Symantec Endpoint Security Reviews

We are using Symantec Security for the server and the client. For the server, we are using Symantec Data Center Security (DCS), and for the client, we are using Symantec Endpoint Security.

We work with all deployment models. We have cloud and on-premises deployments, and we also have hybrid deployments. The cloud provider varies based on the customer, but mostly, our customers have AWS and Azure.

We are using it on 1,600 computers. All the systems and servers are protected with the Symantec solution. Our environment has an uptime of 99.9% because we never had any attack or issue related to viruses. There is zero downtime.

It works very smoothly. There is no high utilization of the hardware.

EDR and ATP features are most valuable.

Its interface needs improvement. Its interface is very old, and it needs a new look. Other solutions, such as Sophos and BitDefender, have a better and more modern interface, whereas Symantec has had the same interface for a while. There has been no enhancement in the interface. They should update and provide a better interface in 2022 for a better user experience for their customers.

Currently, Symantec's EDR functionality is expensive, and it is an add-on, whereas other devices have built-in EDR functionality. It would be beneficial for customers if Symantec does the same.

Their support also needs to be improved.

I have been using this solution for 11 years.

It is average in terms of stability. It works fine, but when we do the upgrades, there are stability issues.

Its scalability is very good. We are able to scale up to 10,000 users, and it is working fine. There are no issues with it. 

We are working with government institutions and corporations in various industries. We are also working with educational institutes. It is being used in all sectors. 

We don't have any plans to increase its usage as of now.

We have been a Symantec partner for a long time. Since the Broadcom takeover, we have been facing many issues with support. In the last three years, we have not received proper support from them. We have had the worst experience with their support. They don’t understand the issue. I explain the problem, and after two or three days, they again come back asking for the log. I would rate them a five out of ten.

Neutral

We didn't use any other solution previously. We have been using only Symantec. It is the best solution for us and our customers.

I'm involved in its implementation from the start to the end, which includes project discussions, deployment, and handover. I work with my colleagues and provide guidance on what to perform, how to perform, and how to configure policies.

The deployment depends on the environment of a customer. Some customers have a small environment with 100 to 200 users. In such a case, the deployment is simple, and there’s no complexity. If a customer has 5,000 to 10,000 users, and they are working from different locations, requiring server configuration at different locations across the world, it gets complex. We have done successful implementation in complex as well as simple scenarios. 

The deployment duration varies based on the number of users. Usually, one to two days are enough. The number of people required for deployment also varies based on the customer environment.

We create a document for implementation, and when we are handling a large implementation with 5,000 users, we deploy the 100 or 200 from our side, and then we guide and train the customer's engineer who takes care of the remaining deployments.

For 5,000 users, 5 to 10 people are enough to handle the deployment and maintenance. They all have different roles. For example, one of them handles the policies, and one of them takes care of the implementation. Similarly, one of them works with the updates. They take care of all the functions.

We do evaluate other solutions when a customer asks for a comparison with another solution, such as Sophos. We then need to do a PoC in the customer environment.

I would strongly recommend this product. It is better than all other antivirus products. It is a brilliant product when it comes to functions or features. There is no doubt about its antivirus capability. It is far better than other products, but they need to focus on its UI.

Overall, it is a very good product. I would rate it an eight out of ten.

My primary use case is malware protection. I also use it for device control, application control, and more. We are a financial institution.

The stability of this product has improved the way our organization functions. There is little maintenance, and it doesn't take long to install or uninstall. Once it is configured correctly, there is little chance of it failing.

This means that we have more of our technical staff available to work on other problems that occur.

The most valuable feature is the proactive malware scanning capability.

When you are performing simple tasks, it is not as demanding on resources as compared to other security products. This is an aspect that I like.

The application and device control functionality is good. We are able to see which applications are installed using the product management dashboard. This gives us the ability to monitor workstations, including which applications they have in which tabs.

There are extensions available, such as the Browser extension, to deal with specific types of attacks. This helps to protect against hackers. I have tested it with samples and it protects the system well.

The interface is simple to use.

One issue that comes to mind is that there is no way of specifying categories that the firewall should block. It is able to block specific URLs but other solutions, such as Kaspersky, allow you to block access by specifying a category.

It would be helpful if this product provided patch management functionality.

Compared to Kaspersky, the reporting features are not rich. Overall, the reporting capability needs to be improved.

I have been working with Symantec Endpoint Security for between 12 and 18 months.

This is a very stable product. It is the feature that I like most about the product because when we were using other ones, we had failures. With this solution, there is no frequent failure of the components.

For example, in other products that we've used, the virus definitions didn't update and systems were compromised because of it.

We have approximately 3,000 users that are protected by this solution. We add branches and more computers weekly, and we don't have problems doing so.

We were able to easily integrate with Active Directory using the Symantec Manager, so I would say it's very scalable.

As we add more branches, our usage of the product will continue to increase.

We have not been in direct contact with Symantec technical support.

The training and documentation that they provide are helpful. There is a good amount of documentation that helped to provide us with a complete picture of the product. It's nice, neat, and easy to understand.

Prior to Symantec, we used a solution by Kaspersky.

We use other anti-virus products and this one is less resource intensive and more stable than the others. It is also simpler to use.

Symantec Web Security Service (WSS) has some good features that I wish were in this product. Unfortunately, it is another subscription.

It does not take long to install this solution.

Unfortunately, the order that we followed was not recommended. We just deployed and then obtained subscriptions after that. This is not a recommended approach for deployment. However, we have a good partner and a good support team.

Due to our limited bandwidth, we had to install manually rather than use the web-based deployment. This meant that it took us longer because we had to visit each of the physical workstations. In total, it took approximately two months to deploy.

We deployed the solution ourselves. There were seven or eight people io the team and different staff members were given different duties. All of them are system administrators.

We have three people that handle the maintenance. They monitor the dashboard for possible compromises, and our specialists have to use the device protection and application controls.

There are also tasks related to reporting issues that arise during monitoring, including those concerning possible attacks or infections. One of the managers in our IT staff is responsible for updating the definitions that we get from Symantec.

There was an incident where we had problems with a password and we had difficulty recovering it. We contacted our local partner and I think they contacted Symantec. After that, we recovered the password. That was the only maintenance-related problem that we had.

The pricing was one of the factors that led us to choose this product.

That said, I was not the decision maker. I simply proposed it to our manager.

When our subscription to Kaspersky ended, we were tasked with comparing features between different solutions. The three options we considered were Symantec, Kaspersky, and Sophos.

One of the things that we liked about Symantec is the low resource utilization. I am not the person who completed the analysis but I know that the fact it is lightweight was one factor.

We liked the functionality that Sophos provided but the deployment scenario functionality was not useful for the workstations in our environment. It involved deploying the dashboard to workstations in the cloud, which is not our preferred approach.

Kaspersky has richer reporting capabilities. This is an area that could be enhanced in our Symantec solution.

We deployed the product one and a half years ago, and we received training to configure and maintain it. It was recommended that we complete our training in terms of policies, which is something that we also did. Once that was finished, we experienced the stability and good features that the product provides.

This is a product that I have recommended for use in another company. I have been told that after they adopted it, they were pleased with the fact it consumes fewer resources than their previous solutions. They manage it from the cloud.

Currently, I am referring another company to this product and my understanding is that they're going to implement it.

I would rate this solution an eight out of ten.

Symantec Endpoint Security is a comprehensive solution that provides all the packages in one product. The most valuable features of Symantec Endpoint Security are endpoint protection, antivirus, firewall, and policy creation.

The one thing I don't like about Symantec Endpoint Security is the amount of resources it uses.

I have been using Symantec Endpoint Security for ten years.

I rate Symantec Endpoint Security an eight out of ten for stability.

More than 500 users are using this solution in our organization.

I rate Symantec Endpoint Security an eight out of ten for scalability.

I rate Symantec Endpoint Security seven to eight out of ten for the ease of its initial setup.

We implemented the solution through an in-house team. Two to three people can deploy Symantec Endpoint Security in a couple of minutes.

We have seen a return on investment with Symantec Endpoint Security.

Symantec Endpoint Security is a moderately priced solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a five out of ten.

I am working with the latest version of Symantec Endpoint Security. One person is enough for the solution’s maintenance.

Overall, I rate Symantec Endpoint Security an eight out of ten.

I'm an admin in an IT consulting company and we have different companies that use Symantec Endpoint Security Enterprise.

Symantec provides a lot of security for the end user. For example, if I'm going to a website that is not trusted, Symantec will alert me that it's not trusted or it will even block it. It's endpoint security that always gives you alerts about the dos and don'ts before you even get into danger. Some antiviruses will only alert you once you are in danger. With Symantec, you get the alert before you even click on or visit a dangerous site. The detection processes are very good and they have a good notification process to tell you if whatever you are opening or working on is not good for the PC.

I have the solution on my phone and that makes it quite secure. It blocks all ads and malware. Before Symantec, I used to get a lot of ads, especially if I was doing research on the internet. Since I started using Symantec on my phone, it has blocked all of them. And it is connected to my main account on the PC, so it gives me a combined report on whatever I'm doing and whichever sites I've visited.

For us, as an MSP, Symantec is the best for breach prevention. We have been using it for almost two years now and we haven't had any major attacks or ransomware. We are always protected. Previously, before we got to Symantec, one of our clients was attacked by ransomware, but since we deployed Symantec on all our users' endpoints, we haven't had any issues.

In the long run, it has made the security side of our company more solid. Now, we don't battle with viruses and malware. It has helped with our company's growth. Symantec has given us a great sense of assurance and protection. We know that all the devices and endpoints are well secured and that there won't be any major attacks or any damage to them.

The mobile application is valuable. You are able to see the reports of intrusions and the like on mobile devices. That is one of the coolest aspects.

Also, they recently upgraded the solution to provide a graphical interface that gives you an overview of the detections and whatever has been blocked. It gives you a pie chart with a breakdown of whoever is trying to access things.

In addition, it's always running and it doesn't consume a lot of memory, which would slow a PC down.

I have been using Symantec for almost two years. I do the admin part of it for Windows and mobile phones, including installations and reports.

It's very reliable. It's very steady and doesn't give us issues.

The scalability is also 100 percent. Its ability to grow with the organization is positive. It's something that our company wants to use in the long term.

We have used their technical support a few times because we have had challenges with licensing issues. 

You have to go to the support site and log a ticket. They will assign it to an agent and then the agent will call and assist you with the issue. They have always been helpful whenever we have contacted them.

Positive

We were using Trend Micro. We switched to Symantec because the intrusion level is very low and the alerting system is very good. Symantec gives you an alert whenever you are doing something that is not right. You don't even need a techie to tell you not to do this or that.

The setup is very easy, especially when done by email. You just add the end-users information on Symantec and they get an invite via email. Once they get the link they click on it. That downloads the installation file and installs it for them. Our IT team of four people work on it together.

We get the key from a local partner and we apply it on our portal. From there we push the installation files to the users and install them. Then we do the reporting system.

In terms of maintenance, it's mostly cloud-based. Updates are done automatically.

We do it ourselves.

We have seen ROI. It has saved us a lot of money.

The pricing is good, very moderate, and the licensing is also good. It gives you more room to install a lot of endpoints and it even gives you the opportunity to install it on your mobile phone without any extra cost.

The one issue we have is that whenever we buy a license, it takes us to a new tenant. We communicate with our local partners and they give us the license key. Then, we have to go to the portal and apply it, but sometimes it doesn't work. We then have to create a new administrative account and migrate all our endpoints. That is the only major issue we have been battling with. Apart from that, it's fine.

We already had our eyes set on Symantec because it was something that some of our clients had been using.

I always tell my colleagues in the IT space that Symantec is one of the best antivirus solutions that we have used. Most of our clients, before we approach them, use different solutions so we do a test. We put a virus on their PC to see if their antivirus is able to detect it, and we find that it does not detect that there is a virus or an intrusion on the device. Once we install Symantec, it blocks everything and immediately detects that there is malware or an intrusion on the PC that needs attention.

Symantec is the best when it comes to other antiviruses and endpoint solutions in the global market.

Symantec Endpoint Protection is something I would recommend. It's one of the best.

We use Endpoint Security for security and malware protection. Currently, we have 17 customers using Symantec, and each has different policies. Some customers only use security and malware, but customers use the USB block. The agent controls around 80,000 agents we manage in Symantec Endpoint Protection.

Our customers help to create multiple policies during the implementation. Every day, users request that we revise the content policy. If a customer observes any unusual user access, I modify the policy to lock everything down so users cannot move any documents. It is effective for controlling our security. We are using signature-based protection against viruses, Trojan horses, spyware, and other types of malware. That log is stored locally. We collect it for further analysis.

Endpoint Security has helped us manage threats and malware. We saw the benefits immediately. It made our threat response faster and more secure. We find the hash value and create an immediate run policy. We send the policy to all machines, so the virus attack values are not allowed to create more damage or progress further.  

In the event of an attack, we immediately call our backend support team, and they give our backend team agents some steps or guidelines. We implemented a procedure throughout our organization to recover affected files. We create the hash value for the affected side to stop the damage and prevent the attack from affecting every machine.

We verify the hash value and signature updates from Symantec and we search for multiple global virus updates. We have articles from Symantec on use cases for reference, and we create a hash value based on that to protect our environment. 

We collect the logs from Symantec Manager weekly, including the malware, IPS, and device control logs. On the basic level, we can do some fine-tuning to ensure Windows and all the security patches are up to date. Then, we have to protect against any files unnecessarily accessing websites. All sites are restricted. Finally, we observe if any endpoints are still receiving malware attacks in the blocked log and locked resources from that particular machine. 

I like the malware threat control policy and USB blocker. In Symantec Manager, we use multiple available features, so we created firewall policies to prevent any malware attack from the network or device controls.

The intrusion prevention features allow us to block ransomware according to URL reputation. The latest version is 14.3 RU2, which blocks ransomware attacks by default. We have configured customer notifications for client users when the IPS detects suspicious activities.

The virus definitions could be updated more frequently. 

We have been using Symantec for five years.

Symantec is stable. 

Symantec is scalable. 

Symantec support is excellent.

We previously used Trend Micro. We switched to Symantec because it offers better security and prevention. We also get immediate support from the backend team, and data prevention to keep the endpoints safe.

Symantec is easy to set up, and it only takes about 30 minutes for a basic implementation. Once the console is ready, we need to configure the solution per the customer's requests for policies like USB blocking and application restrictions. If the customer doesn't need any custom policies, the default implementation takes 30 minutes to one hour.

The price of Symantec is reasonable compared to other solutions. 

I rate Symantec Endpoint Security a 10 out of 10. 

We use it to secure our endpoint, especially with employees working from home.

Our company provides amusement park guest hospitality. This solution helps us with our daily operations, managing the amount of traffic in the network coming from the Internet as well as application updates and passwords. 

It lets us control users and their actions when browsing.

Every month, we do an analysis. This allows our systems to be the most effective with all the changes that need to be done. It gives us a dashboard where we can view four or five key components, like malware protection, exploit protection, network intrusion, behavior analysis, and additions to the firewall. We also do daily, weekly, or monthly analyses based on events. This helps us have a clearer picture of our organization, what is wrong with a security event, and where you need to really focus to prioritize events. For example, if you have a network intrusion on the firewall, this gives a detailed view of your network where you can focus on the right solution, and prioritizing events.

We are using the solution to mitigate security breaches. We are constantly monitoring the endpoint interface dashboard. If there is a breach, it gets isolated. We see those on the report and event logs. We then apply the Application Control feature to take remedial actions.

If there is exposure, we need to investigate the source of the attack, e.g., whether it came from the network or externally. We view the firewall logs, and if there has been exposure, then we use the Application Isolation feature. When there is an attack with on-prem, that system will go into isolation mode, removing connectivity to other internal systems. We also restrict the WLAN part to avoid that system broadcasting to other networks.

It gives us a big picture of our response and remediation processes with one product, which is very good.

The detection and response are quite good. We have a few templated policies that we have created for our entire organization. We have added groups to ensure that if an attack or breach happens, then it can be isolated from our network.

We use Application Control, Application Isolation, Web Traffic Redirection (WTR), and Network Integrity. These ensure that traffic is flowing. 

The device can be outdated. More enhancement of network and discovery would help already great features.

The company has been using it for almost five years.

We haven't had any issues when updating it.

The scalability meets our company's requirements of on-prem and cloud. Therefore, I would rate its scalability as nine out of 10.

We have not yet used the Threat Hunter Team.

I would rate the technical support as nine out of 10. Most things are resolved within a day. Some things have taken a week because they needed to assess the system and what went wrong. Critical assessment of root causes takes about two to three days.

Positive

We have around four to five applications. For example, we are using Oracle Fusion Middleware and ERP in-house for our operations. 

We have also used Sophos, where it took a little time to put policies in place. It is quite complicated and not that user-friendly. We had a bad experience with them.

Symantec Endpoint Security is better because it has other features, like Application Control and Application Isolation, that can be utilized. It gives us complete control of the endpoint, so we can customize our workflow to control security.

We have used Symantec Professional Services for updates and helping to get services properly installed.

Protecting the company data is key. This solution gives a clearer picture of your endpoint, security, and network. These three things are very important for us, which is why using Symantec Endpoint Security is a win-win for us. 

Our detection and response times are very high. Whenever something happens, such as an attack, we are immediately prioritizing it via the dashboard. 

When we go for a product review, we normally do a PoC to understand how the application will scale our innovation before adding it into our pipeline. 

Other solutions have the detection and response feature.

We are currently doing an assessment for VPN parameters, making it more secure. We are checking out that enhancement right now.

We have not integrated our Active Directory (AD) with this solution. We are still evaluating this. Our AD is currently not centralized. Once it is centralized, we will connect it to Endpoint Security.

We do a PoC whenever a new feature is released. They provide training, which helps us to be on the same page.

I would rate them as 10 out of 10.

We have used Symantec for several scenarios depending on a client's requirements. We have used the Symantec solution for host integrity, device control, and communication policies. It has the host integration part where we get the custom option to add certain scripts.

Most of the clients have been using it on-prem, but we are now looking into the cloud or SaaS environment because it would be much easier to manage the infrastructure. Our clients have Amazon AWS and Microsoft Azure.

Policies are very important and valuable for us. We have to ensure the security of the client environment. We have to ensure that there is no tampering, and restrictions are applied to the devices when one uses third-party devices such as storage and pen drives. It has the flexibility to integrate with other devices.

It is helpful in identifying the rogue devices in the environment where we don't have any agents deployed. We can identify them through Symantec. We have also heard that with cloud Symantec, we can do remote deployment through the console itself.

The dashboard view and reporting are valuable. It is stable and easy to integrate, and it provides custom options.

The agent is lightweight, and the response to the known infections with regular updates from Symantec is also valuable.

Nowadays, threats are changing, and they are moving more towards script control and zero-day attacks. So, we would like to have more control similar to an EDR solution. Symantec Endpoint Protection has certainly come a long way as a traditional antivirus, but because the threats are changing, we would like to have more EDR features so that we have a detailed view of the source from where the infection entered the environment and whether it has tried to connect any other endpoint. It should provide such a detailed view for investigation. It should protect against zero-day threats, etc. These are the key enhancements that can make it a complete solution for any enterprise. Currently, we have seen organizations going for two solutions: antivirus and EDR. With both these capabilities, it would be a complete package.

I have been supporting various clients for six to seven years.

It is stable, and that's why I recommend Symantec, especially when it comes to the server environment.

We follow the N-1 process. Whenever there is a new version, we don't upgrade immediately because there can be potential risks. We upgrade to a new version immediately only if we get the recommendation from the vendor or they have fixed any vulnerability or issue that was reported. Otherwise, we follow the N-1 version approach for upgrades.

I have not seen any challenges with the scalability of the solution. I have worked with multiple clients. One of our clients has about 30,000 end users. They are located in eight to nine countries and have about 15 different remote locations.

We have plans to increase the usage of the product, but it all comes down to client requirements. It depends on their environment, its size, and how we want to further enhance that.

Generally, we get a response, and it works, but we have seen some delays or very generic responses. If there is a quarantined file and we need information about what kind of data is there in that file, it takes a lot of time. We sometimes have to escalate to the next level for getting a proper and timely response because it's our client's data that is in quarantine. I would rate them an eight out of ten.

Positive

I have worked with multiple solutions, such as McAfee, Cortex, and CrowdStrike. McAfee has several components, and if any component stops, it impacts the compliance status and puts everything at risk because the definition will not be distributed. Symantec has an edge there because it does not have too many components. Only with the GUP server, we can distribute the definition in remote locations, which makes it easier. It also provides a view of all the GUP servers in the console.

EDR is a different solution. It provides complete visibility and footprint of zero-day and other threats based on the behavior. Symantec also provides that, but it needs more enhancement on the investigation part.

Based on what I have seen and the feedback I have received, its deployment is straightforward. It takes almost a week because it goes through various stages, such as planning, designing, and deployment. It also depends on a client's environment.

The implementation strategy varies, and it depends on a client's environment, such as whether they are a huge organization or whether they have multiple remote locations.

After the deployment, the next stage is doing the configuration, which takes a little while because it involves engaging different departments of a client and doing segregation and restructuring.

It doesn't take more than four to six months for the technology to mature in the client environment. Immediately after deployment, we start making changes to tune the policies based on a client's requirements and define the exceptions. It takes four to six months to have a stable environment.

We have a separate team that does the deployment, but I do share some recommendations depending upon the client environment. After the deployment, that team hands it over to my team for operations, and then we make the changes. So, they do the basic deployment, and we then take over and make the solution mature.

Generally, its deployment does not require more than two people. At the initial stage, they collect and gather information from various sources and proceed with the deployment, and then it takes some time to do the configuration. So, two people are good enough for initial deployment, but when it comes to rolling out the agent to the entire landscape, it takes time. You have to engage various people from different departments. The people involved in its deployment and configuration are administrators and engineers.

It usually doesn’t require much maintenance. We do our regular health checks to see whether the definitions are getting updated or not and whether their replications are working or not. Its maintenance is a one-man job, but the operational activities of the organization generally require two to three people, but the number can vary based on the size of the environment.

Our clients have certainly seen an ROI. They have been using the solution for a long time. They don't want to switch from one solution to another, and that's why we recommend the most stable ones to them.

Pricing is handled by a separate team. Whenever a new client asks for a recommendation, we provide it, but they deal directly with Symantec or other vendors for the pricing.

You should first understand a client's environment in terms of:

• What does the client environment look like?
• What is the size of the environment?
• What are the features they are looking for?
• What is the criticality of their environment?

All these aspects are important. At times, we have seen that clients just ask for the best solution, but they don't have a vision of what would make a solution best for them and what are they expecting from it. They should summarize their requirements, and accordingly, you can propose how Symantec can meet their requirements.

Overall, I would rate it a nine out of ten.

It is used for detecting and blocking web attacks. 

It has helped me in providing authentication mechanisms, restricting devices, and blocking global threats. There is about 10% to 15% improvement.

All Symantec Endpoint Protection (SEP) features, such as anti-malware, zero-day attack protection, and IPS features, are valuable.

Zero-day threat and device management or device control can be better. The patch implementation or patch management can also be better because sometimes, they are issuing or deploying patches in old versions.

It should support the next-generation IPS. Currently, it supports only IPS.

I have been using this solution since 2010.

We haven't had any issues with SEP. We have been using it for quite a long time, and it has been stable. It is reliable. We are getting upgrade patches. 

We are also using other Symantec solutions, such as Blue Coat, and we have had issues with them but not with SEP.

It can be scaled up with EDR and XDR extensions. We have deployed it at multiple locations, and we have plans to increase its usage.

Their technical support is fine. I didn't find any issues with that. I would rate them a nine out of ten.

Positive

I used to use Trend Micro Quick Scan. I switched because we were getting some attacks, and Trend Micro was not able to detect them.

It was straightforward. We had around 500 systems, and it took about a week. About three to four people were involved in its deployment. Their roles were engineer, team lead, and admin.

We had a consultant from Symantec for its implementation. In terms of maintenance, it doesn’t require that much maintenance, but it requires patch updates on a regular basis. I take care of its maintenance.

The pricing is as per the environment. If all the features are there, there will be a cost for them. There were no additional costs for me. Support and other things were included in the pricing.

We did a PoC of McAfee, Trend Micro, and other solutions in our environment. Symantec was better. So, we went for it.

I would advise using all of its features, such as IPS. These features are very good. I'm using a lot of solutions from Symantec. I am using SEP, and I am also using Blue Coat devices. They provided us with the entire solution design.

I would rate Symantec Endpoint Security a nine out of ten. It is a nice product.