Symantec Endpoint Security Reviews

My use cases for Symantec Endpoint Security are checking compliance, installation upgrade, working on alerts generation, policy changing, policy management, and exception management.

What I appreciate most about Symantec Endpoint Security is that it's easy to manage compared to other tools I have worked with, such as minimal endpoint security, McAfee, and CrowdStrike. It's easy to manage, but regarding security capabilities, it's not as robust as CrowdStrike or endpoint detection and response. Since I know the ins and outs of the tool, it has been easy for me to manage.

Regarding areas of improvement for Symantec Endpoint Security, there are many changes, and the support portal tool is complicated compared to other tools. When trying to get service from Symantec, the process is complex. I'm not sure whether it's because of my project or something else.

Though it is easy to manage, easy to get, easy to install, and works efficiently for managing policies, we faced a significant disadvantage. We wanted to add multiple hashes because of numerous new alerts coming, but we could only add them one by one, which is a considerable disadvantage in Symantec.

I have been working with Symantec Endpoint Security for almost three years, and in this project, it has been implemented for more than seven to eight years.

The performance and stability of Symantec depend on the server we are using and the number of users. Recently, we moved everything to CrowdStrike. We were managing a minimal number of devices, approximately 2000 and a few hundred devices, which was manageable.

Previously, we used to have multiple servers such as GUP servers and numerous servers for pushing updates, but we reduced it and transitioned almost 30,000 devices to CrowdStrike, which was easy to manage. Initially, it was also manageable based on the number of servers we had.

The scalability of the servers is good, as it requires computational powers. However much power we provide, it utilizes it effectively, so that depends on the number of users.

When comparing Symantec Endpoint Security with other solutions, I haven't worked extensively with different ones. When I worked with two endpoint securities, McAfee and Symantec, Symantec was easier because I had been working on it for a very long time. McAfee was somewhat different for me, so Symantec was the preferred solution when I was working with it.

I am only managing Symantec Endpoint Security and compliance, so I'm not sure about the pricing details.

When I first started using Symantec, it was easy for me. However, for somebody who doesn't have experience with the product but has technical skills, it may be challenging to learn how to use it.

On a scale of 1-10, I would rate Symantec Endpoint Security a 7. If you had asked me two years ago about the overall score for the tool, I would have given it a 9, but now, since the tool is somewhat outdated, I rate it lower.

Symantec Endpoint Security is primarily used for malware protection in our environment, which comprises approximately 2,500 machines. We mainly use it for antivirus and threat detection purposes.

In our daily operations, Symantec Endpoint Security supports business-as-usual activities such as generating reports, applying updates and upgrades, and managing deployments. We also use it for exclusion management and policy configuration.

In my day-to-day work, I can view detailed file information, including file creation data and other relevant attributes, directly within Symantec Endpoint Security, allowing us to collect and analyze these details as needed. The platform significantly assists us as an antivirus and SOC investigation tool, providing substantial value in our security operations.

Symantec Endpoint Security positively impacts our organization through its behavioral SONAR technology, which stops ransomware by restoring affected files within minutes—saving more than 20 hours of recovery time compared to other tools like Trend Micro, which require much longer for remediation. Our compliance audits consistently achieve a 98% pass rate through automated reporting, and false positives are automatically reduced when policies and rules are properly configured.

Symantec Endpoint Security also delivers significant time savings, as its automated response features greatly reduce the daily workload for the L1 team. The ongoing development of automation processes and rule creation continues to minimize the time required for L1 tasks.

The best feature of Symantec Endpoint Security is its effectiveness in malware protection. Its malware protection capabilities stand out due to their ease of management. Although multiple tools assist in this process, managing them all can sometimes be challenging. In terms of malware protection, Symantec Endpoint Security performs well, and its mechanisms, tactics, and techniques are effective.

Symantec Endpoint Security offers robust features such as advanced reporting capabilities with a customizable dashboard that integrates EDR timelines, threat maps, and compliance metrics into a single view. Additionally, reports can be exported to PDF or CSV formats, making reporting one of its strong points.

It also provides comprehensive device control features, which block unauthorized USB devices and support whitelisting. This helps prevent data exfiltration and phishing scenarios without disrupting user workflows.

Symantec Endpoint Security could be improved by optimizing its resource usage on endpoints, as it can sometimes be heavy on system resources. Additionally, Symantec should enhance its dashboard and adopt features similar to those offered by competitors like CrowdStrike and Trend Micro, which are evolving rapidly. In comparison, Symantec Endpoint Security’s dashboard feels outdated, and while some mechanisms still function adequately, they could benefit from modernization and refinement.

I have used Symantec Endpoint Security for almost four years, specifically using Symantec Protection Engine and endpoint security.

Yes, I've used Trend Micro Deep Security, CrowdStrike Falcon, and Microsoft Defender extensively. I've also architected integrations across numerous other tools in our hybrid environment.

Straightforward

consultant

We evaluated CrowdStrike Falcon, Microsoft Defender, and Trend Micro Deep Security head-to-head before picking Symantec Endpoint Security (SES) for our 6k-endpoint fleet—SES won on single-agent simplicity

I recommend others to consider using Symantec Endpoint Security, as it fits well within budget and meets the requirements of most environments. It is a good alternative to the more expensive options like Trend Micro and CrowdStrike. In terms of malware detection, Symantec Endpoint Security performs effectively and is user-friendly for investigations. However, I would deduct points for its dashboard and some of the auxiliary tools. Overall, I rate Symantec Endpoint Security an eight out of ten.

I use Symantec Endpoint Security for protecting my company's email and overall system from hacking and security threats. The solution is vital for maintaining the safety and advice on our security infrastructure.

I use the solution primarily for scanning and identifying threats, which is essential in determining the percentage of resources used, such as CPU and hard disk. It's important to balance resource consumption to maintain operational efficiency. 

Furthermore, the incident response capabilities allow me to resolve authentication and support issues promptly, ensuring the system operates without downtime.

I would like to see improvements in the scanning part of the solution, specifically to enhance the CPU and hard disk usage during scanning and updates to prevent disruption during work hours. 

Additionally, the speed of scanning and updates should be faster to avoid affecting daily operations.

I have been using Symantec Endpoint Security for around six to seven years.

Symantec Endpoint Security is very stable, and I would rate it ten out of ten for stability.

The solution is highly scalable, rating nine out of ten.

The technical support can be inconsistent. In some cases, it rates as high as ten out of ten, while in others, it can be as low as eight, indicating a need for improvement in technical support quality and consistency.

Positive

Before using Symantec, I used McAfee and Kaspersky.

The initial setup was easy, taking only a few minutes.

Only one person performed the installation.

Symantec Endpoint Security provides financial satisfaction. There are no significant issues financially, and the pricing is fair compared to other companies' offerings.

I rate the pricing, setup cost, and licensing around nine out of ten. We are satisfied with the financial aspects.

Previously, I evaluated solutions like McAfee, Kaspersky, and another unnamed solution before deciding to switch completely to Symantec.

Overall, I would rate Symantec Endpoint Security nine out of ten, and I am able to recommend this product to others. The solution is effective and offers good value for its pricing.

Negative

Neutral

I use Symantec Endpoint Security for its endpoint detection and response capabilities. It is primarily used to scan for malicious and suspicious files and application control. We have policies for weekly and daily basis scanning.

Symantec Endpoint Security offers many valuable features, such as file explosion, application learning, DLP, injection detection, and EDR solutions for traffic control. 

The platform provides traffic scanning, system scanning, malicious file scanning, troubleshooting, and EventViewer facilities. The tool is easy to deploy and operate.

The areas that need improvement include scanning issues, application control issues, and the detection of malicious files. Device management is not very good and I am not enabling it in my organization due to security reasons.

I have used Endpoint Security for five years.

Symantec offers high stability.

The solution has high scalability.

Customer service and support are very good, rating ten out of ten.

Positive

Symantec was very good at its time, but due to issues with detection and scanning, we are considering changing to another platform.

The initial setup was easy for me.

The pricing is very low compared to other companies like SentinelOne and others. Sentinel is more expensive than Symantec.

Symantec's solution rates eight out of ten. 

While it provides great features and stability, we find SentinelOne to be better, especially for its console operations, security scanning, and detection.

Symantec Endpoint Protection has an antivirus with anti-malware and application control capabilities that we use to protect assets like servers, workstations, and ATMs. There's a central management server we use to manage all the endpoints, regardless of the categories, and we install an agent on all the endpoints that reports to the management server. 

If I want to check the status of any asset, I need to get the details like the IP address and the hostname of the system. The management server will give me the current status. I have three different kinds of agents on the endpoint that I can use to control access. 

The agents for the ATMs and servers aren't as heavy as the ones for workstations. It's a stripped-down version that removes some of the components and add-ons that are not part of the endpoint protection engines, so the agent is lighter and can be deployed faster. The activities on servers and ATMs are dynamic, so the antivirus must also be very light. To centrally manage the antivirus, I have to set up distribution points because I have more than 14,000 endpoints altogether distributed across more than 250 branches in Nigeria.

I set up distributional points on systems and ATMs. The ATMs are always on the network because they're connected with other points at every branch and location. I need them to be distribution points. When I need to send a file to update all the other systems, I send it to these distribution points. These distribution points in Symantec record the data needed to update all the other systems 

Let's say I have two different locations. I will have the updated data at location one, and I have other data at location two. These different locations have their own IP subnets, so I will configure the update data so that the IP within that subnet can talk to it and no other IP outside the subnet. This one makes ensures my assets, ATMs, workstations, and servers can update as soon as possible.

I'm always compliant. The servers in the data center don't need to talk to any distribution points. They talk directly to the management server to get the updates regularly because the servers are always on the network at the data center, the workstations that people shut down at the end of the day. Any time people connect to the network, the system will update automatically. That is the normal architecture for Symantec.

Symantec centralized our intrusion detection system while creating additional layers of security at the endpoint level. We're not relying on the central intrusion detection system. It gave us more value than expected. 

The solution also helped give us visibility into compliance within our whole system and ensure everything is updated. I can tell you the number of outdated systems from the same management server. In the same console, I can remotely trigger an update on any system. Symantec offers more flexible administration than other solutions. Most other antivirus products get updates directly from their portal, install them on the management server, and all the endpoints pull the update from it. Sometimes, an endpoint may not update. The update might be on the endpoint, but the system will still not pick up.

Most other antivirus solutions can't do a workaround like Symantec, where you can download the JDB file from the portal and copy the file to a specific path on the problem system. You don't even need to install it. Once you drop the script into the system, it will run automatically. After 20 to 40 seconds, the system will be updated, and the status will turn green. 

Using distribution points is also a game changer because it has saved it. Symantec considers that you may have bandwidth issues in this part of the world. You can leverage the update and push the file through locations with inadequate bandwidth. When you push the file through, the update can pull the data file and distribute it across the other endpoints.

Having this flexibility makes the solution easy to use. You can also segment the systems according to assets. It lets you classify servers, ATMs, and workstations separately. You can have different versions because of the flexibility. You can remove some components before generating the agent you are installing on the endpoint. 

I get around 95 percent compliance, meaning that 95 percent of the systems are up to date at any time. I also want to take it a step further to achieve around 98% because I have discovered some systems are not updating.

Then there is another file called the JDB in Symantec that I download regularly and distribute across all the ATMs, which I use as my distribution points. I will run a script to pick this JDB file and copy it to a specific path on all the outdated MAA workstations to update them automatically.

Overnight, I usually copy the script to all 256 distribution points across the nation. The next day, I will run another script that goes to the specific distribution point, acquires the JDB file, distributes it to the list of data systems I have prepared by location, and copy the file to those computers. They will be updated automatically. 

That has been fully automated. I download the file every day at the close of business. It is shared through a script that is already automated across the distribution points the following day at 9:00 am because it's expected that people will resume work by 8:00 am. By 9:00 am, I expect every system to be on. The outdated systems will be targeted with the JDB and updated. 

What I like most about Symantec is the intrusion detection module. If you are scanning the environment, it will flag a possible intruder and tell you the IP and where the attack is coming from. Traditional antivirus solutions will never flag that. If you have a traditional SIEM, you might be able to pick that up. Symantec is a holistic endpoint security solution, so when you scan an endpoint, Symantec will let you know that something is happening to it.

Once, there was an unauthorized scan of the environment, and I immediately discovered multiple systems were accessing it. A message will pop up saying that an intrusion was detected scanning from a particular path. We need to check directly because there are multiple similar IP addresses we have to block on our firewall, so the IP cannot access our system again. We've been able to contain attacks using Symantec in the past. It's highly effective.

Another valuable add-on is application control, which I use to prevent some applications from entering my environment. You can block any program installed with the same fingerprint. If the software isn't aligned with the environment, Symantec will stop it automatically. You don't need to buy a different solution, like an app blocker, and deploy it in the background. 

Symantec's application security module needs some improvement. You need to create a lot of fingerprints for application security. For instance, let's say I have different brands of ATMs in my environment, like Wincor and NCR. I use GRG to deploy an application control to whitelist some applications. I have to get the exact image of the different models of ATMs. When I tested in the past, some machines would not connect to the server without that. 

Only the approved software on the ATM should run. Anything outside that should not even come up at all. We did this so that an outside person doesn't introduce malicious software to the ATM. That's the essence of locking down with application control. Using Symantec for application control has been hectic, so I use Carbon Black to do the lockdown.

Checking that data security will work fine with Carbon Black. Carbon Black worked fine. Setting up approval in Carbon Black works differently than Symantec. In Symantec, we first need the fingerprints of the applications running underneath. Before setting up Carbon Black, you first install the agent, allowing it to learn the environment. It will analyze all the software's behavior and provide recommendations for what should be allowed. It's more straightforward, whereas configuring application control in Symantec is a bit cumbersome.

I've been using this solution since 2014. Before joining this bank, I used Symantec at another financial institution, so I'm well acquainted with the solution. It's taken care of many aspects, especially the endpoint, regarding the environment's security.

Endpoint Security is stable.

When you put it on servers and there are performance issues, you can always check the endpoint that's using the most resources and allow that part to not be scanned. 

Symantec has the scalability and flexibility to work in line with what the customer really wants. Some parts of a server are not meant to be scanned. You can still monitor it and get reports. From there, you can decide if it should be excluded. That is one thing I like about Symantec.

I rate Symantec support an eight out of ten. They are pretty solid in terms of technical know-how and support. My only complaint is the process of handing off between two support engineers. Whoever takes over will ask you to start from the beginning. There isn't proper documentation of the call and communication between engineers. 

Let's say you have made 60% progress toward resolving your issue. Whoever takes over from that engineer should be able to pick it from 60% and drive it to 100%. In most cases, the new engineer may even take you back down to 20%. It wastes a lot of time. 

Positive

I use Symantec alongside other security solutions. For example, I don't use Symantec's Global Intelligence Network. I use a different threat intelligence platform called Mandiant in my environment. I also leverage Microsoft for threat hunting. I don't use Symantec for threat hunting.

In the past, I tried Data Center Security on our servers, but since the normal ICP works for us, we did not decide to use it. I tested the features because I was looking for a solution that can lock down some of my legacy systems. During the POC, I compared it with Carbon Black, the solution I have. Carbon Black does a better job and it's cheaper. 

I have a separate solution that I use to manage mobile devices. I'm not using Symantec. There's a solution called Sandblast Harmony that is an add-on for Check Point, which I use as a perimeter firewall. This is a solution that was deployed with it, and I have Sandblast on all my mobile devices.

Before you can install anything like office mail on your mobile devices, you need to be onboarded on that platform before you can set it up. If your device does not have Sandblast installed on it, you won't be able to proceed with the setup. So I don't really even use Symantec to protect my mobile devices.

Setting up Endpoint Security isn't complicated. You need to set up a management server to install the agents, then provide the permissions to the appropriate IPs to acquire the update from Symantec. After that, you set up distribution points for the updated data. It's not something that can be completed in a day. For instance, if you have 200 locations, you can set up three or four daily. It depends on the criticality. That's why you deploy distribution points.

If you are operating a centralized approach, all the workstations, irrespective of the location, can pull the updates from the management server and be managed centrally. However, because of bandwidth challenges, some cannot go to the server and pull the updates. 

You have the flexibility to determine the components you want to generate. For instance, you can have different agents for workstations, ATMs, and servers by selecting the specific components you want to include. Everything is coming from the same management server. When it's time to update, you can do a workaround by leveraging the JDB from the Symantec portal. You must push that JDB  file to a specific path on those affected systems. It will execute and update automatically.

There's a return on investment.

Symantec is one of the major players in that space, so the licensing isn't as cheap as some other antivirus products like Trend Micro. It's reasonable but not the cheapest. Any entry-level Symantec user is coughing up a lot of money compared to the other antivirus software. 

Windows Defender is practically free for customers. When you have the option of using Microsoft Defender, and you look at the price of Symantec, the gap is wide. Trend Micro is a bit closer, so competitive pricing is something Symantec may also need to consider. 

I rate Symantec Endpoint Security a nine out of ten. I use Symantec for multiple endpoints like ATMs, servers, and workstations, but I think Symantec has evolved. They have some specific solutions for ATMs and servers. Generally, I would recommend only using Symantec Endpoint Protection for workstations. For your server, you should deploy different solutions. 

When deploying the solution, you should consider each location's bandwidth limitations. You will also need to implement quality of service on the network so bandwidth utilization is prioritized. For example, you might need to schedule workstation updates during off-peak hours. 

If it is not managed correctly, all the computers might update simultaneously during the peak period, affecting the whole environment and causing service issues. The proper time for updates should be appropriately identified. In my case, we update around 3:30 pm because we close at 4:00 pm. My peak period is between noon and 1:00 pm, so none of my workstations will update at that time. 

In one of our client's environments, they need securing of their Active Directory. The solution is the only product with a separate feature to secure Active Directory as part of Symantec Endpoint Security Complete. The client was also looking for an automated endpoint detection solution. That's why we went ahead with it.

The very comprehensive machine learning platform has been very helpful and we have been able to prevent most attacks and detect and respond to those threats within minutes.

The reaction time for any incident has been reduced drastically. When there is an incident, the EDR engine is based on AI/ML behavioral analytics. It takes direct action and remediates the infected file, isolating the endpoint, and establishing communication between the endpoint and Symantec's threat-hunting SOC. It submits the file automatically, meaning that no manual intervention is required. If there is an attack on a weekend, we can completely rely on Symantec, rather than needing someone to manually upload these things.

Most of our incidents, no matter what has occurred, are automatically addressed. This has reduced our efforts and the time we spend on incidents. That has a direct impact on our business operations. It has improved the efficiency of our operations.

The major benefit of having Symantec's API is that you get access to all the methodologies and mechanisms, and it's accessed in a single dashboard. That makes it a one-stop solution, where you can have everything integrated. It also helps us in orchestrating and correlating our security incidents.

An added benefit is that if you have it integrated with your ticketing system, tickets will also be triggered. You get an SMS alert or an email notification, but that's a secondary thing.

The solution has helped organizations enhance their security posture considerably. We haven't faced any breaches so far, meaning we have been protected adequately. We actively perform quality assessments, penetration testing, and we do forensic analysis. In addition, we have third-party SIEM software monitoring all our assets on a day-to-day basis and they haven't identified any anomalies. That means that Symantec is protecting us well, and we have implemented it and been running it for the last three-plus years for multiple clients.

The most valuable features include the

• Active Directory security
• application controls
• endpoint detection and response.

Whenever there is an issue with respect to Active Directory, Symantec identifies the issues and tries to create a signature to mimic the Active Directory-related attacks in their backend labs. They obfuscate the request going to Active Directory. Even though there may be an issue with patches still not being updated by Microsoft, we have compensating control to prevent those kinds of attacks from happening. Once Microsoft releases patches, we immediately implement them. But until then, Symantec will prevent Active Directory compromises.

And, in some cases, the architecture itself is an important feature because Symantec is one of the very few endpoint services that provides an on-premises management system. Currently, most antivirus and protection providers operate entirely from the cloud. That's a differentiating factor with Symantec. This is very critical in an instance where you should not have access to the internet, or you wanted to have it on-premises. In those situations, Symantec is the go-to product.

In addition, for threat hunting, the API is integrated so that we get real-time updates. The threat-hunting is excellent. They're one of the largest civilian cyber intelligence networks. Symantec was an early starter with respect to threat hunting. They have a global SIEM and a global threat-hunting team. They have custom, built-in tools, and their own threat-hunting intelligence mechanism. We completely depend on Symantec's threat-hunting methodology. We have no complaints so far, and it has been an excellent experience working with their threat-hunting team.

Most incidents come through machine learning. In one or two cases we might need the experts, but most of our issues are known. They have a very good AI/ML engine. Based on the signature or the anomaly, when something is detected, the object that is compromised is isolated and we get an immediate response. A link is then initiated between the infected device and Symantec's threat-hunting team.

Symantec is one of a very limited number of products that supports the entire gamut of devices. It is not only Windows devices that it covers but also mobile devices, Mac, Android, iOS, et cetera.

In a few cases, when we enable the IPS/IDS feature, there are performance-related issues on the end devices. If we run quite a few features of Symantec, especially the IPS/IDF, it consumes a lot of processing and memory capacity. We would like to enable all the features, but doing so should not have a direct impact on the performance of the system. If they can come up with an agent that consumes less memory, that would be a great enhancement.

Also, Symantec is not being promoted from a marketing standpoint. I don't see any promotions for it. There are no road shows, marketing efforts, training, or anything organized by Symantec these days, at least in my region. The product is good, but if you're not marketing it people think "Okay, we haven't gotten any updates about the product." We need to have more road shows and promotions, and we need to have people trained in the technical aspects to gain market share.

I have been using Symantec Endpoint Security for about four years.

We don't have any issues with respect to its performance, in general. I rate the stability at nine out of 10.

It is on the cloud so scaling up is not that difficult. I would rate it a 10 out of 10. It's been helping us for the last three years. We have definitely been growing and Symantec has grown along with us.

Because the threat hunting is done by AI/ML, we have only had to reach out to support when there is an issue. If we write them an email, we get responses promptly.

Positive

We are actively using other solutions aside from Symantec because we cater to different clients. We have used CrowdStrike, Sophos, and Palo Alto XDR to name a few.

We have multiple architectures in place. A few of our clients use it on the cloud and a few have a hybrid with on-prem. The cloud-based setup is very straightforward. Once we create the account, it doesn't take more than 30  to 45 minutes for us to get the setup done.

The steps involved for a cloud instance are that an account is created, the agent is downloaded, and you probably have to push the agent to different systems. That can be done via different means and depends on the number of client machines. We can push it via SCCM or other modules or can push it manually from the central drive by having end-users download it. The process is seamless and we have been able to install Symantec on at least 150 machines within three hours. We had three resources deploying the agents on those machines in parallel.

We do regular preventive maintenance as part of our managed services, but with the cloud instance, we have never had any issues. It is on autopilot. What we do is that we regularly check for threats and whether the threats have been quarantined. We download the daily and weekly reports. The maintenance is done by one person.

We have definitely seen a return on investment. In our clients' environments, we haven't faced any downtime because of ransomware or malware attacks. That itself is a good 30 percent return on investment.

And when it comes to employees' time for detecting and responding to threats it has saved them about 50 percent. They never spend days off or weekends working. There is no need to have anyone attend to this set of problems. If the system is up and we have EDR running, it takes care of everything, from isolating the devices to quarantining the file and uploading the file back to the Symantec backend SOC. Everything is automated and it's seamless.

The pricing is pretty much at the market standard. I don't see any issues with it. It depends on case to case. Symantec is not that cheap and it's not that expensive compared to CrowdStrike. I would put them in the "middle block."

When compared to other solutions, I would give Symantec Endpoint Protection 4.5 out of five. It has interesting features, starting with Active Directory Security. There is no other endpoint solution that will help you in preventing lateral-movement attacks on Active Directory. And Active Directory is one of the more critical assets within an organization. Nine out of 10 organizations use Active Directory, and it is so often a targeted asset. Symantec is the only product that has Active Directory security.

Also, it enables us to have a hybrid architecture in which we can have Symantec Endpoint Security on-prem and integrated with the cloud. We can also have the API integrated into our SIEM and SOAR.

We have been using other endpoint security products as well. The advantage of Symantec is that you don't need a separate product to protect your assets such as Linux or Android. It's equivalent to Intune where we can have a single dashboard and have all devices onboarded. 

On top of that, with Symantec, we have application control and DLP to a certain extent. It means we don't have to have multiple products running in the ecosystem. It acts as a consolidated solution with multiple features and functionalities. This reduces the costs and resources that you would need to manage different products. When you have different products, it leads to cumbersome processes and it is very complex to manage infrastructure. Having Symantec on the cloud makes endpoint protection seamless. We can download the agent, run it, and we are up and running within 30 minutes.

I would recommend it, but you should do a PoC. Every use case is different, so I would definitely recommend seeing whether it blocks legitimate traffic or a legitimate application or process.

There is a famous saying that only 40 percent of organizations know they are being hacked. The other 60 percent are not aware that they are being compromised. A product like Symantec would certainly enhance the security posture of an organization. It gives senior management pretty decent confidence they have a robust and scalable product with a purpose. We are approaching mitigating 99 to 99.5 percent of attacks from happening. Having said that, other threat-hunting and endpoint detection and response platforms will enhance the overall security posture and drastically bring down the risk level of the ecosystem.

I mainly used this solution for antivirus and firewall protection for PCs. We wanted to use this solution because we needed virus protection. My company was a reseller of this solution.

The solution was deployed on-premises.

There were a couple of small-scale environments of four to 10 machines. The larger enterprise environments were up to 400 workstations and 120 servers.

This solution reduced downtime and increased productivity by reducing the sluggishness on machines when they get infected with viruses.

The scheduled scans and the active protection were the most valuable because they allowed me to have the systems protected in real-time and also be able to schedule scans so that as new definitions would update, machines could be scanned to make sure that everything was in tip-top shape and there was nothing lurking in the background.

The malware and ransomware protections could be improved, which was ultimately the reason why I stopped using the solution.

I had three different clients, and between the three of them, they were hit with ransomware five times. It spread throughout their entire organization. Symantec Endpoint did nothing to stop it, slow it down, or prevent it, so I had to go out and find a different solution.

I used this solution for about 18 years.

Scalability wasn't an issue. It functions and performs well in all environments, from small environments to large enterprise environments, including just medium-size businesses.

On the rare occasions that I needed to call technical support, they were top-notch. I would rate them nine out of 10. There's always room for improvement, but it was pretty close to perfect.

The initial setup was really straightforward. We'd load the software on the server, link it with ID, and give it to the OU groups that we wanted to deploy the agents. We pushed out an agent installed to the machines, and then kept the agents up to date. 

We had a centralized console screen that allowed us to look at the progress and check the point in time to see the stats of any of the machines. We were able to configure it so we could set thresholds for email notifications if we had certain machines that fell outside certain update standards or if there was anything that got flagged during auto protection scans or scheduled scans of machines.

I've also deployed it in smaller environments. They were standalone clients and not a server-client model.

The solution didn't really require maintenance. There were routine updates to the application whenever a new version of the application came out, but I never ran into any issues with installs and pushing the updated agents. It was always seamless.

I was the consultant.

I saw a return on investment with reduced downtime if there happened to be a number of machines that had to be rebuilt due to viruses. 

Before the implementation of Symantec Corporate Endpoint, I had a client that needed 20% of their machines to be rebuilt every six months due to virus concerns or extreme sluggishness with the machine. Once the Endpoint protection was deployed, that was cut in half.

I thought the pricing was reasonable.

I previously worked with McAfee, Kaspersky, and a couple of others, but computer threats were much different in 2003, and people were mainly worried about viruses. Compared to other solutions at the time, Symantec seemed to have more reliable and faster releases of definition and would update files when new threats were discovered.

They all basically had the same functionality, but the most striking difference that I found in the evaluation process was Symantec's definition update process was quicker and more reliable. They would sometimes have the definition deployed 24 to 36 hours before some of the others. Kaspersky was always a good four or five days behind Symantec on virus definitions. They usually averaged about 12 to 14 hours ahead of McAfee.

I would rate this solution nine out of 10. While I was using it, I had a very favorable opinion of it.

For those who are evaluating the solution now, my advice is to find out the reported percentage of ransomware attacks that have not been caught by the system that has been allowed to matriculate through the system or through networks.

The biggest lesson I learned from using this solution is that having virus and firewall protection, virus definitions, and updating files, is not adequate protection anymore. There needs to be some AI-type component that is doing real-time analysis worldwide on the emerging threats because a simple virus is not the biggest threat to computers nowadays.

We use the solution for our endpoint security. It's our compliance requirement to prevent virus attacks and ransomware attacks. However, it's unmanaged and not like a top competitor to CrowdStrike.

The solution's reporting could be improved. The solution could have better integration with other services.

I have been using Symantec Endpoint Security for one and a half years.

I rate the solution’s stability an eight out of ten.

More than 5,000 users were using the solution in our organization.

We were using the signature deployment, which is not easy.

Symantec Endpoint Security is an expensive solution.

Given the number of alerts and the variety of attacks we get, we will require AI capabilities for threat detection. Around six to seven members were involved with the solution's deployment and maintenance. I wouldn't recommend the solution to other users unless it is updated.

Overall, I rate the solution a five out of ten.