Symantec Endpoint Security Enterprise Reviews

We use the solution for all endpoint systems.

We use it for EDR.

The primary feature of the solution is antivirus scanning with IPS. It blocks viruses and uses a signature database, ensuring robust protection when configured correctly to meet our requirements.

The solution could improve its speed, threat coverage, and the tool's functionality. There are concerns regarding the tool's usability, particularly its dashboard and managing user data such as cache memory. For instance, it encounters difficulties when users switch between different Wi-Fi networks, leading to disruptions in connectivity. These issues need to be addressed to ensure better scalability and user experience. There are performance issues during full or manual scans, which negatively impact system performance.

It should be integrated with AI and machine learning because many threats are becoming increasingly sophisticated, necessitating advanced detection capabilities. Additionally, it should include features for IoT security to safeguard IoT devices. This would enable us to implement security measures tailored to IoT hosts. A setup with agent-based scanning specifically designed for IoT devices would be advantageous for optimal protection.

I have been using Symantec Endpoint Security Enterprise for eight years. We are using V14 of the solution.

The product is stable. Sometimes, the system performance goes down during a full scan.

I rate the solution’s stability a seven out of ten.

The main issue lies in its compatibility with extensions and add-ons. This lack of scalability affects its ability to handle user data, such as cache memory. When a user switches between different Wi-Fi networks, like personal to office Wi-Fi, while travelling, Symantec Endpoint Security Enterprise blocks the MAC address of that access endpoint, causing inconvenience. Improvements are needed to ensure users' smoother cache and directory data utilisation.

5,000 users are using this solution.

I rate the solution’s scalability a seven out of ten.

The initial setup is straightforward and takes around seven days to complete. It involves configuring the policies at the Central Console and deploying the package for each endpoint. Some users have reported encountering problems with add-ons during setup and scanning processes.

Two or three people are required for the solution's deployment and maintenance. 

I rate the initial setup a ten out of ten.

The product is expensive.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

Overall, I rate the solution a seven out of ten.

We use this solution to protect our endpoints. We have a default antivirus that we use to protect our laptops. Symantec provides access to the antivirus, so they're not deploying it on our side. We use what Symantec provides to us as their cloud solution. The solution is deployed on cloud.

We have a single console, and it comes with a lot of alerts. Fortunately, I don't see many false positives, so it doesn't really bother us. Most of the time, it bothers users who are prevented from accessing certain websites.

We've thought about exploring additional features, like implementing allowed or disallowed files for programs. We have several of them configured, but there isn't a lot of targeted cybersecurity activity against us.

We use EDR just in case somebody happens to install a compromised application. That way, we can capture the activity through EDR. Symantec Enterprise doesn't include that, but Symantec Complete does.

We don't use the Symantec Global Intelligence Network, but it's part of Symantec Enterprise Complete.

In our environment, we're protecting more than 30 endpoints. We have three administrators who monitor the solution, but most of the time it just works.

We could increase usage, but it depends on the cloud because our cloud is pretty closed in terms of hosting. There's not much happening in our environment, so antivirus isn't really a concern, but we do have Symantec on some key hosting infrastructure that protects the cloud in terms of bringing un-installable files into the environment. The rest is protected.

Network activity is really hard to monitor. When it comes to network threats, Symantec has definitely helped with that. We're concerned about it because the solution blocks it.

Our users are mostly working from their home computers and home networks. The problem with home Wi-Fi is that your children or partner could get malware on their laptops and because you're in the same network, you could get attacks on a corporate laptop. I would rather have a solution that has strong network protection.

Symantec helps us reduce indicators of compromise. It's important to us to reduce indicators of compromise for our organization, primarily with malware protection and cloud-based threats, because we have a fair amount of files coming in and out of the organization. It's useful for network protection and Wi-Fi protection when users go outside of the office network and are working from home or using public Wi-Fi or any other Wi-Fi. I'm happy that we have much better protection in place.

Symantec helps prevent unknown attacks. We have some servers exposed to the internet on common ports, and it seems to stop all kinds of different network probing activities. I don't know how well it prevents serious attacks because we don't have that many activities in our report.

Symantec helps us secure our performance using a multi-layered strategy. Apart from Symantec, we use other solutions to control what's happening on the endpoint. In terms of additional features, Symantec has a good idea when it comes to Data Leakage Protection. There's a separate product there. It looks pricey, but they claim to have a good approach to protection when it comes to the internet resources you're accessing, not just normal file-based activities.

I think it's important because these days, every single company is worried about how to not lose customer data. Customers lose data all the time, but we're a service provider, so we can't lose any customer data for obvious reasons. 

The Symantec Single Agent is quite good for attack prevention. It's just one agent that you deploy and forget about. It updates by itself in the console, and we can see what's happening and whether any agent is responding or not responding. Even with the enterprise option, it comes up with a sufficient amount of details about what's happening on the laptops. If necessary, we can easily change policies, which is also a wonderful approach. Generally, it helps us with our basic needs.

Symantec hasn't helped us consolidate our security stack because Symantec is very much concerned with what Symantec does. If you look at what AWS does with Guard Duty, AWS is looking at creating a single platform that can feed logs and get logs from a variety of different tools into one aggregated view. Symantec is a platform that just thinks about Symantec.

I think this is because of what's happening in the market. A lot of companies want to have a modular solution that can easily unplug the internet protection and plug in a different solution. The process would be like having a cloud proxy. Without a single dashboard and a single monitor for the security separation center, the reality is that it isn't going to work.

If we ever decide to aggregate it, I think we'll be looking at Symantec's options to use the API integration and actually fetch data from Symantec Cloud into the cloud platform. It's going to be something that we have to build in order to create one single view across multiple different tools.

Anti-malware is the most valuable feature. We trust Symantec for protection, and we like the idea that Symantec is preventing us from accessing certain websites that are known for containing malware. It gives us general protection of websites through the browser. There isn't much of a need for the antivirus because the number of cases when antivirus would be necessary is generally going down across the market. There aren't that many cloud-based antivirus solutions.

We also like that Symantec monitors Wi-Fi networks. If something bad comes and the public Wi-Fi isn't trusted, they recommend the users to disconnect and have an option to force the VPN connection. We're looking at moving to Symantec Complete because it has additional EDR functions and several additional features that we would like to use. The price is also good, so it was an easy choice.

They have releases a couple of times a year. The last one was in November or October. They have a lot of research and development. I'm sure that they're looking at the competitors, like Trend Micro or CrowdStrike, and they're trying to figure out what to do with those competitors, how to handle them, and how to improve over what the competitors are able to do.

It could be more responsive and have fewer delays.

We don't spend a lot of time in the platform, but it's working well. It seems like the console was written a long time ago, and sometimes the browsers have problems with updating the console because there are heavy Java issues. Maybe they'll rewrite it eventually to make it more suitable.

I have used this solution for several years.

It's absolutely stable.

We're a small company, so the scalability is very straightforward when it comes to grouping devices into different groups and applying different policies against different groups. The endpoints are grouped based on the functionality and the kinds of policies that we want to apply.

We've never used tech support. There was a time when we wanted to migrate from Enterprise to Complete, and we heard stories about how Symantec completely pulled out of the Australian and New Zealand market. We received a really good technical rundown from Symantec and the people working in Canberra. They were absolutely professional. 

We used technical resources to explain certain features and functionalities. One of the wonderful things about that communication was that unlike CrowdStrike, we didn't feel extreme sales pressure. CrowdStrike gets into a sales-driven mode.

I would rate the technical support as nine out of ten.

Setup is straightforward. From my perspective, the solution is pretty flexible. We haven't had any problems with deploying Symantec.

We predominantly use Workstations from Microsoft. We rarely use Apple Mac OS, but we're able to deploy agents on Mac OS as well. We're a smaller company, so it's much easier for us to deploy the agent on all of our laptops. We don't have the problems that big companies have when they need to deploy hundreds or thousands of servers and endpoint devices.

It's very hard to justify a calculated return on investment because we didn't have a high priority issue that would be prevented by Symantec. A lot of it is driven by compliance.

Even in a smaller company, we need to have people who are responsible for monitoring and following up on what's reported by Symantec or other security operation platforms. We just need to have a dedicated person who takes those tasks and responsibilities into account, follows up on what's going on, updates policies if necessary, and keeps an eye on endpoint protection.

Sometimes, a year goes by without any virus being discovered and eventually people begin to ask why we're paying for all that protection. It's because it seems like nothing is being discovered until the day comes when you actually need it.

If you have a variety of different endpoints, including heavily protected endpoints and some endpoints that are in the field, Symantec allows you to apply different licensing so you don't have to put everything under Endpoint Complete, which is more extensive. You can split it and apply licenses for Enterprise Complete to those devices that need that level of protection. 

For heavily protected servers that mostly deal with file processing or other things that don't have serious exposure, you can just keep them in the standard license. There's flexibility in the licensing.

We recently had the chance to look at CrowdStrike as a tool, and it was interesting to compare the two. To me, CrowdStrike has a lot of attention, but I didn't see much of a difference between what CrowdStrike is doing and what Symantec is doing. The price difference was significant, and by not proceeding with CrowdStrike, we were able to deploy Symantec on more endpoints. 

CrowdStrike has some sort of DLP and other good features like controlling what kind of files have been moved from the net endpoint. Symantec DLP covers more, and there is a fair bit of network protection included in the Symantec solution, which is a valid point for us.

We looked at CrowdStrike because we were curious about the EDR functionality. We provide hosting and application support for a variety of big customers, and all of those customers are concerned with endpoint protection. They want to make sure that their data is not going to leak and that their environments are protected. EDR is one of the requirements that our customers want to impose on us, and therefore we need to deploy it.

I would rate this solution as eight out of ten.

We're going to start using the Complete version. In a few months, we will have a better understanding of how Endpoint Complete works, including the EDR functionality, active protection, and threat hunting.

I employ Symantec Endpoint Security Enterprise primarily for safeguarding end devices. We are safeguarding end-user devices with it.

Managing the dashboard is straightforward and efficient. I appreciate the convenience of accessing all alerts in one place and find configuring policies to be a simple process. Creating and deploying policies to agents is easily accomplished, and the communication between agents and servers is effectively implemented. These aspects are what I find favorable about Symantec Endpoint Security Enterprise.                 

I believe an improvement could be made in Symantec Endpoint Security Enterprise by incorporating a URL blocking feature within the same product. Currently, it requires a separate subscription and agent installation, which I think could be more streamlined for unified management from a single agent.

I have used Symantec Endpoint Security Enterprise since 2015.

In terms of stability, I would rate it as very stable, around a ten. However, when it comes to stability, I would give it an eight, as occasional issues have been observed, particularly with Windows updates and irregularities with the agent.

It possesses excellent scalability, especially in terms of endpoints. I would rate it 10 out of 10. 

It is good however, there is room for improvement in terms of speed and responsiveness. For instance, with Symantec Endpoint, there may be delays in providing resolutions, possibly due to challenges or lower priority for less critical issues. Although the resolution time is currently around four to five hours, there is still a potential for enhancement.

Positive

I have experience with support from Symantec and Kaspersky. In comparing them, Sophos has made significant improvements, making it a tough competitor for Symantec, especially for mid-range companies due to its favorable pricing and features.

Regarding Kaspersky, it is not currently in use due to issues arising in 2016.

I find the deployment process quite straightforward and not challenging.Symantec deployment for a hundred users took around two days. The process involved sending out the agent to the GP, which was time-consuming. Policy creation and other tasks took an additional day. Overall, we achieved 100% deployment within two days, which is satisfactory.

In our team, there are five members who handle this work efficiently. 

I would rate it a seven, indicating a satisfactory and moderate level. Despite being somewhat on the expensive side, it aligns with our long-standing relationship with Symantec, and we find it acceptable.

I believe Symantec is an excellent product with a proven track record over the years. There is no doubt in the quality of their service and support and would rate it 9 out of 10.

The tool is a secure and stable workstation for checking antivirus. The alerting feature helps us see alerts and is easy to control. The main benefit we derive from using Symantec Endpoint Security Enterprise is stability. 

The tool needs to improve its dashboard. 

I have been working with the product for five to six years. 

I rate Symantec Endpoint Security Enterprise's stability as nine out of ten. 

My company has 35 users. 

Symantec Endpoint Security Enterprise's support is good. 

Positive

Symantec Endpoint Security Enterprise's installation is easy. It takes a few minutes to start updating and downloading the new version. We have had no issues with the solution's maintenance. 

The tool fits within our budget. It is not expensive. 

We use the cloud version; hence, the updates are automatically made. I rate the overall solution a nine out of ten. 

I use the solution in my company to protect the endpoints of the employees and make sure that they are well-scanned on a timely basis so that protection from attacks, viruses, and other internet attacks can be provided.

The scanning area of the product should be made a little faster as it is the only area of concern in the tool where improvements are required.

The product offers its own database. It would be great if Symantec Endpoint Security Enterprise's database could be integrated with the databases from other vendors since it can help provide more visibility to users on the day-to-day or zero-day attacks.

From an improvement perspective, the support offered by the product should be made faster.

I have been using Symantec Endpoint Security Enterprise for more than five years.

It is a very stable solution. Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

More than 40 people in my company use the product.

The product is extensively used in my company.

My company has plans to increase the number of users of the product. My company also deals with a very good customer base of products, and we deal with a range starting from 100 users to 50,000 users,

I have experience with the solution's technical support. Sometimes, it is difficult to get an engineer to troubleshoot the problems that we face with the product in our company. There are very niche issues related to the product, which the support team takes days to resolve.

I rate the technical support an eight out of ten.

The product's initial setup phase was straightforward.

The solution can be deployed in two or three hours.

The deployment process of the product is straightforward, especially for those who have worked on it for a few months or have a little bit of training related to the solution. The product provides documentation and has a few videos that are available on the internet, which are good enough to help the users deploy the solution in their environment. The product is user-friendly to implement and maintain.

If the product is used on the cloud, then there is no need to follow any deployment process since it is already available on the cloud, but there is a need to download the agent and deploy the tool. For the on-premises version of the product, there is a need to download the software and configure it.

A regular technical engineer should be able to deploy the product.

My company has many system integrators, and so we dealt with the product's installation process with the help of one of our in-house teams.

The product is not very expensive.

The tool has improved our company's endpoint protection, and my company is happy with the security features that the product provides. The reasons in the aforementioned area are why my company has decided to continue with the product to date.

Symantec Endpoint Security Enterprise is used by small businesses as well as enterprise customers for protection. There are many customers who have been using Symantec Endpoint Security Enterprise as their endpoint security solution for years. The tool is also cost-effective, and it does the job of securing the endpoints.

Symantec Endpoint Security Enterprise's important feature for the security posture of my company stems from the fact that the product protects from malware attacks and viruses on a daily basis, especially in areas where the users mainly use USB drives or go to malicious websites and download software products or files. Symantec Endpoint Security Enterprise's antivirus capabilities offer protection to users, as it scans downloaded files or software to see whether they are good files or bad files. Based on the reputation, the tool will delete them or allow them to be downloaded. USBs are blocked in our organization with Symantec Endpoint Security Enterprise, and this is one of the main use cases of the tool. My company has given access only to a few members to be able to use USBs, and it is controlled by a feature known as device control in Symantec Endpoint Security Enterprise.

I rate the product's threat detection and response capabilities an eight out of ten.

The tool is a very well-known and trusted product, and any customer or user can select and use it for internal purposes.

I rate the resource consumption of the tool in our company's infrastructure a ten out of ten.

I rate the overall product a nine out of ten.

I find Symantec Endpoint Security Enterprise valuable for various reasons. It offers comprehensive protection against malware and network threats, and provides advanced threat protection features. The device protection and network threat prevention aspects are particularly noteworthy.

We rely on Symantec Endpoint Security Enterprise to safeguard our computer systems from malware. Occasionally, we have encountered issues related to antivirus or malware, but overall, the application has been instrumental in addressing these concerns.             

I don't see any specific areas for improvement. They are knowledgeable about advanced solutions, so no suggestions from my end. Maybe there are minor enhancements, like improving UI features or dashboards, but overall, the product is well-designed. As for additional features, I hope they incorporate Kipops, specifically AI functionality, in the next release of Symantec Endpoint Security Enterprise.

I have experience with Symantec Endpoint Security Enterprise.

Overall, my impression of the stability of Symantec Endpoint Security Enterprise is very positive, around a seven. It's very stable, and it doesn't impact the workflow negatively. I haven't encountered any significant problems, and the product is designed to be lightweight on user computers, avoiding the need for large installations.

One can purchase licenses based on scalability, depending on the number of devices you have. The starting point is around five licenses, but there's no upper limit. We've never encountered any issues with scalability, continually adding more without reaching a limit. It's a solid ten in terms of scalability.A significant number of our customers, around twelve, are currently using Symantec Endpoint Security Enterprise. They represent a mix of small, medium, and enterprise businesses.

In terms of interaction, they are prompt and supportive during calls, providing effective assistance. 

Positive

It's easy.The deployment time varies based on the number of computers, but on servers, it typically takes around an hour or so. The deployment process involves downloading the Symantec Endpoint Security Enterprise software and installing it. That's essentially all we need to do, and it usually takes about an hour for the process to complete.

It's not the cheapest, but it's reasonably priced, around a five on a scale from one to ten. It's suitable for small, medium, and enterprise businesses and offers competitive pricing. There are no additional costs; it's a renewable purchase, either annually or as needed.

I highly recommend Symantec Endpoint Security Enterprise. Before using it, users need to ensure their hardware meets the minimum requirements specified by the product. Overall, on a scale from one to ten, where one is worse and ten is the best, I would rate this product a solid ten.

Some of our clients don't have on-premise servers within their environment. In this case, the product provides an easier way to deploy antivirus software without the servers. Also, it is quite affordable.

The software can be deployed within a hybrid environment. It doesn't require an on-premises server to manage it. It allows us to monitor the machine to check if it is up-to-date and not lagging.

There could be a pop-up notification at the users' end whenever the software expires. At the moment, even after it expires, the machine shows it is up-to-date. It becomes challenging to explain to the customers that the licenses need to be renewed.

We have been using Symantec Endpoint Security Enterprise for more than ten years. At present, we are using version 14.

The product is highly stable. I haven't encountered any stability issues in the past years.

The product is suitable for medium-scale businesses. One of our clients has 90 end-users; the other has 50 and 20 users. I rate the scalability a ten out of ten.

I haven't contacted the product's technical support team directly. We take help from a support vendor, which is quite efficient and helpful.

Positive

I rate the initial setup a ten out of ten. The deployment time depends on the internet speed at the client's site, as the installation is cloud-managed.

I rate Symantec Endpoint Security Enterprise's pricing a two out of ten.

I always recommend Symantec Endpoint Security Enterprise to all the customers. It is the best tool. I rate it a ten out of ten.

One great thing about the solution is the ability to immediately pull logs from the client or the server and perform diagnostics and analysis on the spot, and very quickly in some cases. That's very useful and helpful because it has allowed us to reduce the time devoted to root cause analysis when it comes to security incidents.

The monitoring and reporting features are pretty awesome. They are not as extensive as I would like, but I do appreciate the ability to connect to the backend and query it directly to get information in a format that I would prefer.

Some of the automated features, in terms of firewall set up, Smart DNS and so forth, save you a lot of time because you don't have to create basic firewall entries but everything is covered and secure. 

One of the features gives you the ability to do destination source routing and mix local and remote routing. This allows you to have a very sophisticated set of network rules and throw them up pretty quickly, while keeping them all separate. It's that tie-in integrated with the intrusion prevention tie-in on the firewall side that makes the solution very effective. Network intrusions are a really big threat since we work on a dark network, so the network product is phenomenal.

In terms of the possibility of an outbreak, it really helps being able to lock down a terminal instantly with little advance preparation. There's a feature called location awareness that allows us to immediately switch a terminal into lockdown mode so that it can only communicate with the endpoint protection servers, so nothing can get in or out. We call it bricking. The workstation becomes completely useless from the outside. You can also block off all USB inputs, so nothing can connect to it physically.

It would be really awesome to have configurability of the canned reports. Those  things are built in and there are no options for configuration of any kind. It gives you the information that you're looking for, but it also gives you a set amount of information and you can't specify what you want or drill it down to the signal to get past the extra noise that comes through. This means you have to do a lot of analysis on the canned reporting. There's also only one output option and that's CML, which is kind of useless for analysis. You need a spreadsheet option and that's not available. It would be tremendous to have a spreadsheet option because then you could import the report instantly into an Excel template where all of the noise is automatically filtered out and you just have the signal. The way it stands right now, the conversion process is ugly and kind of useless. That's why I resorted to going to the back end and pulling out information that we need for every set up. I've done that for 150 days now because I need specific information.

We are currently looking at CrowdStrike as a replacement option because on-prem support is going away under Symantec. CrowdStrike is also a cloud offering, but it has a proxy option whereby all the traffic routes through our data center so we can throw up all kinds of protections that we need to have in place since all of our stations are on dark networks. The primary determinant for us is the fact that CrowdStrike offers that proxy routing, and we've been asking Symantec for that since before Broadcom came on the scene.

Ever since we went to version 14 we wanted to try to go with the cloud. Just the sonar option, for example, includes all of the reputation look ups, all of the AI, the machine learning capabilities and so forth, and having all of those features would have been awesome, but we couldn't implement it because it required a direct connection to the cloud from the workstation. In our line of work, that's crazy, and we can't do that. 

It's a straightforward networking operation to allow for tunneling through the cloud, as opposed to direct connection to the cloud. That would be my number one feature that I would like to see added. 

I've been using the solution since it was called the Norton Antivirus Corporate Edition, so I've seen it through many iterations.

The stability of this solution is rock solid.

The solution is absolutely scalable, but there are certain guidelines you have to follow in terms of the number of terminals you have connected to the number of servers that you have, and it's based on how often they communicate. If you want to connect more terminals, you can slow down the communication interval and scale it up. I think it's possible to have many terminals with a small number of servers when you are in a really secure environment. Then the only thing you have to worry about are the outliers, meaning whenever there's a security event, it jumps the chain and goes up immediately. Once your system is set up and you aren't doing a whole lot of changes, you don't need to check in that often, so it's highly scalable.

We have a little over 20,000 people using this solution in our company. 

I would say that their support is adequate for most purposes, but for my purposes, it is not. To get the level of support I need, I use the advanced support package, which is quite costly. The advanced support offers access to the engineers and Dev software guys.

The initial setup is very straightforward and simple. It only became complex when we started to get into the special use cases that we needed to handle, due to the unique circumstances of our high security environment, but we knew upfront that it was going to be difficult.

We handled the implementation in-house. I wasn't involved in the initial deployment, but it took months to set it up here. However, I have deployed it myself several times and it takes no more than a week with a very basic set of business rules. When I deploy it, I set up at least one, or sometimes as many as three, test environments. We have Dev, QA, and UAT, so it's takes about a week to do all of those.

This was a great product at the very beginning and it has only gotten better as they've added capabilities, so I'm a very big fan. I could do a commercial for them. I really do think they're great. It just has the one stumbling block of not allowing for high security, and it's a security product! That's the killer for me; it's a security product, but they stop short when you need the high security capabilities that are right there. This is no-brainer stuff. I could write the code to make it happen in a couple of days. I've even talked with some old Symantec support engineers. A lot of the really good ones abandoned ship when Broadcom took over because they could see the writing on the wall, that it's heading in this oddball direction. It doesn't make sense to me to cut off an avenue that seems potentially very lucrative. Their customer base is security, and Gartner has recommended them so highly for so long, and they're turning their back on that main segment. The fact that they're doing that and there's no flexibility whatsoever is telling me it's time to abandon ship.

Still, I would rate this solution as a nine out of ten.