Symantec Advanced Threat Protection Reviews

Overall, the product supports everything already. Feature-wise, because it has something like email protection, monitoring detection, network intrusion detection, it has advanced threat protection.

The administration interface needs a lot of improvement. It should be UI-based and simple. They need to improve it. It's not that friendly compared to what we were using at BitDefender before. It's okay but is improving, actually.

Stability-wise, it's okay. We're not really facing any issues at the moment. It's doing its job, it's detecting things and it's reporting it to us, so it's pretty much right on doing that. We did face some issues with applications being blocked, but that's an actual feature of the AV itself so it's not really a problem. Stability-wise, it's okay.

We haven't added any actual features but we counted on having around 2,000 licenses on it. We're licensed for 2,000 users, so it detects everything. If an agent is connected to the manager itself or the to server, it automatically detects the license so we don't really have to do anything on that end. We would know right away how much is being used and how much we need to scale. We are also using this solution for our servers, so around 150 servers and the rest of the licenses are for end-users. We have it installed on most of our workstations now.

Technical support is very responsive. You just have to open a ticket. They respond in a timely manner. Their response is good. I'm satisfied.

We previously had BitDefender and we have been using it for our advanced protection. We decided to change because we didn't have any product updates from them. We were looking for what upcoming features or additions that they could offer to us, but they didn't, so that's why we tried to search for a better solution that would actually cater to everything. We wanted just one agent that supports multiple endpoint protection like malware, SONAR or network intrusion, advanced threat protection, behavior analysis. Just one agent for everything. We didn't want multiple agents so that's what we were looking for, and we switched.

The initial implementation was a little bit complex because you have to set up a lot of databases and connectivity between the databases and it's tricky because it's Windows-based. If it could have been a Unix or a Linux based, it would have been pretty straightforward, it would have its own database and everything.

We had the help of a partner during implementation.

Overall I can recommend the product. It's pretty much the best for protecting from intrusions or other malicious items that are coming from the endpoint and the servers. If you have the ATP software, it will actively seek out whatever is being affected inside it because it has PFM threat protection enabled for it. Each of these features is not normally found for endpoint protection.

I would rate this solution 8 out of 10.

What I like most about Symantec Advanced Threat Protection is its notification capability. Even if it's not anything credible, you're at least notified of it. Its active engine looks at anything hitting any ports that are accessible from the workstation all the way up to the gateway. It's like a constant analyzer checking the traffic and seeing if the traffic is within the specification of what is defined on your network. If it's some weird IP address, it's constantly assessing those stuff and looking for variations from what is established.

Usually, the technical support was very good, with proper guidance and help figuring out stuff. The support has dropped down to a five out of ten.

Symantec Advanced Threat Protection's pricing is comparable. The solution's license model is slightly more flexible than FortiGate. Fortinet sells in packs, while Symantec Advanced Threat Protection sells individual licenses.

Once it's been properly updated, Symantec Advanced Threat Protection works properly. I've had a few security incidents running the solution during the couple of years I used it.

I prefer Symantec Advanced Threat Protection to FortiGate because I can set it up to receive notifications.

Overall, I rate Symantec Advanced Threat Protection a nine out of ten.

We use the solution for endpoint protection. I'm an infrastructure team leader and we are a customer of Symantec.

Endpoint to network is a good feature, it can protect the line. 

In general, improvements can be made but nothing specific. I think SonicWall and McAfee are better solutions.  I think this is a good solution for someone looking for endpoint protection but not so great if you're looking for advanced threat protection.

I've been using this solution for about six years. 

I think this is a stable solution, we haven't had any bugs or glitches. 

I've contacted technical support many times, they are quite good and helpful. 

Initial setup is relatively straightforward, deployment on our systems took about two or three months. We deployed with our own team. 

I would rate this solution a seven out of 10. 

In general, we use the solution as our endpoint protection. It's an additional layer, and it's our endpoint security for our antivirus product for the company.

All of the solution's features are quite valuable for us. We especially like the threat protection it provides.

The cloud platform needs to have improvement in terms of the user interface and the different capabilities it has available. It needs to match the other leading next-gen EDR products that are available in the market. That's the reason why we are stepping away from Symantec. Their cloud environment is just generally lacking in comparison to others.

If they could intercept the detection on the different kill chain analysis that would be great.

We've been using the solution since the inception of the company. I personally have been working with it for three years.

Whenever there's a new update we have some issues. The on-premise product would crash and would not function so we would have to reach out to Symantec. 

The scalability of the solution is good. I'd rate it eight out of ten. About 96% of the company uses the solution.

The support team that Symantec offers didn't know how to solve issues even though they referred to themselves as "engineers". They are not really that experienced and well versed in the product. We've been complaining to Symantec on their support because most of them are actually not able to help us whenever we have problems.

When I joined the company, Symantec was already in place.

The initial set-up was complex. 

Our team handled the implementation internally. We did it without the support of Symantec.

We originally deployed the on-premises model, but over the past year, we've started to use the cloud deployment as well.

It would be really great if we had some involvement from Symantec's side. Some of the other endpoint protection products in the market or other companies who are selling the same product, are, in my experience, really helpful. That's one thing that's lacking on the Symantec side. For those considering implementing the product, try to get Symantec as involved as possible. It would be better.

I'd rate the solution six out of ten, based on the cloud capabilities and the privacy offered.

We use this solution for email threat protection. It automatically scans our emails, including attachments. It also provides a sandbox feature.

It is hosted within the Symantec cloud.

The most valuable feature is Click-time URL protection. If there are any URLs in the email then they will be automatically scanned, and then opened.

The support for this solution can be improved because we are not receiving alerts for maintenance.

There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed. For example, you can only block three thousand IPs.

In the past two years, we have had no issues with stability. We have had ninety-nine percent uptime.

We have one hundred and twenty-five users for this solution, and we plan to increase our usage in the future.

The initial setup of this solution is straightforward. It is cloud-based and not complex.

We did the configuration ourselves. We only needed to set up the IPs for the incoming and outgoing mail servers. 

The pricing of this solution is inexpensive and affordable.

This is a good solution, and whatever our requirement is, all of the features are there.

I would rate this solution a nine out of ten.

They manage to solve detection quite nicely. There is some rather elaborate detection compared to other providers. Most of the providers of the security software offer a threat graph, for example, so you can see how the menace propagates throughout the infrastructure. Symantec also provides a small set of information linked to each of the attacked computers. It provides a bunch of information that I find useful.

The endpoint protection looks old.

Another issue is in the deployment requirement for the ATP single instance. They should work on lowering, for example, the storage requirements which is around one terabyte but only for one ATP instance. The whole product works for more complex infrastructures and is designed to work with more than one instance, so you can imagine the requirements. 

It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case.

I didn't evaluate the stability of the solution but it didn't crash after installing. It's been working nicely. I cannot provide a definitive response. Normally, I would test this part of it using some kind of test, libraries and so on but I didn't do that.

For the EPP, it seems like it was initially designed for the small business segment. The scale and scalability are poor. For the ATP, it is well designed with scalability in mind even with the most complex deployment possible.

According to that documentation, it should scale up to a much higher level of complexity. So, scalability seems acceptable in my opinion. We have about 90-100 licenses right now.

I've never had to contact technical support.

For EPP, Endpoint Protection Product the setup easy. You can almost set it up blindfolded. 

For ATP, I bumped into some documentation with misleading paragraphs. The video appliance requires three network interfaces and the documentation is confusing because they are, on one side, documented and seen from the internet. On the other side, they have been named as seen from the internal video appliance. There is no real correlation between these two. You scratch your head two days trying to figure it out. They should at least document it much better. 

Over the last few years, I have had the opportunity to test and evaluate a lot of solutions, specifically security software enterprise-class solutions. I don't know how we came to the conclusion that Symantec was the answer. I don't consider that this is the best solution for me but it's a serious product and it deserves appropriate attention.

I would recommend GravityZone over the Symantec package.

Symantec has a lot of products which are working individually and separately and in the last two or three years, they have tried hard to integrate one with the other. ATP has had some serious features cut, and they're not working timing-wise if you don't integrate it with endpoint protection. My advice to the company would be to either make them work individually, separately or to integrate them seriously. 

The dependency between several separately sold products from Symantec is bothersome. You buy a product, for example, Endpoint Protection and, a lot of the features only work if you buy also another product, say ATP. If you want the network detection or manage services or whatever other technology you have to buy another product which also integrates with the first and the second one, and so on.

This is one of the reasons that I like GravityZone because it has everything inside. The worst part is that you don't buy the license for some feature that's inside. They are already there, they are already working. You can at least deactivate them if you don't buy the add-on license. Symantec has the exact opposite perspective. You have to buy each individual product and then integrate them. For a small company, the integration part is easy. If you have 500 endpoints, you integrate three or four and separate the security products, it's done. If you have a complex company with branch offices and separate domains etc. the integration part may take you months of work because the products are separately sold which is bothersome.

I would rate this solution between 8 or 8.5 out of 10.

Endpoint production is to protect our laptops. So, we use it to secure our corporate laptops.

It has certainly helped out our audit efforts because we each stay compliant in terms of various security standards. So, it's pretty good detecting.

It's very helpful from a centralized administration point of view, e.g., doing policy updates.

It works all the time. We do test against it by doing penetration testing and other things. It triggers and block these attacks. We think it holds up, but there's always zero-days.

What we want to do is be able to customize some of this on the administrative side. Right now, it is pretty much turnkey. Therefore, it would be nice if we have more customization. We would also like alerting, not to just to the end users, but to the administrators, when something happens.

An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance.

It has been around for awhile. It has had several revisions which we have through, and it's stable.

It scales fine because it runs on individual laptops.

I have never tried to contact the technical support.

We do security scans. We started to detect with security scans that there is no blocking, or we can actually compromise a laptop, we do internal testing and determine if it's time to move to another product.

We previously had a cloud-based solution by Symantec, but switched to this internally managed, centralized solution when we were acquired. The products are similar just meant for different types of organizations: large enterprises (this solution) vs SMBs (cloud-based solution).

The initial setup was pretty straightforward because the team that came in and helped us deploy it had already done so in various other business units within our parent company. They had done this setup many times.

We had an internal deployment team which handled it. Therefore, we do not have to use an integrator at all. However, our parent company is pretty big and they have a large IT team who handles deployment.

It decreases our downtime for laptops by protecting them.

Pricing is covered by our global procurement team. It is the solution that they chose.

It's a solid solution.

Do your testing. Get a trail edition. Try to attack it with malware in your lab. See how it will stand up in a bake-off.

The key thing is to keep up with all the industry changes. There are more services running on the cloud and figuring out how to do that.

Real-time threat analysis is quick and takes action on threats immediately.

There are some ‎features that would add value to this product. One of them would be a graphical presentation of threats that the system has encountered. 

It should be able to collect information if the agent is disabled.

It also needs network-based threat protection for shared folders and files. 

No issues yet with stability. The great advantage in using this product is it creates multiple services.

Currently we have 800-plus nodes connected with this solution, without any issues. The solution is scalable.

I rate tech support eight out of 10.

As a firm we used three or four different products from the top vendors. The slight differences which made us go with Symantec were technical support‎, ease of use, easy deployment of rules, and a better view from the dashboard.

Pricing is good. It is nice to have a great product at a fair price, rather to have an insecure product.

Mcafee, Next-Generation Security.

I think you should procure this product. It is a long-term investment.