The solution is easy to deploy on both on-cloud and on-premises infrastructures.
Easy to deploy and has a good stability
Pros and Cons
- "The solution is scalable."
- "Its UI could be more user-friendly."
What is most valuable?
What needs improvement?
The solution's price could be better. Presently, it is expensive for basic functionality. Also, they should make its UI more user-friendly. It takes time to find the policies and analyze their effects. They should add a customization option for policies. In addition, they should add more scanning features to it.
For how long have I used the solution?
We have been using the solution for a year.
What do I think about the stability of the solution?
It is a stable solution. I rate its stability as an eight.
Buyer's Guide
Symantec Endpoint Detection and Response
October 2024
Learn what your peers think about Symantec Endpoint Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What do I think about the scalability of the solution?
We have around 150 solution users of the solution in our organization. It is scalable, and I rate its scalability as an eight.
How are customer service and support?
The solution's customer service could be better.
How would you rate customer service and support?
Neutral
How was the initial setup?
The solution's initial setup is straightforward. It takes a day to complete the process.
What about the implementation team?
Our team of three executives deploys and maintains the solution.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive. I rate it as a five for pricing.
What other advice do I have?
I rate the solution as an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant at IBM Thailand
Effective process review, useful machine isolation, and reliable
Pros and Cons
- "There are times when Symantec Endpoint Detection and Response tags an executable as malicious when it is trying to get executed on the machine. In this case, it prevents the execution and it gives you a process view of things where you can look into what has happened and whether it is a genuine process trying to access some system activities, or it's a malicious one. Depending upon the process, it gives you a clear identification, and we can do the containment from the interface itself and isolate the machine from the network. The process review on network isolation is good."
- "Symantec Endpoint Detection and Response could improve the reporting. It is very difficult to create reports from the user interface."
What is our primary use case?
Symantec Endpoint Detection and Response is used for threat protection.
What is most valuable?
There are times when Symantec Endpoint Detection and Response tags an executable as malicious when it is trying to get executed on the machine. In this case, it prevents the execution and it gives you a process view of things where you can look into what has happened and whether it is a genuine process trying to access some system activities, or it's a malicious one. Depending upon the process, it gives you a clear identification, and we can do the containment from the interface itself and isolate the machine from the network. The process review on network isolation is good.
What needs improvement?
Symantec Endpoint Detection and Response could improve the reporting. It is very difficult to create reports from the user interface.
For how long have I used the solution?
I have been using Symantec Endpoint Detection and Response for approximately six months.
What do I think about the stability of the solution?
Symantec Endpoint Detection and Response is a stable solution.
What do I think about the scalability of the solution?
The stability of Symantec Endpoint Detection and Response is good.
We have the solution running on 3,000 endpoints. After two years after we have more clients, we might increase usage.
How are customer service and support?
I have not contacted support. The administrator of the platform is taking care of the support for us. They might have contacted the support but I have not.
Which solution did I use previously and why did I switch?
I have not used another solution previously.
How was the initial setup?
The initial setup of Symantec Endpoint Detection and Response is straightforward.
What about the implementation team?
We have three people that are supporting the solution.
Which other solutions did I evaluate?
I have evaluated McAfee.
What other advice do I have?
I would recommend this solution to others.
I rate Symantec Endpoint Detection and Response an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Symantec Endpoint Detection and Response
October 2024
Learn what your peers think about Symantec Endpoint Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Project Manager at a consultancy with 501-1,000 employees
Threat protection that is priced well, easy to deploy, and allows you to use the same agent for detection and response
Pros and Cons
- "The most valuable feature is that the same agent can act as the endpoint detection and response agent."
- "Reporting is a major issue, as it is not user friendly."
What is our primary use case?
The primary use case of this solution is for protection.
What is most valuable?
The most valuable feature is that the same agent can act as the endpoint detection and response agent. You don't need to deploy an additional agent. As you do with other solutions.
If you try to deploy a new solution you have to replace the existing agent with a new agent, but with Symantec, you can use the same agent.
What needs improvement?
Reporting is a major issue, as it is not user friendly. It's the biggest challenge we are facing. I have raised this issue multiple times.
With virus detection, if one OEM vendor is detecting the virus at 1:10 am, within 24 hours all others will detect it. For example, Symantec will detect the virus, then McAfee will detect it then Trend Micro, all within 24 hours, everyone will have it covered.
In the next release, I would like to see the option to customize the report as per our needs, and better reporting in general.
For how long have I used the solution?
I have worked with all Symantec products. Detection and response is a new technology that they have come up with and I have been working with it for two years.
What do I think about the stability of the solution?
If the solution is updated regularly then there is no challenge with stability.
What do I think about the scalability of the solution?
This solution is definitely scalable.
How are customer service and technical support?
The technical support is very bad. It's been outsourced. The level one support does not have the expertise to support people properly, from a technical perspective.
I'd say that the level of understanding has been reduced as a result of outsourcing to a third party.
Which solution did I use previously and why did I switch?
Previously, I was working with Trend Micro. Before the detection and response were included, I would have recommended Trend Micro. However, Symantec Endpoint has now taken the lead.
Endpoint detection and response have not been developed into Trend Micro.
How was the initial setup?
The initial setup is straightforward. It's not complex. You will have to license it, then you are good to go.
If you try to establish the replication then you should plan it properly. If you do proper planning then it manages well. As an example, with one of my customers, I updated 3,000 machines that were in remote sites in less than a month's time.
What's my experience with pricing, setup cost, and licensing?
The price is okay, but it really depends on the customer's requirements.
What other advice do I have?
I am a user of Symantec as well as an admin with the Symantec support team. I was the technical support account manager and I would support other customers.
Symantec release updates two or three times per day. If you have a low bandwidth it will never get updated, although there are options to resolve this.
First, you have to decide on your requirements and what features you are looking for, then you can consider any endpoint detection and response solution.
There are good products on the market; there is one in particular that is cloud-based, where you don't need a single investment, but you will need to have good bandwidth.
Before looking for any solutions the planning must be done.
Overall, this is a good product but it is still in the early stages and there are some improvements that need to be made.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Threat Analyst at SA RVE Bank
Quick and easy to set up with good reliability
Pros and Cons
- "The pricing is good."
- "They do need to minimize the number of agents installed on a server."
What is our primary use case?
It's part of the endpoint and is an EDR product. There are many use cases we're looking at, including power share and general detection.
What is most valuable?
The initial setup is quick and easy.
We found the product to be scalable.
The stability is good. It's reliable.
The pricing is good.
Technical support is okay.
It's easy to add hash files.
What needs improvement?
I have not picked up anything that is lacking in terms of features while using this tool.
They do need to minimize the number of agents installed on a server.
The response time for technical support takes too long.
For how long have I used the solution?
I've been using the solution for two and four months years now.
What do I think about the stability of the solution?
The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. it's reliable.
What do I think about the scalability of the solution?
The solution is scalable. That's not a problem.
We have about 2,500 endpoints. It's actually even more than that as it is deployed on the server as well.
How are customer service and support?
While technical support is great, it does take up to two days before I get a response. They are a bit slow.
How was the initial setup?
The implementation process was quick and easy, and we didn't need a DBU, a database administrator.
Two people handled the initial setup it was done over one day.
What about the implementation team?
Our team handled the deployment in-house. We didn't need any outside assistance.
What's my experience with pricing, setup cost, and licensing?
The cost of the solution is affordable and manageable.
What other advice do I have?
We are a customer and an end-user.
I'd rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at Suraksha
IPS and user interface are great; includes deception technology component as part of SEP
Pros and Cons
- "IPS and the user interface are good features."
- "The network forensics feature could be improved."
What is our primary use case?
In the past, we deployed for Government organizations and right now we are dealing with a financial institution that is considering implementing Symantec. We primarily work in the Middle East and Australia. We are Symantec partners and implement the solution for our clients. I'm a security engineer.
What is most valuable?
I like the IPS , GIN and the user interface, they are good features and simple to use. In addition to that, I believe that Symantec is the only vendor that actually includes the deception technology component as part of SEP.
What needs improvement?
I think the network forensics feature could be improved. It's not part of SEP, but it's part of the package and I think that could be improved because we need the decryptor. Without that you can't actually decrypt the SSL traffic going in the network. If the solution could be completely software-based, it would be a formidable product.
Symantec could include that as an additional feature, it's something that other solutions provide. Secondly, instead of just making it endpoint deception, they could make it network deception as well and that would make it a complete endpoint protection solution.
For how long have I used the solution?
I've been using this solution for the last 12 months.
What do I think about the stability of the solution?
The stability of the solution is fine.
What do I think about the scalability of the solution?
We haven't had any issues with scalability. Three months ago we put in a bid where they initially wanted 300 users, but then decided they wanted to scale up to 7,000 users. Symantec had no problem with that. It just requires preparation by taking into account the increased number of endpoints.
How are customer service and technical support?
Technical support is very good.
Which solution did I use previously and why did I switch?
We used McAfee and Trend-Micro previously, but we didn't get many good reviews for the product. Once we switched to Symantec, the market responded well so we switched to pushing that. We depend a lot on market feedback and after speaking to a lot of cyber experts in the information security field, they said they wanted Symantec. It's pretty much based on market feedback.
What's my experience with pricing, setup cost, and licensing?
Deploying on-prem makes Symantec a very expensive product but if it's being deployed on cloud it's quite cheap. We lost a lot of bids when we proposed on-prem deployment because of the high cost.
What other advice do I have?
I would definitely recommend Symantec because the company provides great support from its engineers. Whenever we've had any issues, we give them a call and 10 or 20 minutes later, they make contact. They're also very good at helping us quote for tenders and they negotiate well.
I would rate this solution an eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Senior Manager IT at Ami Organics
Scalable, reliable, but support could improve
Pros and Cons
- "Symantec Endpoint Detection and Response is stable."
What is our primary use case?
Symantec Endpoint Detection and Response is used for the protection of endpoints.
For how long have I used the solution?
I have been using Symantec Endpoint Detection and Response for approximately four years.
What do I think about the stability of the solution?
Symantec Endpoint Detection and Response is stable.
What do I think about the scalability of the solution?
The scalability of Symantec Endpoint Detection and Response is good.
How are customer service and support?
The technical support from Broadcom has given us some challenges. Previously, they had experienced people who handle the end user's query and escalate the problems within a good timeframe. Since Broadcom took over, we have not been satisfied by the way they are handling the end user's query or end-user support.
How was the initial setup?
Symantec Endpoint Detection and Response
What about the implementation team?
We have a partner that has helped us with the implementation, configuration, and policies.
What other advice do I have?
Determining if this is the right solution for someone depends on the region or what type of partner they have. Broadcom user support might be different in your region but we are in the Asia Pacific region is not good. I don't know who is providing the proper support.
I rate Symantec Endpoint Detection and Response a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Vice President, Head of Infrastructure, Information Systems Group at a financial services firm with 10,001+ employees
Good in terms of malware detection and scalability, but unpredictable pricing is a cause of concern
Pros and Cons
- "It is mostly used for malware detection and antivirus purposes."
- "It would be good if it can anticipate zero-day attacks. I don't know how it can be done and if it is even a feature of this product."
What is most valuable?
It is mostly used for malware detection and antivirus purposes.
What needs improvement?
The unpredictability of the pricing is a cause of concern.
It would be good if it can anticipate zero-day attacks. I don't know how it can be done and if it is even a feature of this product.
For how long have I used the solution?
I have been working with this solution for more than three years.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
We haven't had any issue with scaling the product. Its scalability has not been an issue.
Which solution did I use previously and why did I switch?
I have used Sophos in another company, but that was almost 10 years ago.
How was the initial setup?
I was not a part of the installation team. When I arrived, it was already there.
What's my experience with pricing, setup cost, and licensing?
Of late, because of the Broadcom purchase, its price has been increasing.
What other advice do I have?
I would rate it a seven out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Architect at a tech services company with 11-50 employees
Easy to scale and setup, but should offer more granular timeline analysis
Pros and Cons
- "The setup is quite easy."
- "It would be nice to see more granular timeline analysis."
What is our primary use case?
We employ the latest version.
Our clients make general use of the solution for endpoint detection. They are interested in its EDR capabilities.
What is most valuable?
There is no need to do an additional installation for the EDR, as the one belonging to Symantec is pretty much dependent on the endpoint agent, which is already deployed. This is my favorite feature, as it saves a person from the complexity involved in the deployment of additional EDR agents.
What needs improvement?
The solution should offer more features, such as ones which are forensic and timeline.
The tech support was very bad in the immediate aftermath of the merger, although it is now slightly better. The problem came down to the ownership of the case. Support was horrible when the Broadcom entered the picture, but they have done much work in this area and things are mostly better.
It would be nice to see more granular timeline analysis.
For how long have I used the solution?
We have been using Symantec Endpoint Detection and Response for ten years.
What do I think about the stability of the solution?
While the earlier version had many bugs, the current version is relatively quite stable.
What do I think about the scalability of the solution?
The solution is easy to scale and its methods of deployment are totally up to the needs of one's organization, be them on-cloud, on-premises or hybrid.
How are customer service and support?
Just following the merger, the tech support was very bad, although it has since slightly improved. Ownership of the case was the real issue. At the time when the Broadcom came into the picture, the support was terrible, yet much work in this area has since been undertaken and things are, for the most part, better.
How was the initial setup?
The setup is quite easy.
What's my experience with pricing, setup cost, and licensing?
I do not deal with the pricing. As such, I cannot comment on it.
What other advice do I have?
The method of deployment varies with the client.
Rather than handling the implementation on one's own, it is important to engage a good system integrator. Although a person's expertise may make the process seem straightforward, the experience a good system integrator brings to bear can benefit one beyond what is written in the documentation. Such a person can evaluate one's infrastructure and advise on the best approach.
I rate Symantec Endpoint Detection and Response as a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Symantec Endpoint Detection and Response Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Endpoint Detection and Response (EDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
Elastic Security
Intercept X Endpoint
VMware Carbon Black Endpoint
Trend Vision One
Trellix Endpoint Security (ENS)
Bitdefender GravityZone EDR
Kaspersky Endpoint Detection and Response Expert
Fidelis Elevate
WatchGuard Threat Detection and Response
Sangfor Endpoint Secure
Buyer's Guide
Download our free Symantec Endpoint Detection and Response Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?
- What is the best EDR or XDR product for a company with 9000 employees?
- What to choose: an endpoint antivirus, an EDR solution or both?
- Do we need to use both EDR and Antivirus (AV) solutions for better protection of IT assets?
- How does EternalBlue work?
- What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?
- What is Mimikatz?