Overall, the product supports everything already. Feature-wise, because it has something like email protection, monitoring detection, network intrusion detection, it has advanced threat protection.
System Administrator at Abu Dhabi University
Offers email protection, monitoring detection, network intrusion detection, and overall advanced threat protection
Pros and Cons
- "Technical support is very responsive. You just have to open a ticket. They respond in a timely manner. Their response is good. I'm satisfied."
- "The administration interface needs a lot of improvement. It should be UI based, and simple. They need to improve it. It's pretty much not that friendly compared to what we were using as Bitdefender before. It's okay but is improving, actually."
What is most valuable?
What needs improvement?
The administration interface needs a lot of improvement. It should be UI-based and simple. They need to improve it. It's not that friendly compared to what we were using at BitDefender before. It's okay but is improving, actually.
For how long have I used the solution?
I've been using the solution for two to three months.
What do I think about the stability of the solution?
Stability-wise, it's okay. We're not really facing any issues at the moment. It's doing its job, it's detecting things and it's reporting it to us, so it's pretty much right on doing that. We did face some issues with applications being blocked, but that's an actual feature of the AV itself so it's not really a problem. Stability-wise, it's okay.
Buyer's Guide
Symantec Advanced Threat Protection
October 2024
Learn what your peers think about Symantec Advanced Threat Protection. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What do I think about the scalability of the solution?
We haven't added any actual features but we counted on having around 2,000 licenses on it. We're licensed for 2,000 users, so it detects everything. If an agent is connected to the manager itself or the to server, it automatically detects the license so we don't really have to do anything on that end. We would know right away how much is being used and how much we need to scale. We are also using this solution for our servers, so around 150 servers and the rest of the licenses are for end-users. We have it installed on most of our workstations now.
How are customer service and support?
Technical support is very responsive. You just have to open a ticket. They respond in a timely manner. Their response is good. I'm satisfied.
Which solution did I use previously and why did I switch?
We previously had BitDefender and we have been using it for our advanced protection. We decided to change because we didn't have any product updates from them. We were looking for what upcoming features or additions that they could offer to us, but they didn't, so that's why we tried to search for a better solution that would actually cater to everything. We wanted just one agent that supports multiple endpoint protection like malware, SONAR or network intrusion, advanced threat protection, behavior analysis. Just one agent for everything. We didn't want multiple agents so that's what we were looking for, and we switched.
How was the initial setup?
The initial implementation was a little bit complex because you have to set up a lot of databases and connectivity between the databases and it's tricky because it's Windows-based. If it could have been a Unix or a Linux based, it would have been pretty straightforward, it would have its own database and everything.
What about the implementation team?
We had the help of a partner during implementation.
What other advice do I have?
Overall I can recommend the product. It's pretty much the best for protecting from intrusions or other malicious items that are coming from the endpoint and the servers. If you have the ATP software, it will actively seek out whatever is being affected inside it because it has PFM threat protection enabled for it. Each of these features is not normally found for endpoint protection.
I would rate this solution 8 out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at ABM Info. tech
Easy to set up and quick to deploy but needs to be more scalable
Pros and Cons
- "Technical support has been helpful and responsive."
- "Scalability could be better."
What is our primary use case?
We have two departments, two clients on Advanced Threat Protection.
Advanced Threat Protection usually helps in identifying and protecting against non-signature virus attacks. With this product, you can protect yourself from attacks.
What is most valuable?
The solution has proven so far to be quite stable.
It's mostly an effective product and it's good to have on the side.
We have found the initial setup to be simple. The deployment is also very fast.
Technical support has been helpful and responsive.
What needs improvement?
Scalability could be better.
For how long have I used the solution?
We've been using the solution since 2015. It's been quite a few years at this point.
What do I think about the stability of the solution?
The stability is excellent. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
The solution is slightly scalable. It's not diverted to different collectors so that they can perform effectively, however. It could be more easily scalable.
We have a few customers on this solution.
How are customer service and support?
Technical support is great. They are helpful and responsive. We're quite satisfied with the level of support that's available.
How was the initial setup?
The initial setup is very straightforward. It's not overly difficult and not complex. A company shouldn't have any issues with the process.
The deployment might have taken two hours. It's quite fast.
What's my experience with pricing, setup cost, and licensing?
Customers do have to pay in order to receive a license. It's a yearly license.
What other advice do I have?
I'd rate the solution at a seven out of ten. It's mostly okay, however, it could be better in some areas.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Symantec Advanced Threat Protection
October 2024
Learn what your peers think about Symantec Advanced Threat Protection. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Lead IT Security Consultant at Compliance Data Systems Kft.
Good incident management and great integrations but needs to improve its on-premises appliances
Pros and Cons
- "The incident management on the solution is very good. You get a lot of detailed information about an incident. You also get a lot of documentation in connection with the CVI or integration."
- "Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly."
What is our primary use case?
We primarily use the solution for its integration capabilities.
What is most valuable?
Their integrations are pretty good as are their Sandbox solutions, their proxies, and their LTAs with API or ICAP protocols.
Symantec has good experience in the field. They're good at picking up on trends.
They have one of the biggest background cloud networking internet solutions due to the fact that they have a lot of customers everywhere in the world and they have a lot of data.
The incident management on the solution is very good. You get a lot of detailed information about an incident. You also get a lot of documentation in connection with the CVI or integration.
If you have to integrate it with CM solutions, you can correlate data more with other solutions, for example, with firewalls. The result of this integration is that it gives you much more information.
There are customers where the engineers have enough time to investigate all of the incidents. However, you can also collect this data in a CM and then in an incident and response management solution. It ends up saving a lot of time
What needs improvement?
Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly.
Symantec ATP doesn't offer add-ons or anything of that nature. It's a closed architecture, a closed system. It's based on a Linux OS, and we haven't got a lot of privileges to change anything.
That said, if you are integrated with content analysis, then you have to use a lot of very good add-ons for the content analysis to find and analyze and investigate. If you only have ATP it's not enough to be effective. You have to use other solutions from Symantec, like its content analysis. You have to integrate the messaging gateway or email security and so on.
For how long have I used the solution?
I've been using the solution for two years.
What do I think about the stability of the solution?
The solution is mostly stable. However, these types of solutions can be blocking items and will need to be adjusted. If you have any LAN, for example, and an on-premise solution, then you need to change it. When you do you will lose the connection. Therefore, if you have LAN solution, you need to change the mode out of work hours.
What do I think about the scalability of the solution?
In terms of the on-premises appliances, you need very big appliances to handle the storage. Users of on-premises solutions really need to size things up correctly at the outset, as it isn't easy to scale a physical environment.
How are customer service and technical support?
We've contacted technical support in the past.
As of right now, with the Broadcom acquisition, many people are changing roles which causes support to be rather slow. The senior engineers are now moving to premium support. Due to these changes the customers aren't the happiest as they have to wait longer for help or information. This has only been happening for about a year, which, in thte scheme of things, isn't too long.
Which solution did I use previously and why did I switch?
We've worked with Palo Alto in the past and have just started using Check Point.
How was the initial setup?
Whether the initial setup is straightforward or complex depends on on the company and its requirements and if it plans to integrate the solution into other products.
Deployment times vary; it really depends on the organization's existing architecture and on the integration. For example, if you like to only implement systems for the EDR facility, all the EDR, along with the manager, is a pretty fast process. However, if you would like to integrate it with your email security or with your web proxy, or with anything else, that will be complicated and will lengthen the processes. The implementation can take anywhere from one month to one year.
What's my experience with pricing, setup cost, and licensing?
The solution isn't the least expensive option. Other solutions do cost more, however.
What other advice do I have?
We have been platinum partners with Symantec.
The solution is at a bit of a crossroads due to its acquisition by Broadcom and they changed their EDI solution because Broadcom had an EDI network solution too. There were EDI scanners in the network, but it's on the side. Now they have a new direction in this area, due to the fact that they want to solve these processes only from the endpoint side. Frankly, I am still waiting for the restart of this new direction. I do not think it's enough.
While most deployments are using on-premises, we have some hybrid and cloud solutions too. It depends on the customer.
Whether or not this is a suitable solution for a company depends on its network and requirements. Different products offer different benefits. A company needs to shop around to see which fits best. For example, it's not the best solution for enterprise companies. Also, their price is not the cheapest, however, there are many more that are more expensive as well.
I'd rate the solution seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Asst. Manager System Administration at Saudi Re
Protects us from email threats that include file attachments and embedded URLs
Pros and Cons
- "The most valuable feature is Click-time URL protection."
- "There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed."
What is our primary use case?
We use this solution for email threat protection. It automatically scans our emails, including attachments. It also provides a sandbox feature.
It is hosted within the Symantec cloud.
What is most valuable?
The most valuable feature is Click-time URL protection. If there are any URLs in the email then they will be automatically scanned, and then opened.
What needs improvement?
The support for this solution can be improved because we are not receiving alerts for maintenance.
There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed. For example, you can only block three thousand IPs.
For how long have I used the solution?
I have been using this solution for two years.
What do I think about the stability of the solution?
In the past two years, we have had no issues with stability. We have had ninety-nine percent uptime.
What do I think about the scalability of the solution?
We have one hundred and twenty-five users for this solution, and we plan to increase our usage in the future.
How was the initial setup?
The initial setup of this solution is straightforward. It is cloud-based and not complex.
What about the implementation team?
We did the configuration ourselves. We only needed to set up the IPs for the incoming and outgoing mail servers.
What's my experience with pricing, setup cost, and licensing?
The pricing of this solution is inexpensive and affordable.
What other advice do I have?
This is a good solution, and whatever our requirement is, all of the features are there.
I would rate this solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Director of IT Operations at a comms service provider with 10,001+ employees
It's very helpful from a centralized administration point of view
Pros and Cons
- "It has certainly helped out our audit efforts because we each stay compliant in terms of various security standards."
- "An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance."
What is our primary use case?
Endpoint production is to protect our laptops. So, we use it to secure our corporate laptops.
How has it helped my organization?
It has certainly helped out our audit efforts because we each stay compliant in terms of various security standards. So, it's pretty good detecting.
It's very helpful from a centralized administration point of view, e.g., doing policy updates.
What is most valuable?
It works all the time. We do test against it by doing penetration testing and other things. It triggers and block these attacks. We think it holds up, but there's always zero-days.
What needs improvement?
What we want to do is be able to customize some of this on the administrative side. Right now, it is pretty much turnkey. Therefore, it would be nice if we have more customization. We would also like alerting, not to just to the end users, but to the administrators, when something happens.
An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance.
What do I think about the stability of the solution?
It has been around for awhile. It has had several revisions which we have through, and it's stable.
What do I think about the scalability of the solution?
It scales fine because it runs on individual laptops.
How are customer service and technical support?
I have never tried to contact the technical support.
Which solution did I use previously and why did I switch?
We do security scans. We started to detect with security scans that there is no blocking, or we can actually compromise a laptop, we do internal testing and determine if it's time to move to another product.
We previously had a cloud-based solution by Symantec, but switched to this internally managed, centralized solution when we were acquired. The products are similar just meant for different types of organizations: large enterprises (this solution) vs SMBs (cloud-based solution).
How was the initial setup?
The initial setup was pretty straightforward because the team that came in and helped us deploy it had already done so in various other business units within our parent company. They had done this setup many times.
What about the implementation team?
We had an internal deployment team which handled it. Therefore, we do not have to use an integrator at all. However, our parent company is pretty big and they have a large IT team who handles deployment.
What was our ROI?
It decreases our downtime for laptops by protecting them.
What's my experience with pricing, setup cost, and licensing?
Pricing is covered by our global procurement team. It is the solution that they chose.
What other advice do I have?
It's a solid solution.
Do your testing. Get a trail edition. Try to attack it with malware in your lab. See how it will stand up in a bake-off.
The key thing is to keep up with all the industry changes. There are more services running on the cloud and figuring out how to do that.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Infrastructure Team Lead at a comms service provider with 1,001-5,000 employees
Stable with good line protection; advanced threat protection is somewhat lacking
Pros and Cons
- "Endpoint to network protects the line."
- "Not ideal for advanced threat protection."
What is our primary use case?
We use the solution for endpoint protection. I'm an infrastructure team leader and we are a customer of Symantec.
What is most valuable?
Endpoint to network is a good feature, it can protect the line.
What needs improvement?
In general, improvements can be made but nothing specific. I think SonicWall and McAfee are better solutions. I think this is a good solution for someone looking for endpoint protection but not so great if you're looking for advanced threat protection.
For how long have I used the solution?
I've been using this solution for about six years.
What do I think about the stability of the solution?
I think this is a stable solution, we haven't had any bugs or glitches.
How are customer service and technical support?
I've contacted technical support many times, they are quite good and helpful.
How was the initial setup?
Initial setup is relatively straightforward, deployment on our systems took about two or three months. We deployed with our own team.
What other advice do I have?
I would rate this solution a seven out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Competitive Engineer at a tech vendor with 1,001-5,000 employees
Offers elaborate detection features and provides information linked to each of the attacked computers
Pros and Cons
- "They manage to solve detection quite nicely. There is some rather elaborate detection compared to other providers."
- "It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case."
What is most valuable?
They manage to solve detection quite nicely. There is some rather elaborate detection compared to other providers. Most of the providers of the security software offer a threat graph, for example, so you can see how the menace propagates throughout the infrastructure. Symantec also provides a small set of information linked to each of the attacked computers. It provides a bunch of information that I find useful.
What needs improvement?
The endpoint protection looks old.
Another issue is in the deployment requirement for the ATP single instance. They should work on lowering, for example, the storage requirements which is around one terabyte but only for one ATP instance. The whole product works for more complex infrastructures and is designed to work with more than one instance, so you can imagine the requirements.
It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case.
For how long have I used the solution?
I've been using the solution for three to four months.
What do I think about the stability of the solution?
I didn't evaluate the stability of the solution but it didn't crash after installing. It's been working nicely. I cannot provide a definitive response. Normally, I would test this part of it using some kind of test, libraries and so on but I didn't do that.
What do I think about the scalability of the solution?
For the EPP, it seems like it was initially designed for the small business segment. The scale and scalability are poor. For the ATP, it is well designed with scalability in mind even with the most complex deployment possible.
According to that documentation, it should scale up to a much higher level of complexity. So, scalability seems acceptable in my opinion. We have about 90-100 licenses right now.
How are customer service and technical support?
I've never had to contact technical support.
How was the initial setup?
For EPP, Endpoint Protection Product the setup easy. You can almost set it up blindfolded.
For ATP, I bumped into some documentation with misleading paragraphs. The video appliance requires three network interfaces and the documentation is confusing because they are, on one side, documented and seen from the internet. On the other side, they have been named as seen from the internal video appliance. There is no real correlation between these two. You scratch your head two days trying to figure it out. They should at least document it much better.
Which other solutions did I evaluate?
Over the last few years, I have had the opportunity to test and evaluate a lot of solutions, specifically security software enterprise-class solutions. I don't know how we came to the conclusion that Symantec was the answer. I don't consider that this is the best solution for me but it's a serious product and it deserves appropriate attention.
What other advice do I have?
I would recommend GravityZone over the Symantec package.
Symantec has a lot of products which are working individually and separately and in the last two or three years, they have tried hard to integrate one with the other. ATP has had some serious features cut, and they're not working timing-wise if you don't integrate it with endpoint protection. My advice to the company would be to either make them work individually, separately or to integrate them seriously.
The dependency between several separately sold products from Symantec is bothersome. You buy a product, for example, Endpoint Protection and, a lot of the features only work if you buy also another product, say ATP. If you want the network detection or manage services or whatever other technology you have to buy another product which also integrates with the first and the second one, and so on.
This is one of the reasons that I like GravityZone because it has everything inside. The worst part is that you don't buy the license for some feature that's inside. They are already there, they are already working. You can at least deactivate them if you don't buy the add-on license. Symantec has the exact opposite perspective. You have to buy each individual product and then integrate them. For a small company, the integration part is easy. If you have 500 endpoints, you integrate three or four and separate the security products, it's done. If you have a complex company with branch offices and separate domains etc. the integration part may take you months of work because the products are separately sold which is bothersome.
I would rate this solution between 8 or 8.5 out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CyberSecurity Operations Lead at a computer software company with 1,001-5,000 employees
Good threat protection, but cloud capabilities need improvement and technical support is poor
Pros and Cons
- "All of the solution's features are quite valuable for us. We especially like the threat protection it provides."
- "The cloud platform needs to have improvement in terms of the user interface and the different capabilities it has available. It needs to match the other leading next-gen EDR products that are available in the market. That's the reason why we are stepping away from Symantec. Their cloud environment is just generally lacking in comparison to others."
What is our primary use case?
In general, we use the solution as our endpoint protection. It's an additional layer, and it's our endpoint security for our antivirus product for the company.
What is most valuable?
All of the solution's features are quite valuable for us. We especially like the threat protection it provides.
What needs improvement?
The cloud platform needs to have improvement in terms of the user interface and the different capabilities it has available. It needs to match the other leading next-gen EDR products that are available in the market. That's the reason why we are stepping away from Symantec. Their cloud environment is just generally lacking in comparison to others.
If they could intercept the detection on the different kill chain analysis that would be great.
For how long have I used the solution?
We've been using the solution since the inception of the company. I personally have been working with it for three years.
What do I think about the stability of the solution?
Whenever there's a new update we have some issues. The on-premise product would crash and would not function so we would have to reach out to Symantec.
What do I think about the scalability of the solution?
The scalability of the solution is good. I'd rate it eight out of ten. About 96% of the company uses the solution.
How are customer service and technical support?
The support team that Symantec offers didn't know how to solve issues even though they referred to themselves as "engineers". They are not really that experienced and well versed in the product. We've been complaining to Symantec on their support because most of them are actually not able to help us whenever we have problems.
Which solution did I use previously and why did I switch?
When I joined the company, Symantec was already in place.
How was the initial setup?
The initial set-up was complex.
What about the implementation team?
Our team handled the implementation internally. We did it without the support of Symantec.
What other advice do I have?
We originally deployed the on-premises model, but over the past year, we've started to use the cloud deployment as well.
It would be really great if we had some involvement from Symantec's side. Some of the other endpoint protection products in the market or other companies who are selling the same product, are, in my experience, really helpful. That's one thing that's lacking on the Symantec side. For those considering implementing the product, try to get Symantec as involved as possible. It would be better.
I'd rate the solution six out of ten, based on the cloud capabilities and the privacy offered.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Symantec Advanced Threat Protection Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Advanced Threat Protection (ATP)Popular Comparisons
Microsoft Defender for Office 365
Palo Alto Networks WildFire
Microsoft Defender for Identity
Trellix Network Detection and Response
Fortinet FortiSandbox
Check Point SandBlast Network
Buyer's Guide
Download our free Symantec Advanced Threat Protection Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How much do independent test results affect your security purchases?
- Holding Security Vendors Accountable
- What can businesses do to improve their security posture?
- When evaluating Advanced Threat Protection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- Compromise Assessment vs Threat Hunting
- What are the main evaluation criteria for you when choosing the right vendor for brand protection services?
- Why is ATP (Advanced Threat Protection) important for companies?
I my opinion Application and browser isolation is the future, and crucial to properly layering protections again email threats born in phishing attacks.