Symantec Endpoint Security Reviews

In one of our client's environments, they need securing of their Active Directory. The solution is the only product with a separate feature to secure Active Directory as part of Symantec Endpoint Security Complete. The client was also looking for an automated endpoint detection solution. That's why we went ahead with it.

The very comprehensive machine learning platform has been very helpful and we have been able to prevent most attacks and detect and respond to those threats within minutes.

The reaction time for any incident has been reduced drastically. When there is an incident, the EDR engine is based on AI/ML behavioral analytics. It takes direct action and remediates the infected file, isolating the endpoint, and establishing communication between the endpoint and Symantec's threat-hunting SOC. It submits the file automatically, meaning that no manual intervention is required. If there is an attack on a weekend, we can completely rely on Symantec, rather than needing someone to manually upload these things.

Most of our incidents, no matter what has occurred, are automatically addressed. This has reduced our efforts and the time we spend on incidents. That has a direct impact on our business operations. It has improved the efficiency of our operations.

The major benefit of having Symantec's API is that you get access to all the methodologies and mechanisms, and it's accessed in a single dashboard. That makes it a one-stop solution, where you can have everything integrated. It also helps us in orchestrating and correlating our security incidents.

An added benefit is that if you have it integrated with your ticketing system, tickets will also be triggered. You get an SMS alert or an email notification, but that's a secondary thing.

The solution has helped organizations enhance their security posture considerably. We haven't faced any breaches so far, meaning we have been protected adequately. We actively perform quality assessments, penetration testing, and we do forensic analysis. In addition, we have third-party SIEM software monitoring all our assets on a day-to-day basis and they haven't identified any anomalies. That means that Symantec is protecting us well, and we have implemented it and been running it for the last three-plus years for multiple clients.

The most valuable features include the

• Active Directory security
• application controls
• endpoint detection and response.

Whenever there is an issue with respect to Active Directory, Symantec identifies the issues and tries to create a signature to mimic the Active Directory-related attacks in their backend labs. They obfuscate the request going to Active Directory. Even though there may be an issue with patches still not being updated by Microsoft, we have compensating control to prevent those kinds of attacks from happening. Once Microsoft releases patches, we immediately implement them. But until then, Symantec will prevent Active Directory compromises.

And, in some cases, the architecture itself is an important feature because Symantec is one of the very few endpoint services that provides an on-premises management system. Currently, most antivirus and protection providers operate entirely from the cloud. That's a differentiating factor with Symantec. This is very critical in an instance where you should not have access to the internet, or you wanted to have it on-premises. In those situations, Symantec is the go-to product.

In addition, for threat hunting, the API is integrated so that we get real-time updates. The threat-hunting is excellent. They're one of the largest civilian cyber intelligence networks. Symantec was an early starter with respect to threat hunting. They have a global SIEM and a global threat-hunting team. They have custom, built-in tools, and their own threat-hunting intelligence mechanism. We completely depend on Symantec's threat-hunting methodology. We have no complaints so far, and it has been an excellent experience working with their threat-hunting team.

Most incidents come through machine learning. In one or two cases we might need the experts, but most of our issues are known. They have a very good AI/ML engine. Based on the signature or the anomaly, when something is detected, the object that is compromised is isolated and we get an immediate response. A link is then initiated between the infected device and Symantec's threat-hunting team.

Symantec is one of a very limited number of products that supports the entire gamut of devices. It is not only Windows devices that it covers but also mobile devices, Mac, Android, iOS, et cetera.

In a few cases, when we enable the IPS/IDS feature, there are performance-related issues on the end devices. If we run quite a few features of Symantec, especially the IPS/IDF, it consumes a lot of processing and memory capacity. We would like to enable all the features, but doing so should not have a direct impact on the performance of the system. If they can come up with an agent that consumes less memory, that would be a great enhancement.

Also, Symantec is not being promoted from a marketing standpoint. I don't see any promotions for it. There are no road shows, marketing efforts, training, or anything organized by Symantec these days, at least in my region. The product is good, but if you're not marketing it people think "Okay, we haven't gotten any updates about the product." We need to have more road shows and promotions, and we need to have people trained in the technical aspects to gain market share.

I have been using Symantec Endpoint Security for about four years.

We don't have any issues with respect to its performance, in general. I rate the stability at nine out of 10.

It is on the cloud so scaling up is not that difficult. I would rate it a 10 out of 10. It's been helping us for the last three years. We have definitely been growing and Symantec has grown along with us.

Because the threat hunting is done by AI/ML, we have only had to reach out to support when there is an issue. If we write them an email, we get responses promptly.

Positive

We are actively using other solutions aside from Symantec because we cater to different clients. We have used CrowdStrike, Sophos, and Palo Alto XDR to name a few.

We have multiple architectures in place. A few of our clients use it on the cloud and a few have a hybrid with on-prem. The cloud-based setup is very straightforward. Once we create the account, it doesn't take more than 30  to 45 minutes for us to get the setup done.

The steps involved for a cloud instance are that an account is created, the agent is downloaded, and you probably have to push the agent to different systems. That can be done via different means and depends on the number of client machines. We can push it via SCCM or other modules or can push it manually from the central drive by having end-users download it. The process is seamless and we have been able to install Symantec on at least 150 machines within three hours. We had three resources deploying the agents on those machines in parallel.

We do regular preventive maintenance as part of our managed services, but with the cloud instance, we have never had any issues. It is on autopilot. What we do is that we regularly check for threats and whether the threats have been quarantined. We download the daily and weekly reports. The maintenance is done by one person.

We have definitely seen a return on investment. In our clients' environments, we haven't faced any downtime because of ransomware or malware attacks. That itself is a good 30 percent return on investment.

And when it comes to employees' time for detecting and responding to threats it has saved them about 50 percent. They never spend days off or weekends working. There is no need to have anyone attend to this set of problems. If the system is up and we have EDR running, it takes care of everything, from isolating the devices to quarantining the file and uploading the file back to the Symantec backend SOC. Everything is automated and it's seamless.

The pricing is pretty much at the market standard. I don't see any issues with it. It depends on case to case. Symantec is not that cheap and it's not that expensive compared to CrowdStrike. I would put them in the "middle block."

When compared to other solutions, I would give Symantec Endpoint Protection 4.5 out of five. It has interesting features, starting with Active Directory Security. There is no other endpoint solution that will help you in preventing lateral-movement attacks on Active Directory. And Active Directory is one of the more critical assets within an organization. Nine out of 10 organizations use Active Directory, and it is so often a targeted asset. Symantec is the only product that has Active Directory security.

Also, it enables us to have a hybrid architecture in which we can have Symantec Endpoint Security on-prem and integrated with the cloud. We can also have the API integrated into our SIEM and SOAR.

We have been using other endpoint security products as well. The advantage of Symantec is that you don't need a separate product to protect your assets such as Linux or Android. It's equivalent to Intune where we can have a single dashboard and have all devices onboarded. 

On top of that, with Symantec, we have application control and DLP to a certain extent. It means we don't have to have multiple products running in the ecosystem. It acts as a consolidated solution with multiple features and functionalities. This reduces the costs and resources that you would need to manage different products. When you have different products, it leads to cumbersome processes and it is very complex to manage infrastructure. Having Symantec on the cloud makes endpoint protection seamless. We can download the agent, run it, and we are up and running within 30 minutes.

I would recommend it, but you should do a PoC. Every use case is different, so I would definitely recommend seeing whether it blocks legitimate traffic or a legitimate application or process.

There is a famous saying that only 40 percent of organizations know they are being hacked. The other 60 percent are not aware that they are being compromised. A product like Symantec would certainly enhance the security posture of an organization. It gives senior management pretty decent confidence they have a robust and scalable product with a purpose. We are approaching mitigating 99 to 99.5 percent of attacks from happening. Having said that, other threat-hunting and endpoint detection and response platforms will enhance the overall security posture and drastically bring down the risk level of the ecosystem.

We use the solution for our endpoint security. It's our compliance requirement to prevent virus attacks and ransomware attacks. However, it's unmanaged and not like a top competitor to CrowdStrike.

The solution's reporting could be improved. The solution could have better integration with other services.

I have been using Symantec Endpoint Security for one and a half years.

I rate the solution’s stability an eight out of ten.

More than 5,000 users were using the solution in our organization.

We were using the signature deployment, which is not easy.

Symantec Endpoint Security is an expensive solution.

Given the number of alerts and the variety of attacks we get, we will require AI capabilities for threat detection. Around six to seven members were involved with the solution's deployment and maintenance. I wouldn't recommend the solution to other users unless it is updated.

Overall, I rate the solution a five out of ten.

The solution's application control feature is very, very powerful. The solution will automatically check the host integrity and quarantine if something is not compliant.

Users mostly complain that the solution slows down the system whenever something is scanned. Sometimes, Symantec gets blocked with legitimate applications, and we add the application in the exceptions. Users always complain that agents, which are very heavy for the system, slow down the PC's performance.

I have been using Symantec Endpoint Security for seven years.

Around 1,300 to 1,400 users were using the solution in my previous organization.

I am happy with the solution's technical support team.

The solution’s initial setup is easy.

We started with a very old version and eventually upgraded to RU6. Since we had some Windows 7 clients in our organization, we couldn't upgrade to the next versions, RU7 and RU8, because Windows 7 support is not available in those versions. Meanwhile, we started working on upgrading some systems which have specific applications running on them.

My previous organization compared different products and decided to use Symantec Endpoint Security because it was very good back then. Symantec was the first one to highlight the 2021 cyber threat. Back then, not many people were familiar with the concept of EDR.

After comparing different products, we decided to go with Symantec Endpoint Security because our major concern was application control. We didn't want any user to come, use a USB to copy the data, and leave the organization. Since users don't give us time to upgrade the system, we put the host integrity. If a service pack is not installed on the system, the system will get quarantined.

Overall, I rate Symantec Endpoint Security an eight out of ten.

The main use case is to scan vulnerabilities on our endpoints. We need to make sure that our antivirus software is up to date. We need to ensure that patches on our workstations are up to date and that we can scan through folders and files to detect malware.

It's very good. Most of the clients are using this solution. It's able to protect workstations from threats, malicious files, and malicious USB drives. It's able to protect business-related files on the workstations. If you have an environment where you need to protect critical files from threats, it's a good solution.

It also defends us against the latest sophisticated attacks, such as key-finding attacks and spyware. It provides protection against threats, spyware, ransomware, malware, etc. It's pretty good at that.

It provides a single pane of glass. You can see everything through the dashboard. It's pretty good.

It has improved our security posture. It protects us from attacks outside, and it protects our files. It also prevents the corruption of files and secures our critical business-related files.

Symantec Endpoint Security is easy to use, fast, and good for small and medium-sized businesses.

Unlike other AV products, such as Norton, Symantec Endpoint Security doesn't use many system resources.

Its GUI needs improvement. It's good, but it needs to be improved in terms of management and reporting. Its reporting features aren't straightforward.

We've been using the solution for around five years. 

It's stable.

It's scalable. One of the clients has 50 users and another one has 10 users. It's good and pretty fast. It's being used at multiple locations.

It's very easy to increase the number of endpoints. You just need to purchase more licenses. If you have more users, you need more licenses.

We have plans to increase its usage.

I'd rate them an eight out of ten. We had to raise an issue only once, and it was resolved within hours.

Positive

We have other endpoint security solutions. We bid for many companies. We check what the client wants to achieve, and we also take the price into consideration

Generally, Symantec can provide all the features that our clients commonly require. Its price is also good compared to other solutions such as Cisco AMP. Cisco AMP is very expensive. We only deploy it at the airports.

We have different test cases to show how effective it's against different types of malware, corrupt files, malicious files, etc. It works pretty well. We are happy with it. It's able to detect and stop all types of malware. We also tested it to see how it treats benign files, and it works pretty well.

It's simple to install. Its deployment is easy. It takes two to five hours. You need an antivirus server. You can directly download the antivirus client on your PC from there and then you just click next, next, and next to install it. 

We have seen an ROI. Based on the service that you get in return, it's definitely worth the money. 

It's pretty awesome price-wise. That's why we give it to most of our clients. It isn't very expensive.

Compared to Cisco AMP, which is very expensive, its price is okay. It's also cheaper than Malwarebytes.

The license that you purchase lasts a period of time. After that, you again need to purchase another license. Otherwise, you will not be able to get support from Symantec every time you have issues.

I've not used it on mobile devices, but on workstations, it's awesome. You don't require any other antivirus solution. It's simple to install. It works very well in the Windows environment. You don't need to install anything else. It provides any type of endpoint security, including USB protection.

If you have a critical network environment and security is very important to you, you can consider this solution. It can offer you the level of security that you need. It can provide what you are looking for in terms of endpoint protection.

It's very good for a small or medium organization. If you have a very large environment, you can consider other alternatives, but for small environments with 50 users, it works very well. For bigger environments, such as airports, we use Cisco AMP.

It hasn't as such saved time when responding to issues. Sometimes we have issues where the user isn't able to use the system until we resolve the issue. We have had cases where the issue got resolved immediately, but sometimes, we have had issues that required opening a case with them or intervention from the administrator.

Overall, I'd rate this solution an eight out of ten. 

Our client uses Endpoint Security at a school for antivirus protection. For example, if someone plugs in a USB on a classroom computer, Endpoint Security protects the network from infection. We have around 35 classrooms and eight teachers per class, so that's about 280 people.

The school does not use Endpoint Security to its full potential. The use case is basic. For example, it isn't being used to block stealth techniques. Sophos Firewall handles those kinds of attacks. Active Directory isn't used in the classroom, so the ability to block an AD takeover isn't being used. 

We haven't eliminated any other security solutions by adopting Endpoint Security, but we are trying to consolidate our solutions by installing a new FortiGate firewall and client licenses of FortiClient.

Endpoint Security provides the school with fundamental protection against viruses and other malware. It only covers traditional endpoints, not mobile devices, but we've never had any outbreaks. 

The best thing about Symantec is its ability to control our endpoints from a single point. You can manage the antivirus definitions, upgrades, remote scanning, etc., from one console. 

In four years, we had no reason to switch solutions, but lately, we've found that Symantec is slowing down the machines. They are looking to change solutions. I would like to stop the Endpoint Security Client's scan when the device boots. It slows the machine a lot. The scan should only run when the machine is idle. The scan often happens when the machine is at its peak load. 

I would also like Symantec to add ransomware protection. If a machine is infected by ransomware, it's hard to recover the data. We don't have any data on the client, so we're not overly concerned about that. Still, it would be nice to have this feature if there are any future problems. 

My client has been using Endpoint Security for two or three years.

Endpoint Security is stable. 

Endpoint Security is a scalable tool. 

I rate Symantec support a nine out of ten. I only had to contact them once in ten years, and the support was excellent. They solved the problem in ten minutes.

Positive

We're looking at other solutions. We mainly want something that doesn't experience performance degradation during scans or updates. 

I started to work with this client two years after implementation. I have been managing the solution for a year and a half. I provide them with renewals and updates when necessary. It doesn't require much maintenance. I didn't have to visit the premises this year.

The price of Symantec is on the higher end. They face some competition from a company called Quick Heal, which is much cheaper than Endpoint Security. They offer three years of protection at just 900 rupees.

I rate Symantec Endpoint Security an eight out of ten. My first piece of advice is not to deploy Endpoint Security on traditional machines because it'll slow it down. India is a price-sensitive market. Many companies won't pay attention to the speed of a hard drive. They'll only look at the size. They would rather go for a 500 GB hard drive, even if it is not required, rather than a 256 GB SSD. 

If you want to deploy something over and above your operating system's capabilities, you need to have a powerful machine to handle that. Performance is mainly an issue on devices using traditional drives. The performance doesn't deteriorate by more than two percent on an SSD drive, whereas it is more than 15 to 20 percent on an average drive.

With its behavior forensic, advanced threat hunting, integrated response, and Threat Hunter capabilities, it provides good control over security and improves the security posture.

Symantec is a known name in the market for endpoint and server security. The baseline of their products would always be the same, and with the evolving threats, they are also changing the technology. For example, with ransomware or zero-day threats, you don't have any already-known bad files. So, you don't have a signature for those files. They need to be identified based on behavior. If any file is misbehaving, Symantec Endpoint Security can handle it. This proactive approach or IPS is a part of it. Another example would be that you download a PDF file, and this PDF file has a built-in script. When you open the PDF file, in the background, the script starts, but nobody knows that. If you install Symantec, it will see the behavior of the file. If any file other than the required file is being executed, it will detect that and protect the system from that. Recently, a bank had a breach. There was an attempt to copy a file, which was blocked. With threat analysis, we could see that the system was protected but the bad guy had already passed through or gotten inside the network. 

Their Threat Hunter team helps out to know what exactly happened and the type of breach. For example, you clicked on a link that copied malware on a system. Your system is infected but nobody knows how many systems are affected after you. The Threat Hunter team is very good and professional. They would check its footprint on every system. If you have a breach in your environment, you have to contact them to find out what exactly is happening.

Nowadays, people bring their own devices. Most of the time, you don't know what's installed on these devices, which is the biggest threat to the environment. Symantec provides protection based on the analysis of your application, its behavior, and the type of data being sent and received. Sometimes, when you connect your mobile to any other wifi, such as free wifi or hotspot, if there is anything malicious, it can stop the traffic.

It allows you to choose the policies that you want to implement. There are around 7,000 SCSC policies, and of course, you are not going to enable all of them. You can choose the policies that you want. 

It has various components that help you at various stages: pre-attack, attack, breach, and post-breach. It reduces the attack surface. There is a component for breach assessment, device control, application control, behavior analysis, and isolation. All these are a part of its attack prevention capabilities. It also protects Active Directory. There is a tool called Active Directory Defense to stop an attacker from taking control of a user. It detects credential theft and stops intrusion, which is something no other vendor is currently providing. It also allows you to auto-manage policies, and IPS and IDS are also already there. 

It is a complete and the best solution if your use case is small and you need more productivity and more security. With a single console, you get control over Mac, Windows, iOS, and Android. This control is most valuable. 

It provides complete protection with machine learning, behavior learning, and Global Intelligence Network (GIN). The threat intelligence generated by Symantec’s GIN is now a part of the solution. For any file that they find, they get the reference from GIN, and based on the value of their sensors, they are going to say whether it is a bad file or an okay file. This capability is very important.

If there is a suspicious file, it is put into a sandbox where Symantec does an analysis. After the analysis, Symantec marks the file as a risk, but it doesn't blacklist or block the file. If a file is already known to be harmful, I would like them to automatically block or blacklist it to reduce the damage. It will stop the attack by at least 50%. Sometimes, administrators do not see the console on a daily basis, and sometimes, they assume that Symantec will block and delete the file, which is not the case. I would like it to block the file so that you won't be able to open the file. 

Another improvement area is reporting. Its reporting is more technical. As a technical person, it gives me 100% value, but if someone from the business staff wants to see what exactly is going on, you cannot give them these reports, and they won't get the value out of it. Currently, the data is not presentable for any C-level person.

I have been using this solution for the last four to five years.

They have been a leader for the last couple of years. There is no question about its productivity. It is a good name in the market. Every six and seven months, they are adding a new component or feature. If they see any gap in the product, they fix it. 

Their support is good. I would rate them a seven out of ten. Their response time varies. If your case is assigned to the India side, they take extra time. They will ask you for the log files, and the next day, they will do a remote session. Sometimes, the client gets frustrated because this is a security component, and they want to resolve the issue as soon as possible. If the case is assigned to someone on our side and we get a highly qualified person, they can handle it within a day.

Neutral

I got a chance to work with other products, such as Carbon Black, Palo Alto, and McAfee. They all are very good products. No product is bad because they are coming after so much R&D. They all are investing their time, money, and people to enhance productivity, but Symantec has been there from the start. The way they design their solutions is very important, and now, they have GIN, which is very important.

I once deployed Cylance in a bank. It had endpoint protection and EDR, and two agents were installed on the system. One was for protection and one was for recording the incident on EDR. It would capture so many files, which Symantec doesn't do, and mark them as harmful or not. Based on what I was told, it decided that based on the virus total. When they get the file hash, in the back end, they would run a script, scan it, and then give a report based on the virus total. They don't do any technical evaluation of file structure or file behavior. I found Java files to be a big problem with that solution. Symantec is comparatively a much more mature solution, and their support is also very good. They provide support for the whole product and not just a component.

It offers flexible management and deployment options. You can install it by watching a video on YouTube, but for the implementation design, expertise is required. For example, if you are implementing it in a big bank where you have 5,000 to 6,000 endpoints and multiple branches, you need to have an implementation strategy and see how to take care of the database, replication, and other things. At that time, your expertise is going to be used for designing the solution.

It takes about 30 minutes to implement the server and the policies. The rest of the things are going to be installed by the agent, which is dependent on the network. In the same building, if you have SCCM or another deployment tool, it is a one-hour job, and it can be done by one person.

In terms of maintenance, you have to take care of your server and download the updates on a regular basis. This is only for Symantec Endpoint Protection Manager (SCPM). If you are a cloud site, you don't need that. Symantec will do it. For on-prem, you need a person to log in and do the updates, and there might also be a little bit of maintenance of the database.

You get the ROI within the licensing period. It is also in terms of the reputation of an organization. Especially if you are a financial institution, your environment needs to be secure.  Last year, a bank in Nairobi, Kenya had an issue with the system. When I inspected it, five systems were already breached. I didn't find their cybersecurity team competent enough. So, I told their CIO to buy this product and enable all the policies. They don't need to log in daily. When required, they can log in and get all the information. They are very happy with it. The only issue is that when a file is identified as a risk, it is not blocked.

It is normal. If you are an educational institute, they give you a very good discount. If you are coming from the banking side, they may or may not give you a discount. I'm working with seven companies, and normally, they get a 65% to 70% discount on everything.

There are various components. You have to know what exactly you want. If you are just going to protect your endpoint, you won't buy Symantec Endpoint Security Complete. You would buy the Endpoint Enterprise, which is on the lower side. Symantec Endpoint Security Complete is on the higher side because you can also manage your mobiles and other devices. EDR is also a part of it, whereas, with the enterprise version, you don't get EDR. Overall, the price depends on the number of security components you want.

When evaluating a solution, I would advise seeing the simplicity of deployment and usage. Some products are cheap, but the operational cost is much higher, and they are a lot more complex. 

If your organization is small and you have a constraint on your system administrator or security administrator, then the cloud is the best solution for you. If you are a larger bank and you don't want your data to be on the cloud side because most countries don't allow you to share your data on the cloud side, you can install Symantec Endpoint Protection, which is then connected to a Symantec Endpoint SCSC. It will be a hybrid solution. Some components are going to be managed from on-prem and some components are going to be managed from the cloud. Feature-wise, if you're going to the cloud side, you can leverage EDR. Otherwise, you have to install an EDR server on your data center.

I would rate it a 10 out of 10. It is a wonderful product.

We use it for endpoints, to protect all the workstations in our company. Endpoints are just one layer requiring security in our environment, and we use the solution for anti-malware and for endpoint detection and response.

The best benefit, of course, is the protection against viruses and phishing attacks. In addition, we are using fewer solutions than before for endpoint protection. Symantec is enough for us.

Symantec is important for our organization. We have confidence in it to protect our workstations. We use it for many different types of protection, such as blocking ports, like TCP and UDP. We don't need to use GPOs from Active Directory to block anything or to use Windows files. It's the only solution that we install on our workstations. If we don't have it on a workstation, that is a cause for concern.

I like the endpoint detection and response. That's the best feature. I also like the fact that we don't need to use a file on the computer, whereas some anti-malware solutions work with a file on the endpoint. Symantec is a very good option compared to solutions from other vendors.

And when it comes to attack and breach prevention for mobile endpoint devices, Symantec is good. Until today, we haven't had any cases of malware on our smartphones. I suppose that the solution is protecting all the mobiles that we have in our company.

It's also very good, based on the last test I did, at fully exposing the extent of advanced attacks, especially when attackers use stealthy techniques to evade detection. While there was something that it didn't protect against, that was 10 percent of the test, which is not huge when compared with other anti-malware on the market.

One suggestion I have for both regular and mobile would be to collect all the information about installed software, such as versions, and give that information to the manager to help with software management. That would be a huge advantage for everyone who administers these tools.

For example, EDR gives me some applications with a version linked to a CVE or a MITRE attack. That's really interesting, But we don't know about other software that is installed and that means we need to install and use other software on the workstation to collect that information. If Symantec could do that, it would help managers improve their security, as they would know all the software installed on each device.

Because Symantec is already installed on a workstation, it would not be difficult for the agent to collect information about the software installed. It wouldn't need to do anything other than collect and share the information. That would be a huge advantage for the administrator. The more information we have about a device, the more secure we can make it. For example, there are types of software that can open a port that an attacker can use. If we know that such software is installed, we could just act before something happens. If Symantec could collect that software information, it would be amazing.

I have been using Symantec Endpoint Security for almost three years.

It's very stable. I have never experienced an unstable system with Symantec.

On the cloud, scaling is very easy, of course. But on-premises, we have had some difficulties, although these are the normal difficulties that any on-prem software would have. If I was using any other system on-prem I would also need to be thinking about disaster recovery and backup and load balancing.

We have Symantec deployed on all the company's workstations, on about 1,400 devices. We have also installed it on about 400 Windows Servers. And we are testing it on two Linux servers as a proof of concept, to see if we will install it on all our Linux servers.

We have contacted their technicians to help us with issues. The last one was very good. He tried to help us with different kinds of troubleshooting, as it was very important to find a solution.

Positive

I have used CrowdStrike, Deep Security from Trend Micro, and Kaspersky. I have also tested Sophos and Check Point Security.

Although in both companies where I have used Symantec it was already there when I started, it has positive evaluations in industry reviews of many anti-malware tools and a good price as well. It provides a good solution at a good price. I expect those are the reasons that these companies chose it.

At this moment, I'm responsible for changing it from the on-premises to the cloud tenant.

We are working with a company, a reseller here in Brazil, that is helping us with some troubleshooting and some of the more complex things. After we tried many scripts, we found one that works really easily. But importing some things to the cloud version is not so good. For example, we exported device control from the on-premises version and imported it to the cloud version and it didn't work. So we will probably need to do it manually. This isn't great for us, because we have many devices and we will need to put them on the cloud one by one. But in general, it's not bad.

In terms of maintenance, on-prem we have to keep an eye on some features because some of our internal vulnerability tests have found that some patches had some CVEs and we had to do some updating. But that was on the management side of the solution that we use to control the devices and agents, not the agent itself. We haven't needed to worry about the maintenance of the agents.

Our experience with our current reseller has been really good. They are good guys with good knowledge of the tools. They have helped us a lot. This reseller is a new one for us. We used another that was very bad, with poor response times.

The new reseller has also helped with the data loss protection solution that we have installed, and with our Web Security Services, which is another software package we use.

The price of Symantec is very good compared to other vendors. I had access to information about pricing when we were renewing. I don't know if the renewal was cheaper than when contracting it the first time, but the renewal price was better than many other vendors' first-time prices.

I formed a good impression of Symantec Endpoint Security when we used a penetration tool on it and on other anti-malware solutions as part of a proof of concept. Symantec was one of the best in that penetration test and that was a surprise for me because I thought it would not be that good. But it gave us really good results in the penetration test.

I have used different solutions, but I prefer Symantec's cloud solution when compared with, for example, CrowdStrike.

My advice would be to start using the EDR as soon as possible to have a good view of your environment.

The management functions in the cloud are better than they were in the past with Symantec's on-premises version, which was not good. The management functionality in that version was terrible. Although it was still very good for protection, the management interface was not good. Now, with the tenant in the cloud, it's better than it was.

We just renewed our license for Symantec a month ago, and we are changing our implementation from on-premises to the cloud platform. As part of that process, we will implement the solution's threat defense for Active Directory, but we still don't have it working. So I can't say, at this moment, if Active Directory is already protected against any type of this attack. But we know SES has that feature.

With the EDR solution, it has helped save us time when it comes to responding to threats, but with only the endpoint solution, I can't see that being the case.

I mainly used this solution for antivirus and firewall protection for PCs. We wanted to use this solution because we needed virus protection. My company was a reseller of this solution.

The solution was deployed on-premises.

There were a couple of small-scale environments of four to 10 machines. The larger enterprise environments were up to 400 workstations and 120 servers.

This solution reduced downtime and increased productivity by reducing the sluggishness on machines when they get infected with viruses.

The scheduled scans and the active protection were the most valuable because they allowed me to have the systems protected in real-time and also be able to schedule scans so that as new definitions would update, machines could be scanned to make sure that everything was in tip-top shape and there was nothing lurking in the background.

The malware and ransomware protections could be improved, which was ultimately the reason why I stopped using the solution.

I had three different clients, and between the three of them, they were hit with ransomware five times. It spread throughout their entire organization. Symantec Endpoint did nothing to stop it, slow it down, or prevent it, so I had to go out and find a different solution.

I used this solution for about 18 years.

Scalability wasn't an issue. It functions and performs well in all environments, from small environments to large enterprise environments, including just medium-size businesses.

On the rare occasions that I needed to call technical support, they were top-notch. I would rate them nine out of 10. There's always room for improvement, but it was pretty close to perfect.

The initial setup was really straightforward. We'd load the software on the server, link it with ID, and give it to the OU groups that we wanted to deploy the agents. We pushed out an agent installed to the machines, and then kept the agents up to date. 

We had a centralized console screen that allowed us to look at the progress and check the point in time to see the stats of any of the machines. We were able to configure it so we could set thresholds for email notifications if we had certain machines that fell outside certain update standards or if there was anything that got flagged during auto protection scans or scheduled scans of machines.

I've also deployed it in smaller environments. They were standalone clients and not a server-client model.

The solution didn't really require maintenance. There were routine updates to the application whenever a new version of the application came out, but I never ran into any issues with installs and pushing the updated agents. It was always seamless.

I was the consultant.

I saw a return on investment with reduced downtime if there happened to be a number of machines that had to be rebuilt due to viruses. 

Before the implementation of Symantec Corporate Endpoint, I had a client that needed 20% of their machines to be rebuilt every six months due to virus concerns or extreme sluggishness with the machine. Once the Endpoint protection was deployed, that was cut in half.

I thought the pricing was reasonable.

I previously worked with McAfee, Kaspersky, and a couple of others, but computer threats were much different in 2003, and people were mainly worried about viruses. Compared to other solutions at the time, Symantec seemed to have more reliable and faster releases of definition and would update files when new threats were discovered.

They all basically had the same functionality, but the most striking difference that I found in the evaluation process was Symantec's definition update process was quicker and more reliable. They would sometimes have the definition deployed 24 to 36 hours before some of the others. Kaspersky was always a good four or five days behind Symantec on virus definitions. They usually averaged about 12 to 14 hours ahead of McAfee.

I would rate this solution nine out of 10. While I was using it, I had a very favorable opinion of it.

For those who are evaluating the solution now, my advice is to find out the reported percentage of ransomware attacks that have not been caught by the system that has been allowed to matriculate through the system or through networks.

The biggest lesson I learned from using this solution is that having virus and firewall protection, virus definitions, and updating files, is not adequate protection anymore. There needs to be some AI-type component that is doing real-time analysis worldwide on the emerging threats because a simple virus is not the biggest threat to computers nowadays.