Symantec Endpoint Security Reviews

It is used for detecting and blocking web attacks. 

It has helped me in providing authentication mechanisms, restricting devices, and blocking global threats. There is about 10% to 15% improvement.

All Symantec Endpoint Protection (SEP) features, such as anti-malware, zero-day attack protection, and IPS features, are valuable.

Zero-day threat and device management or device control can be better. The patch implementation or patch management can also be better because sometimes, they are issuing or deploying patches in old versions.

It should support the next-generation IPS. Currently, it supports only IPS.

I have been using this solution since 2010.

We haven't had any issues with SEP. We have been using it for quite a long time, and it has been stable. It is reliable. We are getting upgrade patches. 

We are also using other Symantec solutions, such as Blue Coat, and we have had issues with them but not with SEP.

It can be scaled up with EDR and XDR extensions. We have deployed it at multiple locations, and we have plans to increase its usage.

Their technical support is fine. I didn't find any issues with that. I would rate them a nine out of ten.

Positive

I used to use Trend Micro Quick Scan. I switched because we were getting some attacks, and Trend Micro was not able to detect them.

It was straightforward. We had around 500 systems, and it took about a week. About three to four people were involved in its deployment. Their roles were engineer, team lead, and admin.

We had a consultant from Symantec for its implementation. In terms of maintenance, it doesn’t require that much maintenance, but it requires patch updates on a regular basis. I take care of its maintenance.

The pricing is as per the environment. If all the features are there, there will be a cost for them. There were no additional costs for me. Support and other things were included in the pricing.

We did a PoC of McAfee, Trend Micro, and other solutions in our environment. Symantec was better. So, we went for it.

I would advise using all of its features, such as IPS. These features are very good. I'm using a lot of solutions from Symantec. I am using SEP, and I am also using Blue Coat devices. They provided us with the entire solution design.

I would rate Symantec Endpoint Security a nine out of ten. It is a nice product.

We use it to secure our endpoint, especially with employees working from home.

Our company provides amusement park guest hospitality. This solution helps us with our daily operations, managing the amount of traffic in the network coming from the Internet as well as application updates and passwords. 

It lets us control users and their actions when browsing.

Every month, we do an analysis. This allows our systems to be the most effective with all the changes that need to be done. It gives us a dashboard where we can view four or five key components, like malware protection, exploit protection, network intrusion, behavior analysis, and additions to the firewall. We also do daily, weekly, or monthly analyses based on events. This helps us have a clearer picture of our organization, what is wrong with a security event, and where you need to really focus to prioritize events. For example, if you have a network intrusion on the firewall, this gives a detailed view of your network where you can focus on the right solution, and prioritizing events.

We are using the solution to mitigate security breaches. We are constantly monitoring the endpoint interface dashboard. If there is a breach, it gets isolated. We see those on the report and event logs. We then apply the Application Control feature to take remedial actions.

If there is exposure, we need to investigate the source of the attack, e.g., whether it came from the network or externally. We view the firewall logs, and if there has been exposure, then we use the Application Isolation feature. When there is an attack with on-prem, that system will go into isolation mode, removing connectivity to other internal systems. We also restrict the WLAN part to avoid that system broadcasting to other networks.

It gives us a big picture of our response and remediation processes with one product, which is very good.

The detection and response are quite good. We have a few templated policies that we have created for our entire organization. We have added groups to ensure that if an attack or breach happens, then it can be isolated from our network.

We use Application Control, Application Isolation, Web Traffic Redirection (WTR), and Network Integrity. These ensure that traffic is flowing. 

The device can be outdated. More enhancement of network and discovery would help already great features.

The company has been using it for almost five years.

We haven't had any issues when updating it.

The scalability meets our company's requirements of on-prem and cloud. Therefore, I would rate its scalability as nine out of 10.

We have not yet used the Threat Hunter Team.

I would rate the technical support as nine out of 10. Most things are resolved within a day. Some things have taken a week because they needed to assess the system and what went wrong. Critical assessment of root causes takes about two to three days.

Positive

We have around four to five applications. For example, we are using Oracle Fusion Middleware and ERP in-house for our operations. 

We have also used Sophos, where it took a little time to put policies in place. It is quite complicated and not that user-friendly. We had a bad experience with them.

Symantec Endpoint Security is better because it has other features, like Application Control and Application Isolation, that can be utilized. It gives us complete control of the endpoint, so we can customize our workflow to control security.

We have used Symantec Professional Services for updates and helping to get services properly installed.

Protecting the company data is key. This solution gives a clearer picture of your endpoint, security, and network. These three things are very important for us, which is why using Symantec Endpoint Security is a win-win for us. 

Our detection and response times are very high. Whenever something happens, such as an attack, we are immediately prioritizing it via the dashboard. 

When we go for a product review, we normally do a PoC to understand how the application will scale our innovation before adding it into our pipeline. 

Other solutions have the detection and response feature.

We are currently doing an assessment for VPN parameters, making it more secure. We are checking out that enhancement right now.

We have not integrated our Active Directory (AD) with this solution. We are still evaluating this. Our AD is currently not centralized. Once it is centralized, we will connect it to Endpoint Security.

We do a PoC whenever a new feature is released. They provide training, which helps us to be on the same page.

I would rate them as 10 out of 10.

We have used Symantec for several scenarios depending on a client's requirements. We have used the Symantec solution for host integrity, device control, and communication policies. It has the host integration part where we get the custom option to add certain scripts.

Most of the clients have been using it on-prem, but we are now looking into the cloud or SaaS environment because it would be much easier to manage the infrastructure. Our clients have Amazon AWS and Microsoft Azure.

Policies are very important and valuable for us. We have to ensure the security of the client environment. We have to ensure that there is no tampering, and restrictions are applied to the devices when one uses third-party devices such as storage and pen drives. It has the flexibility to integrate with other devices.

It is helpful in identifying the rogue devices in the environment where we don't have any agents deployed. We can identify them through Symantec. We have also heard that with cloud Symantec, we can do remote deployment through the console itself.

The dashboard view and reporting are valuable. It is stable and easy to integrate, and it provides custom options.

The agent is lightweight, and the response to the known infections with regular updates from Symantec is also valuable.

Nowadays, threats are changing, and they are moving more towards script control and zero-day attacks. So, we would like to have more control similar to an EDR solution. Symantec Endpoint Protection has certainly come a long way as a traditional antivirus, but because the threats are changing, we would like to have more EDR features so that we have a detailed view of the source from where the infection entered the environment and whether it has tried to connect any other endpoint. It should provide such a detailed view for investigation. It should protect against zero-day threats, etc. These are the key enhancements that can make it a complete solution for any enterprise. Currently, we have seen organizations going for two solutions: antivirus and EDR. With both these capabilities, it would be a complete package.

I have been supporting various clients for six to seven years.

It is stable, and that's why I recommend Symantec, especially when it comes to the server environment.

We follow the N-1 process. Whenever there is a new version, we don't upgrade immediately because there can be potential risks. We upgrade to a new version immediately only if we get the recommendation from the vendor or they have fixed any vulnerability or issue that was reported. Otherwise, we follow the N-1 version approach for upgrades.

I have not seen any challenges with the scalability of the solution. I have worked with multiple clients. One of our clients has about 30,000 end users. They are located in eight to nine countries and have about 15 different remote locations.

We have plans to increase the usage of the product, but it all comes down to client requirements. It depends on their environment, its size, and how we want to further enhance that.

Generally, we get a response, and it works, but we have seen some delays or very generic responses. If there is a quarantined file and we need information about what kind of data is there in that file, it takes a lot of time. We sometimes have to escalate to the next level for getting a proper and timely response because it's our client's data that is in quarantine. I would rate them an eight out of ten.

Positive

I have worked with multiple solutions, such as McAfee, Cortex, and CrowdStrike. McAfee has several components, and if any component stops, it impacts the compliance status and puts everything at risk because the definition will not be distributed. Symantec has an edge there because it does not have too many components. Only with the GUP server, we can distribute the definition in remote locations, which makes it easier. It also provides a view of all the GUP servers in the console.

EDR is a different solution. It provides complete visibility and footprint of zero-day and other threats based on the behavior. Symantec also provides that, but it needs more enhancement on the investigation part.

Based on what I have seen and the feedback I have received, its deployment is straightforward. It takes almost a week because it goes through various stages, such as planning, designing, and deployment. It also depends on a client's environment.

The implementation strategy varies, and it depends on a client's environment, such as whether they are a huge organization or whether they have multiple remote locations.

After the deployment, the next stage is doing the configuration, which takes a little while because it involves engaging different departments of a client and doing segregation and restructuring.

It doesn't take more than four to six months for the technology to mature in the client environment. Immediately after deployment, we start making changes to tune the policies based on a client's requirements and define the exceptions. It takes four to six months to have a stable environment.

We have a separate team that does the deployment, but I do share some recommendations depending upon the client environment. After the deployment, that team hands it over to my team for operations, and then we make the changes. So, they do the basic deployment, and we then take over and make the solution mature.

Generally, its deployment does not require more than two people. At the initial stage, they collect and gather information from various sources and proceed with the deployment, and then it takes some time to do the configuration. So, two people are good enough for initial deployment, but when it comes to rolling out the agent to the entire landscape, it takes time. You have to engage various people from different departments. The people involved in its deployment and configuration are administrators and engineers.

It usually doesn’t require much maintenance. We do our regular health checks to see whether the definitions are getting updated or not and whether their replications are working or not. Its maintenance is a one-man job, but the operational activities of the organization generally require two to three people, but the number can vary based on the size of the environment.

Our clients have certainly seen an ROI. They have been using the solution for a long time. They don't want to switch from one solution to another, and that's why we recommend the most stable ones to them.

Pricing is handled by a separate team. Whenever a new client asks for a recommendation, we provide it, but they deal directly with Symantec or other vendors for the pricing.

You should first understand a client's environment in terms of:

• What does the client environment look like?
• What is the size of the environment?
• What are the features they are looking for?
• What is the criticality of their environment?

All these aspects are important. At times, we have seen that clients just ask for the best solution, but they don't have a vision of what would make a solution best for them and what are they expecting from it. They should summarize their requirements, and accordingly, you can propose how Symantec can meet their requirements.

Overall, I would rate it a nine out of ten.

The main use case is to scan vulnerabilities on our endpoints. We need to make sure that our antivirus software is up to date. We need to ensure that patches on our workstations are up to date and that we can scan through folders and files to detect malware.

It's very good. Most of the clients are using this solution. It's able to protect workstations from threats, malicious files, and malicious USB drives. It's able to protect business-related files on the workstations. If you have an environment where you need to protect critical files from threats, it's a good solution.

It also defends us against the latest sophisticated attacks, such as key-finding attacks and spyware. It provides protection against threats, spyware, ransomware, malware, etc. It's pretty good at that.

It provides a single pane of glass. You can see everything through the dashboard. It's pretty good.

It has improved our security posture. It protects us from attacks outside, and it protects our files. It also prevents the corruption of files and secures our critical business-related files.

Symantec Endpoint Security is easy to use, fast, and good for small and medium-sized businesses.

Unlike other AV products, such as Norton, Symantec Endpoint Security doesn't use many system resources.

Its GUI needs improvement. It's good, but it needs to be improved in terms of management and reporting. Its reporting features aren't straightforward.

We've been using the solution for around five years. 

It's stable.

It's scalable. One of the clients has 50 users and another one has 10 users. It's good and pretty fast. It's being used at multiple locations.

It's very easy to increase the number of endpoints. You just need to purchase more licenses. If you have more users, you need more licenses.

We have plans to increase its usage.

I'd rate them an eight out of ten. We had to raise an issue only once, and it was resolved within hours.

Positive

We have other endpoint security solutions. We bid for many companies. We check what the client wants to achieve, and we also take the price into consideration

Generally, Symantec can provide all the features that our clients commonly require. Its price is also good compared to other solutions such as Cisco AMP. Cisco AMP is very expensive. We only deploy it at the airports.

We have different test cases to show how effective it's against different types of malware, corrupt files, malicious files, etc. It works pretty well. We are happy with it. It's able to detect and stop all types of malware. We also tested it to see how it treats benign files, and it works pretty well.

It's simple to install. Its deployment is easy. It takes two to five hours. You need an antivirus server. You can directly download the antivirus client on your PC from there and then you just click next, next, and next to install it. 

We have seen an ROI. Based on the service that you get in return, it's definitely worth the money. 

It's pretty awesome price-wise. That's why we give it to most of our clients. It isn't very expensive.

Compared to Cisco AMP, which is very expensive, its price is okay. It's also cheaper than Malwarebytes.

The license that you purchase lasts a period of time. After that, you again need to purchase another license. Otherwise, you will not be able to get support from Symantec every time you have issues.

I've not used it on mobile devices, but on workstations, it's awesome. You don't require any other antivirus solution. It's simple to install. It works very well in the Windows environment. You don't need to install anything else. It provides any type of endpoint security, including USB protection.

If you have a critical network environment and security is very important to you, you can consider this solution. It can offer you the level of security that you need. It can provide what you are looking for in terms of endpoint protection.

It's very good for a small or medium organization. If you have a very large environment, you can consider other alternatives, but for small environments with 50 users, it works very well. For bigger environments, such as airports, we use Cisco AMP.

It hasn't as such saved time when responding to issues. Sometimes we have issues where the user isn't able to use the system until we resolve the issue. We have had cases where the issue got resolved immediately, but sometimes, we have had issues that required opening a case with them or intervention from the administrator.

Overall, I'd rate this solution an eight out of ten. 

Our client uses Endpoint Security at a school for antivirus protection. For example, if someone plugs in a USB on a classroom computer, Endpoint Security protects the network from infection. We have around 35 classrooms and eight teachers per class, so that's about 280 people.

The school does not use Endpoint Security to its full potential. The use case is basic. For example, it isn't being used to block stealth techniques. Sophos Firewall handles those kinds of attacks. Active Directory isn't used in the classroom, so the ability to block an AD takeover isn't being used. 

We haven't eliminated any other security solutions by adopting Endpoint Security, but we are trying to consolidate our solutions by installing a new FortiGate firewall and client licenses of FortiClient.

Endpoint Security provides the school with fundamental protection against viruses and other malware. It only covers traditional endpoints, not mobile devices, but we've never had any outbreaks. 

The best thing about Symantec is its ability to control our endpoints from a single point. You can manage the antivirus definitions, upgrades, remote scanning, etc., from one console. 

In four years, we had no reason to switch solutions, but lately, we've found that Symantec is slowing down the machines. They are looking to change solutions. I would like to stop the Endpoint Security Client's scan when the device boots. It slows the machine a lot. The scan should only run when the machine is idle. The scan often happens when the machine is at its peak load. 

I would also like Symantec to add ransomware protection. If a machine is infected by ransomware, it's hard to recover the data. We don't have any data on the client, so we're not overly concerned about that. Still, it would be nice to have this feature if there are any future problems. 

My client has been using Endpoint Security for two or three years.

Endpoint Security is stable. 

Endpoint Security is a scalable tool. 

I rate Symantec support a nine out of ten. I only had to contact them once in ten years, and the support was excellent. They solved the problem in ten minutes.

Positive

We're looking at other solutions. We mainly want something that doesn't experience performance degradation during scans or updates. 

I started to work with this client two years after implementation. I have been managing the solution for a year and a half. I provide them with renewals and updates when necessary. It doesn't require much maintenance. I didn't have to visit the premises this year.

The price of Symantec is on the higher end. They face some competition from a company called Quick Heal, which is much cheaper than Endpoint Security. They offer three years of protection at just 900 rupees.

I rate Symantec Endpoint Security an eight out of ten. My first piece of advice is not to deploy Endpoint Security on traditional machines because it'll slow it down. India is a price-sensitive market. Many companies won't pay attention to the speed of a hard drive. They'll only look at the size. They would rather go for a 500 GB hard drive, even if it is not required, rather than a 256 GB SSD. 

If you want to deploy something over and above your operating system's capabilities, you need to have a powerful machine to handle that. Performance is mainly an issue on devices using traditional drives. The performance doesn't deteriorate by more than two percent on an SSD drive, whereas it is more than 15 to 20 percent on an average drive.

The solution's application control feature is very, very powerful. The solution will automatically check the host integrity and quarantine if something is not compliant.

Users mostly complain that the solution slows down the system whenever something is scanned. Sometimes, Symantec gets blocked with legitimate applications, and we add the application in the exceptions. Users always complain that agents, which are very heavy for the system, slow down the PC's performance.

I have been using Symantec Endpoint Security for seven years.

Around 1,300 to 1,400 users were using the solution in my previous organization.

I am happy with the solution's technical support team.

The solution’s initial setup is easy.

We started with a very old version and eventually upgraded to RU6. Since we had some Windows 7 clients in our organization, we couldn't upgrade to the next versions, RU7 and RU8, because Windows 7 support is not available in those versions. Meanwhile, we started working on upgrading some systems which have specific applications running on them.

My previous organization compared different products and decided to use Symantec Endpoint Security because it was very good back then. Symantec was the first one to highlight the 2021 cyber threat. Back then, not many people were familiar with the concept of EDR.

After comparing different products, we decided to go with Symantec Endpoint Security because our major concern was application control. We didn't want any user to come, use a USB to copy the data, and leave the organization. Since users don't give us time to upgrade the system, we put the host integrity. If a service pack is not installed on the system, the system will get quarantined.

Overall, I rate Symantec Endpoint Security an eight out of ten.

We use the solution for our endpoint security. It's our compliance requirement to prevent virus attacks and ransomware attacks. However, it's unmanaged and not like a top competitor to CrowdStrike.

The solution's reporting could be improved. The solution could have better integration with other services.

I have been using Symantec Endpoint Security for one and a half years.

I rate the solution’s stability an eight out of ten.

More than 5,000 users were using the solution in our organization.

We were using the signature deployment, which is not easy.

Symantec Endpoint Security is an expensive solution.

Given the number of alerts and the variety of attacks we get, we will require AI capabilities for threat detection. Around six to seven members were involved with the solution's deployment and maintenance. I wouldn't recommend the solution to other users unless it is updated.

Overall, I rate the solution a five out of ten.

The primary use cases of this solution are for antivirus protection, anti-malware protection, and personal firewall protection.

The most valuable feature is the automated updating. They send out updates on a regular basis. All that we have to do is to set it up on our server to download it, then it is distributed to the individual endpoints. 

Individual machines could do the same thing but it would only be on that one machine.

It seems to block things fairly well.

This solution is resource-heavy. It uses up a lot of memory and a lot of disk space. It demands a lot of resources. There have been improvements with Windows 10 and it's not as problematic.

The firewall capabilities did not seem to do what the documentation claimed it should do.

Port control is one of the things that this solution does do, but it does it on a higher level. When I say port control, it's things like USB ports that can be used to plug things in. For example, if you plug in a wired mouse or a wireless mouse then you want the flexibility to be able to do that. It should be able to identify that it is a mouse and let you use it. 

By the same token, if you plug in a 1 TB external hard drive, that should be shut down unless it is one of your hard drives. The only way to detect that would be to have units with their own serial number and the system programmed in such a way that it would recognize it.

Seagate for example has many external drives. They have serial numbers on those drives, and we don't want to just set it up for use by any Seagate drive. We want our external drives to be used, only. We don't want to have to go purchase Seagate drives to have it work. We want them to get it from us, that we know works, and have them return it to us.

I would like to see a check-in system where you can log which specific drives your staff can access and what they cannot access.

I have been using this solution for approximately six to eight years.

With Windows 7 there were some stability issues. The environment handled resources differently. You could have a fairly resource-heavy solution that would make the system unusable.

Windows 10 improved stability quite a bit.

Technical support is good, but when they sold to Broadcom, even though people were paying for the support they were not getting it.

This product is more reasonably priced than some competing solutions.

We spoke with some vendors who recommended Sophos and Crowdstrike. While Crowdstrike has some incredible features, it's four times the cost.

Sophos is supposed to handle our needs.

Crowdstrike could handle our needs and then some, but we couldn't justify the cost.

Within the last three or four months, we decided to drop Symantec on its own because of some issues we have with the company. We will be using Sophos.

Symantec sold off their enterprise solutions, which this product falls into. When they sold it. they sold it to a company that has purchased software packages in the past and not done very well with it. They are a hardware company trying to expand into the software realm. This is another example of a hardware company that thinks that they can do software and they can't.

We were told that Broadcom was ignoring all of their customers that were below a certain level of license purchases. Some of the customers were calling wanting to renew their product and they were having to wait a month or six weeks just to get a quote.

We did our own research and confirmed that what we were told was true and decided that we were not going to renew and went to Sophos.

If you are going with Symantec, definitely purchase the 24/7 tech support. They will help you with just about everything, or at least they used to. I am not sure if that still applies to Broadcom.

They now offer the option to put it into the cloud for the management capabilities. That way the endpoints, the individual laptops, and desktop computers are actually going to a website to get the management, the new definitions, and new configurations. This option should seriously be considered. 

I am not recommending that they do that but they should at least seriously consider it, because, while having that one server to do that one thing is fairly important, it would be nice to not have to deal with it.

For what we were using this product for it was pretty good, but there were some things that we didn't like, and some things that we would have like to take advantage of.

I would rate this solution an eight out of ten.