Symantec Endpoint Security Reviews

I'm an IT consultant, so I implement Symantec Endpoint Protection for customers, from SMB up to large enterprises and federal government.

There are a number of features that all work synergistically to be able to provide the protection. Originally, anti-virus was based on definition. About 10 years ago, the bad guys figured out how to get past that. So what they've been doing for the past 10 years is adding in additional features to help mitigate any of these other attack vectors that the hackers or malicious people have. So it's just a working together of all these components that makes it special.

And then SEP itself fits into the Symantec ecosystem, and inter-operates with a number of other technologies to provide a comprehensive security portfolio.

I think the key thing for me, is interoperability, in that you can deploy it to Windows, Mac, and Linux. That's been a really important feature in the last two years. Now there's one management console to cover all three OSs.

There are two key aspects to how it has improved. One is the threats that it protects the organization from versus the amount of resource utilization; and two is that compatibility has increased.

They're just starting to get into this now, but I think they can do better - they're just starting out with I think is called the SEP Cloud Console. It has more limited functionality. It will be good once we can run SEP from the cloud. That would be good.

The big issues around stability were fixed back around 2010 or so. When the original SEP client was created, there were some challenges with the interoperability of the different components, because they took a number of different agents, put them into one agent, and then they broke things. With SEP 12 and forward, that all runs really well now.

From a scalability perspective, in Australia and New Zealand, where I'm using it, it can easily manage any workload that we've got. 

One of the challenges is people going the opposite way, that is, people trying to deploy Symantec Endpoint Protection - which is an enterprise level product - into a small business of a hundred users. It can introduce a lot of complexity that doesn't have to be there.

There are other solutions like SEP.cloud which can make it easier for small businesses to be able to use very similar technologies to Symantec Endpoint Protection.

Most times it's good, but there are instances where there are some challenges in that the people who you're working with don't know how to fix what you're doing. Then you have to ask for an escalation. Normally what I'll do is I'll work with my Symantec colleagues to help escalate any internal issues, where we see that things are getting bogged down in support.

From a Symantec technology perspective I'm very happy with it. However, the support can be wanting, for those reasons. Sometimes the time to resolution is longer than I would expect.

Based on the roles that I've had, I've been working as a Symantec consultant for 10 years, and so I've just been working with SEP. There are people who, as their consulting function would be an endpoint protection guy, would do McAfee, SEP, Trend, etc., whereas my strategy was different. I basically covered off all Symantec technologies. My intent was to be able to be specialized across the entire range of security technologies. I've only worked with SEP.

The initial setup is easy. That's one of the selling features, that you can roll it out in an hour. (They might say 15 minutes or something like that). But the initial rollout, setting up SEPM server, you can do in an hour. Then, the challenge is that you can make it as complex as you want after that. It's very, very capable, but it can get quite complex.

Symantec Endpoint Protection installation and Administration Guide is awesome. The documentation is good. They provide online training and you can also do instructor-led training. There should always be training available, or information available, to help you get where you have to go. That's one of the things I do like. 

I've been an instructor for Symantec for 10 years too, and I've taught the SEP course, and I think it covers off what you need to know.

From a simplicity perspective, it's per user. Therefore, it makes it easy to do licensing.

I'll be honest, I haven't really done licensing with Symantec for seven years. I just do professional services and we let our partners handle the licensing.

Back in the day, when I worked for a distributor, there were other products available, that were cheaper - this is more of a New Zealand example - but they didn't have the functionality. However, because of the small businesses we were working with, they were good enough. 

That is a challenge: having an enterprise product like SEP competing against a cheaper product like Sophos or ESET. The latter are cheaper, but you don't get quite the same scalability, functionality, etc.

Get competent consultants to do the implementation, because it can be complex. You have to have a consultant who is knowledgeable, to make sure they cover off all the bases, to make sure all the infrastructure is protected.

It saves time, in that a professional can get it done more quickly. And, it gets done correctly, so you don't have to do re-work. I've been in circumstances where the customers try to do the implementation themselves and then they bring us in after the fact, and we have to either redo what they've done or rebuild the infrastructure from scratch. That just doubles the cost of what it would have cost originally.

I would say this solution is a 10 out of 10. The big reason is the functionality. Personally, I've not had a breach or seen a breach. And it runs on the machine, and I can't even tell it's there.

Antivirus solution for a global company with approximately 34,000 endpoints.                                

• Rather simple management
• Easy to deploy with medium maintenance.
• I believe to get the full benefits of Symantec Endpoint Protection, Symantec ATP is required. It provides quite a good overview of how threats have spread within the company.

• SEP, the entire suite of components, provides good endpoint protection.
• The IPS function (with no firewall needed to be installed in the SEP client) is quite good.
• The risk tracer, which can be enabled with the firewall installed, is also quite good.       

• SONAR could be improved. The false/positive rate is a little high.
• The firewall could be a little more "flexible". For example, it would be convenient if the firewall was allowed to "turn off" for hotspot environments.
• I find the documentation on Symantec.com to be not very updated. It seems like Symantec focuses more on their product than on documentation.
• My personal opinion is that Symantec has too many WS.Reputation.1 detections, which could cause important computers to malfunction.
• In a large environment with a significant amount of GUP's, it would be neat, if the client could "detect" the GUP in its own subnet. The client has some built-in intelligence at this point, but it does not seem to work properly. In an environment with many locations, whereas many of them have little bandwidth capacity (and no local datacenter), the LiveUpdate policy can end up becoming rather complicated.

Endpoint Protection and Advanced Threat Protection (ATP) with Endpoint Detection and Response (EDR). One of the best solutions that I have ever tried.

Great solution for a company like mine. 

I like Symantec Endpoint Solution quite a lot. I hope it continues improving over time.

ATP is really impressive, and with EDR, it is the best solution I have ever known.

• Resources
• Front-end
• User experience

The Symantec Endpoint Manager is very difficult to use and extremely old.

Very well done, Symantec.

SEPM is a product for anti-virus security. It provides endpoint security for all client machines. It protects the client machines from malware or ransom attacks.

• Support
• Scalability
• Flexibility

It keeps our machines up-to-date with the definitions of the current zero day attacks, which happens in real-time scenarios. It protects our data and the clients' data, which can be secured by using this product.

I am happy to say that the Symantec comes into the picture where the issues are reported from the product, it might be a product bug or it might be a product defect. The product engineer works on this and the latest upgrade has it built into the peer cost, where we can upgrade our involvement and support our clients again.

So, we were having a problem in Version 14, where the client machines used to go into the health state and once it restarted, and never came back again. But as far as one of the defaults, this was reported and not an issue in new versions of Symantec 14 and SEMP 2. Apparently, this is works well for now, and we are happy with this.

It is a stable product.

The scalability of the product is good to where it has had the effect of increasing the workload by adding more machines, so I should have a good scaled back-up for this supporting both lines.

I would rate them a 10 out of 10. They supply good support and have a good knowledge. 

We did have a previous solution. They are all equal in giving the definitions on a timely routine, but the bandwidth extent was an issue for me. This is why we changed to Symantec.

Everything was straightforward. Nothing was complex. The installation was very user-friendly, where the engineer from Symantec had helped us to migrate this product from the older version to the newer version of Symantec.

What we have paid for this product is good value for the work and the services that they are providing to us.

We were going through the multiple products out on the market and we chose Symantec, because we had proposed multiple products to the client and the client had chosen Symantec for these two perspectives: One is for the best service and support, which Symantec provides, and the other is the pricing, which was a constraint for our client.

If you have a good involvement and maybe your clients are not connected to a domain, you can use this product. This is one advantage of this product, where you can use the product for protecting your machines. 

You need to keep track of the definitions and releases on a daily basis. This is one of the disadvantages.

• Central management
• Group update points (GUPs): They are valuable when throttling new updates through a slower WAN.

• Reduced burden of responding to alerts.
• Granular security lets lower level techs triage issues as they come in.

• Reporting without Altiris should be improved. 
• More cloud-based functionality, but that seems happening going forward. 
• It should have hypervisor level AV protection for VMs, so you do not need a client on the systems.

Five years supporting it.

Random issues with the apps. The built in firewall is tricky sometimes to get an app working in it.

No, I have not. I have always found Symantec Endpoint Protection (SEP) to be scalable.

SONAR/Auto-Protect feature and Generic Exploit Mitigation: Can detect and prevent attacks that are exploring common software vulnerabilities. It monitors suspicious files that have behavior actions on memory, network, etc. The console and admin features are the main qualities.

In a large environment, it is a challenge to manage what areas can have specific rights or functions enabled or disabled, considering their needs. SEP had the opportunity to integrated Microsoft Active Directory structure into the SEP Admin console. Based on that, it was easier for me to apply specific policies for different business areas with different users. For instance: Enable USB rights only for C-level users/Disable SONAR feature for marketing team considering their needs.

Reports: It would be nice to have customized reports integrated on the main console with no additional DB server or BI server. Vulnerabilities: A vulnerability scan integrated with SEP would be important for the admin to understand the risk level they are facing and how to protect themselves...

Reports: SEP has built-in, on the console, many pre-configured reports
however, in a complexed environment, customers may would need customized
reports other than already provided by the console. In this case, it´s
possible to achieve them using an external data base and server. It would
be nice have a possibility to create customized reports without an external
server and data base, on the same SEP Admin console.

Vulnerabilities: It would be nice have on the SEP Admin console a feature
to measure the environment risk level using an OS and application
vulnerability scan where the administrator can analyze the risk, mitigate
the main risks, prioritized them and, over a Path Manager, correct them if
possible.

We have used this solution for six or seven years.

We had some issues during deployment. When doing a 40.000 McAfee migration nodes for SEP, I have faced challenges removing specific MacAfee features where SEP has no supportability. Compared to other vendors, like Kaspersky, they have scripts to remove all anti-virus solutions in the market before installing KL AV. And it is 100% possible to automate the job over the KL console.

Another challenge was customize all best practices vs. best protection for the company vs. not creating any performance impact on the customer.

Technical support is good. You can open tickets over international numbers, emails, or the website. If you open a ticket in your time-zone, you will work with a technical support representative in your local language. Otherwise, it will be in English.

We used Kaspersky and Bitdefender. We switched due to the company reputation, negotiation terms, commercial benefits, and technical results on the PoC.

The implementation was through a Symantec reseller. Considering the environment complexity, it is important to always plan, test, correct all errors, plan again, and attack departments with low risks, learn with the errors, adjust the plan, and move forward to next department.

Migrating a platform for a different one, most of the time, has a higher cost. However, considering the impact, risk , downtime, and principally, the low support quality provided that the oldest solution provided, were the main reason to start look forward for a newer one. These were the main reason that I migrated to Symantec. After a year of augmenting many open tickets and find internal customer satisfaction was really low, we convinced the board that it was time to migrate before having a huge impact for the business and company reputation.

Regarding the licensing, it was important negotiate a long contract to get a more attractive price, including advanced support in case of crisis.

Always try to include hours for the project in the budget. Always look for a specialized reseller who the vendor recognizes through a certified and approved reseller.

It is easy to implement and very stable. The AV device control and HIPS are very impressive. Just implement it and it's done. No troubleshooting efforts are required to make the policies work.

No overhead of troubleshooting after installation makes it my favourite.

It's a nice product. I think Symantec should work more precisely on minimizing database size and the live update size.

We have been recommending this product to our clients for about five years already.

No deployment is very simple.

Stability issues are very rare. It's a very stable product.

We have not encountered any issues with scalability.

Customer Service is the best.

I would give technical support a rating of 10/10. I love the way they support clients.

We do system integration and we have expertise in most products, but there is nothing like Symantec.

It was very simple to implement and very easy to use as well.

We have in-house team.

Yes,I would not name any :)

Just go through the implementation guide or some YouTube videos and the IT team can do it.

It's a single-agent installation with many features including

• wireless protection
• application control
• antivirus control.

Previously scans were taking a long time, hours or even a day. But nowadays, when the product scans, the time taken is only 15 to 20 minutes for a full scan. This is the main improvement, because it no longer affects the day-to-day work of users.

There was an administrative feature, which was available in the previous version, which has been removed. We would like that feature to be added again, because it helps the customer in many ways, and it's a very user-friendly feature.

Eight-plus years.

Stability is dependent on environment. It may not always be stable, because of environment. For example, there could be an issue in some environment, but in another environment there would not be an issue.

There are no limitations.

Eight out of 10.

From the start we have been using the same product.

It was straightforward.

We were evaluating other products, but according to this product's technology and the support, in these areas we thought that Symantec would be the right product.

One piece of advice I can give is, because in some environments it could behave properly, and in some environments it may not behave, you need to test it first, and then purchase.

I think that this product is very user-friendly. It has many technologies which can be easily accessed and available. There are many features. And there is a complete knowledge base article which is published to the public, so everyone has access to it.