and where you need to really focus to prioritize events. For example, if you have a network intrusion on the firewall, this gives a detailed view of your network where you can focus on the right solution, and prioritizing events.

We are using the solution to mitigate security breaches. We are constantly monitoring the endpoint interface dashboard. If there is a breach, it gets isolated. We see those on the report and event logs. We then apply the Application Control feature to take remedial actions.

If there is exposure, we need to investigate the source of the attack, e.g., whether it came from the network or externally. We view the firewall logs, and if there has been exposure, then we use the Application Isolation feature. When there is an attack with on-prem, that system will go into isolation mode, removing connectivity to other internal systems. We also restrict the WLAN part to avoid that system broadcasting to other networks.

It gives us a big picture of our response and remediation processes with one product, which is very good.

The detection and response are quite good. We have a few templated policies that we have created for our entire organization. We have added groups to ensure that if an attack or breach happens, then it can be isolated from our network.

We use Application Control, Application Isolation, Web Traffic Redirection (WTR), and Network Integrity. These ensure that traffic is flowing. 

The device can be outdated. More enhancement of network and discovery would help already great features.

The company has been using it for almost five years.

We haven't had any issues when updating it.

The scalability meets our company's requirements of on-prem and cloud. Therefore, I would rate its scalability as nine out of 10.

We have not yet used the Threat Hunter Team.

I would rate the technical support as nine out of 10. Most things are resolved within a day. Some things have taken a week because they needed to assess the system and what went wrong. Critical assessment of root causes takes about two to three days.

Positive

We have around four to five applications. For example, we are using Oracle Fusion Middleware and ERP in-house for our operations. 

We have also used Sophos, where it took a little time to put policies in place. It is quite complicated and not that user-friendly. We had a bad experience with them.

Symantec Endpoint Security is better because it has other features, like Application Control and Application Isolation, that can be utilized. It gives us complete control of the endpoint, so we can customize our workflow to control security.

We have used Symantec Professional Services for updates and helping to get services properly installed.

Protecting the company data is key. This solution gives a clearer picture of your endpoint, security, and network. These three things are very important for us, which is why using Symantec Endpoint Security is a win-win for us. 

Our detection and response times are very high. Whenever something happens, such as an attack, we are immediately prioritizing it via the dashboard. 

When we go for a product review, we normally do a PoC to understand how the application will scale our innovation before adding it into our pipeline. 

Other solutions have the detection and response feature.

We are currently doing an assessment for VPN parameters, making it more secure. We are checking out that enhancement right now.

We have not integrated our Active Directory (AD) with this solution. We are still evaluating this. Our AD is currently not centralized. Once it is centralized, we will connect it to Endpoint Security.

We do a PoC whenever a new feature is released. They provide training, which helps us to be on the same page.

I would rate them as 10 out of 10.

We have used Symantec for several scenarios depending on a client's requirements. We have used the Symantec solution for host integrity, device control, and communication policies. It has the host integration part where we get the custom option to add certain scripts.

Most of the clients have been using it on-prem, but we are now looking into the cloud or SaaS environment because it would be much easier to manage the infrastructure. Our clients have Amazon AWS and Microsoft Azure.

Policies are very important and valuable for us. We have to ensure the security of the client environment. We have to ensure that there is no tampering, and restrictions are applied to the devices when one uses third-party devices such as storage and pen drives. It has the flexibility to integrate with other devices.

It is helpful in identifying the rogue devices in the environment where we don't have any agents deployed. We can identify them through Symantec. We have also heard that with cloud Symantec, we can do remote deployment through the console itself.

The dashboard view and reporting are valuable. It is stable and easy to integrate, and it provides custom options.

The agent is lightweight, and the response to the known infections with regular updates from Symantec is also valuable.

Nowadays, threats are changing, and they are moving more towards script control and zero-day attacks. So, we would like to have more control similar to an EDR solution. Symantec Endpoint Protection has certainly come a long way as a traditional antivirus, but because the threats are changing, we would like to have more EDR features so that we have a detailed view of the source from where the infection entered the environment and whether it has tried to connect any other endpoint. It should provide such a detailed view for investigation. It should protect against zero-day threats, etc. These are the key enhancements that can make it a complete solution for any enterprise. Currently, we have seen organizations going for two solutions: antivirus and EDR. With both these capabilities, it would be a complete package.

I have been supporting various clients for six to seven years.

It is stable, and that's why I recommend Symantec, especially when it comes to the server environment.

We follow the N-1 process. Whenever there is a new version, we don't upgrade immediately because there can be potential risks. We upgrade to a new version immediately only if we get the recommendation from the vendor or they have fixed any vulnerability or issue that was reported. Otherwise, we follow the N-1 version approach for upgrades.

I have not seen any challenges with the scalability of the solution. I have worked with multiple clients. One of our clients has about 30,000 end users. They are located in eight to nine countries and have about 15 different remote locations.

We have plans to increase the usage of the product, but it all comes down to client requirements. It depends on their environment, its size, and how we want to further enhance that.

Generally, we get a response, and it works, but we have seen some delays or very generic responses. If there is a quarantined file and we need information about what kind of data is there in that file, it takes a lot of time. We sometimes have to escalate to the next level for getting a proper and timely response because it's our client's data that is in quarantine. I would rate them an eight out of ten.

Positive

I have worked with multiple solutions, such as McAfee, Cortex, and CrowdStrike. McAfee has several components, and if any component stops, it impacts the compliance status and puts everything at risk because the definition will not be distributed. Symantec has an edge there because it does not have too many components. Only with the GUP server, we can distribute the definition in remote locations, which makes it easier. It also provides a view of all the GUP servers in the console.

EDR is a different solution. It provides complete visibility and footprint of zero-day and other threats based on the behavior. Symantec also provides that, but it needs more enhancement on the investigation part.

Based on what I have seen and the feedback I have received, its deployment is straightforward. It takes almost a week because it goes through various stages, such as planning, designing, and deployment. It also depends on a client's environment.

The implementation strategy varies, and it depends on a client's environment, such as whether they are a huge organization or whether they have multiple remote locations.

After the deployment, the next stage is doing the configuration, which takes a little while because it involves engaging different departments of a client and doing segregation and restructuring.

It doesn't take more than four to six months for the technology to mature in the client environment. Immediately after deployment, we start making changes to tune the policies based on a client's requirements and define the exceptions. It takes four to six months to have a stable environment.

We have a separate team that does the deployment, but I do share some recommendations depending upon the client environment. After the deployment, that team hands it over to my team for operations, and then we make the changes. So, they do the basic deployment, and we then take over and make the solution mature.

Generally, its deployment does not require more than two people. At the initial stage, they collect and gather information from various sources and proceed with the deployment, and then it takes some time to do the configuration. So, two people are good enough for initial deployment, but when it comes to rolling out the agent to the entire landscape, it takes time. You have to engage various people from different departments. The people involved in its deployment and configuration are administrators and engineers.

It usually doesn’t require much maintenance. We do our regular health checks to see whether the definitions are getting updated or not and whether their replications are working or not. Its maintenance is a one-man job, but the operational activities of the organization generally require two to three people, but the number can vary based on the size of the environment.

Our clients have certainly seen an ROI. They have been using the solution for a long time. They don't want to switch from one solution to another, and that's why we recommend the most stable ones to them.

Pricing is handled by a separate team. Whenever a new client asks for a recommendation, we provide it, but they deal directly with Symantec or other vendors for the pricing.

You should first understand a client's environment in terms of:

• What does the client environment look like?
• What is the size of the environment?
• What are the features they are looking for?
• What is the criticality of their environment?

All these aspects are important. At times, we have seen that clients just ask for the best solution, but they don't have a vision of what would make a solution best for them and what are they expecting from it. They should summarize their requirements, and accordingly, you can propose how Symantec can meet their requirements.

Overall, I would rate it a nine out of ten.

The main use case is to scan vulnerabilities on our endpoints. We need to make sure that our antivirus software is up to date. We need to ensure that patches on our workstations are up to date and that we can scan through folders and files to detect malware.

It's very good. Most of the clients are using this solution. It's able to protect workstations from threats, malicious files, and malicious USB drives. It's able to protect business-related files on the workstations. If you have an environment where you need to protect critical files from threats, it's a good solution.

It also defends us against the latest sophisticated attacks, such as key-finding attacks and spyware. It provides protection against threats, spyware, ransomware, malware, etc. It's pretty good at that.

It provides a single pane of glass. You can see everything through the dashboard. It's pretty good.

It has improved our security posture. It protects us from attacks outside, and it protects our files. It also prevents the corruption of files and secures our critical business-related files.

Symantec Endpoint Security is easy to use, fast, and good for small and medium-sized businesses.

Unlike other AV products, such as Norton, Symantec Endpoint Security doesn't use many system resources.

Its GUI needs improvement. It's good, but it needs to be improved in terms of management and reporting. Its reporting features aren't straightforward.

We've been using the solution for around five years. 

It's stable.

It's scalable. One of the clients has 50 users and another one has 10 users. It's good and pretty fast. It's being used at multiple locations.

It's very easy to increase the number of endpoints. You just need to purchase more licenses. If you have more users, you need more licenses.

We have plans to increase its usage.

I'd rate them an eight out of ten. We had to raise an issue only once, and it was resolved within hours.

Positive

We have other endpoint security solutions. We bid for many companies. We check what the client wants to achieve, and we also take the price into consideration

Generally, Symantec can provide all the features that our clients commonly require. Its price is also good compared to other solutions such as Cisco AMP. Cisco AMP is very expensive. We only deploy it at the airports.

We have different test cases to show how effective it's against different types of malware, corrupt files, malicious files, etc. It works pretty well. We are happy with it. It's able to detect and stop all types of malware. We also tested it to see how it treats benign files, and it works pretty well.

It's simple to install. Its deployment is easy. It takes two to five hours. You need an antivirus server. You can directly download the antivirus client on your PC from there and then you just click next, next, and next to install it. 

We have seen an ROI. Based on the service that you get in return, it's definitely worth the money. 

It's pretty awesome price-wise. That's why we give it to most of our clients. It isn't very expensive.

Compared to Cisco AMP, which is very expensive, its price is okay. It's also cheaper than Malwarebytes.

The license that you purchase lasts a period of time. After that, you again need to purchase another license. Otherwise, you will not be able to get support from Symantec every time you have issues.

I've not used it on mobile devices, but on workstations, it's awesome. You don't require any other antivirus solution. It's simple to install. It works very well in the Windows environment. You don't need to install anything else. It provides any type of endpoint security, including USB protection.

If you have a critical network environment and security is very important to you, you can consider this solution. It can offer you the level of security that you need. It can provide what you are looking for in terms of endpoint protection.

It's very good for a small or medium organization. If you have a very large environment, you can consider other alternatives, but for small environments with 50 users, it works very well. For bigger environments, such as airports, we use Cisco AMP.

It hasn't as such saved time when responding to issues. Sometimes we have issues where the user isn't able to use the system until we resolve the issue. We have had cases where the issue got resolved immediately, but sometimes, we have had issues that required opening a case with them or intervention from the administrator.

Overall, I'd rate this solution an eight out of ten. 

We use Symantec Endpoint Security as an antivirus solution to protect our servers.

The product has valuable features for insights.

There could be definition updates installed and running for the product, similar to new EDR solutions that receive updates from the internet. We still have legacy concepts where clients have installed definitions themselves. It could be more effective. Additionally, the memory usage by the product could be reduced.

We have been using Symantec Endpoint Security for ten years.

I rate the platform’s stability an eight out of ten.

We have 13000 Symantec Endpoint Security users in our organization. I rate its scalability an eight out of ten.

The technical support team’s response time is slow.

The initial setup process is easy.

I rate the product's pricing a six out of ten.

I rate Symantec Endpoint Security a seven out of ten.