Symantec Endpoint Security Reviews

Our client uses Endpoint Security at a school for antivirus protection. For example, if someone plugs in a USB on a classroom computer, Endpoint Security protects the network from infection. We have around 35 classrooms and eight teachers per class, so that's about 280 people.

The school does not use Endpoint Security to its full potential. The use case is basic. For example, it isn't being used to block stealth techniques. Sophos Firewall handles those kinds of attacks. Active Directory isn't used in the classroom, so the ability to block an AD takeover isn't being used. 

We haven't eliminated any other security solutions by adopting Endpoint Security, but we are trying to consolidate our solutions by installing a new FortiGate firewall and client licenses of FortiClient.

Endpoint Security provides the school with fundamental protection against viruses and other malware. It only covers traditional endpoints, not mobile devices, but we've never had any outbreaks. 

The best thing about Symantec is its ability to control our endpoints from a single point. You can manage the antivirus definitions, upgrades, remote scanning, etc., from one console. 

In four years, we had no reason to switch solutions, but lately, we've found that Symantec is slowing down the machines. They are looking to change solutions. I would like to stop the Endpoint Security Client's scan when the device boots. It slows the machine a lot. The scan should only run when the machine is idle. The scan often happens when the machine is at its peak load. 

I would also like Symantec to add ransomware protection. If a machine is infected by ransomware, it's hard to recover the data. We don't have any data on the client, so we're not overly concerned about that. Still, it would be nice to have this feature if there are any future problems. 

My client has been using Endpoint Security for two or three years.

Endpoint Security is stable. 

Endpoint Security is a scalable tool. 

I rate Symantec support a nine out of ten. I only had to contact them once in ten years, and the support was excellent. They solved the problem in ten minutes.

Positive

We're looking at other solutions. We mainly want something that doesn't experience performance degradation during scans or updates. 

I started to work with this client two years after implementation. I have been managing the solution for a year and a half. I provide them with renewals and updates when necessary. It doesn't require much maintenance. I didn't have to visit the premises this year.

The price of Symantec is on the higher end. They face some competition from a company called Quick Heal, which is much cheaper than Endpoint Security. They offer three years of protection at just 900 rupees.

I rate Symantec Endpoint Security an eight out of ten. My first piece of advice is not to deploy Endpoint Security on traditional machines because it'll slow it down. India is a price-sensitive market. Many companies won't pay attention to the speed of a hard drive. They'll only look at the size. They would rather go for a 500 GB hard drive, even if it is not required, rather than a 256 GB SSD. 

If you want to deploy something over and above your operating system's capabilities, you need to have a powerful machine to handle that. Performance is mainly an issue on devices using traditional drives. The performance doesn't deteriorate by more than two percent on an SSD drive, whereas it is more than 15 to 20 percent on an average drive.

With its behavior forensic, advanced threat hunting, integrated response, and Threat Hunter capabilities, it provides good control over security and improves the security posture.

Symantec is a known name in the market for endpoint and server security. The baseline of their products would always be the same, and with the evolving threats, they are also changing the technology. For example, with ransomware or zero-day threats, you don't have any already-known bad files. So, you don't have a signature for those files. They need to be identified based on behavior. If any file is misbehaving, Symantec Endpoint Security can handle it. This proactive approach or IPS is a part of it. Another example would be that you download a PDF file, and this PDF file has a built-in script. When you open the PDF file, in the background, the script starts, but nobody knows that. If you install Symantec, it will see the behavior of the file. If any file other than the required file is being executed, it will detect that and protect the system from that. Recently, a bank had a breach. There was an attempt to copy a file, which was blocked. With threat analysis, we could see that the system was protected but the bad guy had already passed through or gotten inside the network. 

Their Threat Hunter team helps out to know what exactly happened and the type of breach. For example, you clicked on a link that copied malware on a system. Your system is infected but nobody knows how many systems are affected after you. The Threat Hunter team is very good and professional. They would check its footprint on every system. If you have a breach in your environment, you have to contact them to find out what exactly is happening.

Nowadays, people bring their own devices. Most of the time, you don't know what's installed on these devices, which is the biggest threat to the environment. Symantec provides protection based on the analysis of your application, its behavior, and the type of data being sent and received. Sometimes, when you connect your mobile to any other wifi, such as free wifi or hotspot, if there is anything malicious, it can stop the traffic.

It allows you to choose the policies that you want to implement. There are around 7,000 SCSC policies, and of course, you are not going to enable all of them. You can choose the policies that you want. 

It has various components that help you at various stages: pre-attack, attack, breach, and post-breach. It reduces the attack surface. There is a component for breach assessment, device control, application control, behavior analysis, and isolation. All these are a part of its attack prevention capabilities. It also protects Active Directory. There is a tool called Active Directory Defense to stop an attacker from taking control of a user. It detects credential theft and stops intrusion, which is something no other vendor is currently providing. It also allows you to auto-manage policies, and IPS and IDS are also already there. 

It is a complete and the best solution if your use case is small and you need more productivity and more security. With a single console, you get control over Mac, Windows, iOS, and Android. This control is most valuable. 

It provides complete protection with machine learning, behavior learning, and Global Intelligence Network (GIN). The threat intelligence generated by Symantec’s GIN is now a part of the solution. For any file that they find, they get the reference from GIN, and based on the value of their sensors, they are going to say whether it is a bad file or an okay file. This capability is very important.

If there is a suspicious file, it is put into a sandbox where Symantec does an analysis. After the analysis, Symantec marks the file as a risk, but it doesn't blacklist or block the file. If a file is already known to be harmful, I would like them to automatically block or blacklist it to reduce the damage. It will stop the attack by at least 50%. Sometimes, administrators do not see the console on a daily basis, and sometimes, they assume that Symantec will block and delete the file, which is not the case. I would like it to block the file so that you won't be able to open the file. 

Another improvement area is reporting. Its reporting is more technical. As a technical person, it gives me 100% value, but if someone from the business staff wants to see what exactly is going on, you cannot give them these reports, and they won't get the value out of it. Currently, the data is not presentable for any C-level person.

I have been using this solution for the last four to five years.

They have been a leader for the last couple of years. There is no question about its productivity. It is a good name in the market. Every six and seven months, they are adding a new component or feature. If they see any gap in the product, they fix it. 

Their support is good. I would rate them a seven out of ten. Their response time varies. If your case is assigned to the India side, they take extra time. They will ask you for the log files, and the next day, they will do a remote session. Sometimes, the client gets frustrated because this is a security component, and they want to resolve the issue as soon as possible. If the case is assigned to someone on our side and we get a highly qualified person, they can handle it within a day.

Neutral

I got a chance to work with other products, such as Carbon Black, Palo Alto, and McAfee. They all are very good products. No product is bad because they are coming after so much R&D. They all are investing their time, money, and people to enhance productivity, but Symantec has been there from the start. The way they design their solutions is very important, and now, they have GIN, which is very important.

I once deployed Cylance in a bank. It had endpoint protection and EDR, and two agents were installed on the system. One was for protection and one was for recording the incident on EDR. It would capture so many files, which Symantec doesn't do, and mark them as harmful or not. Based on what I was told, it decided that based on the virus total. When they get the file hash, in the back end, they would run a script, scan it, and then give a report based on the virus total. They don't do any technical evaluation of file structure or file behavior. I found Java files to be a big problem with that solution. Symantec is comparatively a much more mature solution, and their support is also very good. They provide support for the whole product and not just a component.

It offers flexible management and deployment options. You can install it by watching a video on YouTube, but for the implementation design, expertise is required. For example, if you are implementing it in a big bank where you have 5,000 to 6,000 endpoints and multiple branches, you need to have an implementation strategy and see how to take care of the database, replication, and other things. At that time, your expertise is going to be used for designing the solution.

It takes about 30 minutes to implement the server and the policies. The rest of the things are going to be installed by the agent, which is dependent on the network. In the same building, if you have SCCM or another deployment tool, it is a one-hour job, and it can be done by one person.

In terms of maintenance, you have to take care of your server and download the updates on a regular basis. This is only for Symantec Endpoint Protection Manager (SCPM). If you are a cloud site, you don't need that. Symantec will do it. For on-prem, you need a person to log in and do the updates, and there might also be a little bit of maintenance of the database.

You get the ROI within the licensing period. It is also in terms of the reputation of an organization. Especially if you are a financial institution, your environment needs to be secure.  Last year, a bank in Nairobi, Kenya had an issue with the system. When I inspected it, five systems were already breached. I didn't find their cybersecurity team competent enough. So, I told their CIO to buy this product and enable all the policies. They don't need to log in daily. When required, they can log in and get all the information. They are very happy with it. The only issue is that when a file is identified as a risk, it is not blocked.

It is normal. If you are an educational institute, they give you a very good discount. If you are coming from the banking side, they may or may not give you a discount. I'm working with seven companies, and normally, they get a 65% to 70% discount on everything.

There are various components. You have to know what exactly you want. If you are just going to protect your endpoint, you won't buy Symantec Endpoint Security Complete. You would buy the Endpoint Enterprise, which is on the lower side. Symantec Endpoint Security Complete is on the higher side because you can also manage your mobiles and other devices. EDR is also a part of it, whereas, with the enterprise version, you don't get EDR. Overall, the price depends on the number of security components you want.

When evaluating a solution, I would advise seeing the simplicity of deployment and usage. Some products are cheap, but the operational cost is much higher, and they are a lot more complex. 

If your organization is small and you have a constraint on your system administrator or security administrator, then the cloud is the best solution for you. If you are a larger bank and you don't want your data to be on the cloud side because most countries don't allow you to share your data on the cloud side, you can install Symantec Endpoint Protection, which is then connected to a Symantec Endpoint SCSC. It will be a hybrid solution. Some components are going to be managed from on-prem and some components are going to be managed from the cloud. Feature-wise, if you're going to the cloud side, you can leverage EDR. Otherwise, you have to install an EDR server on your data center.

I would rate it a 10 out of 10. It is a wonderful product.

My primary use case is malware protection. I also use it for device control, application control, and more. We are a financial institution.

The stability of this product has improved the way our organization functions. There is little maintenance, and it doesn't take long to install or uninstall. Once it is configured correctly, there is little chance of it failing.

This means that we have more of our technical staff available to work on other problems that occur.

The most valuable feature is the proactive malware scanning capability.

When you are performing simple tasks, it is not as demanding on resources as compared to other security products. This is an aspect that I like.

The application and device control functionality is good. We are able to see which applications are installed using the product management dashboard. This gives us the ability to monitor workstations, including which applications they have in which tabs.

There are extensions available, such as the Browser extension, to deal with specific types of attacks. This helps to protect against hackers. I have tested it with samples and it protects the system well.

The interface is simple to use.

One issue that comes to mind is that there is no way of specifying categories that the firewall should block. It is able to block specific URLs but other solutions, such as Kaspersky, allow you to block access by specifying a category.

It would be helpful if this product provided patch management functionality.

Compared to Kaspersky, the reporting features are not rich. Overall, the reporting capability needs to be improved.

I have been working with Symantec Endpoint Security for between 12 and 18 months.

This is a very stable product. It is the feature that I like most about the product because when we were using other ones, we had failures. With this solution, there is no frequent failure of the components.

For example, in other products that we've used, the virus definitions didn't update and systems were compromised because of it.

We have approximately 3,000 users that are protected by this solution. We add branches and more computers weekly, and we don't have problems doing so.

We were able to easily integrate with Active Directory using the Symantec Manager, so I would say it's very scalable.

As we add more branches, our usage of the product will continue to increase.

We have not been in direct contact with Symantec technical support.

The training and documentation that they provide are helpful. There is a good amount of documentation that helped to provide us with a complete picture of the product. It's nice, neat, and easy to understand.

Prior to Symantec, we used a solution by Kaspersky.

We use other anti-virus products and this one is less resource intensive and more stable than the others. It is also simpler to use.

Symantec Web Security Service (WSS) has some good features that I wish were in this product. Unfortunately, it is another subscription.

It does not take long to install this solution.

Unfortunately, the order that we followed was not recommended. We just deployed and then obtained subscriptions after that. This is not a recommended approach for deployment. However, we have a good partner and a good support team.

Due to our limited bandwidth, we had to install manually rather than use the web-based deployment. This meant that it took us longer because we had to visit each of the physical workstations. In total, it took approximately two months to deploy.

We deployed the solution ourselves. There were seven or eight people io the team and different staff members were given different duties. All of them are system administrators.

We have three people that handle the maintenance. They monitor the dashboard for possible compromises, and our specialists have to use the device protection and application controls.

There are also tasks related to reporting issues that arise during monitoring, including those concerning possible attacks or infections. One of the managers in our IT staff is responsible for updating the definitions that we get from Symantec.

There was an incident where we had problems with a password and we had difficulty recovering it. We contacted our local partner and I think they contacted Symantec. After that, we recovered the password. That was the only maintenance-related problem that we had.

The pricing was one of the factors that led us to choose this product.

That said, I was not the decision maker. I simply proposed it to our manager.

When our subscription to Kaspersky ended, we were tasked with comparing features between different solutions. The three options we considered were Symantec, Kaspersky, and Sophos.

One of the things that we liked about Symantec is the low resource utilization. I am not the person who completed the analysis but I know that the fact it is lightweight was one factor.

We liked the functionality that Sophos provided but the deployment scenario functionality was not useful for the workstations in our environment. It involved deploying the dashboard to workstations in the cloud, which is not our preferred approach.

Kaspersky has richer reporting capabilities. This is an area that could be enhanced in our Symantec solution.

We deployed the product one and a half years ago, and we received training to configure and maintain it. It was recommended that we complete our training in terms of policies, which is something that we also did. Once that was finished, we experienced the stability and good features that the product provides.

This is a product that I have recommended for use in another company. I have been told that after they adopted it, they were pleased with the fact it consumes fewer resources than their previous solutions. They manage it from the cloud.

Currently, I am referring another company to this product and my understanding is that they're going to implement it.

I would rate this solution an eight out of ten.

The use case is end-user laptop protection.

Customers can use it to protect endpoints, both laptops on the network and off the network. This is the beauty of the tool. Symantec installs an agent on the laptop itself, ensuring protection even when users are offline.

Moreover, the threat detection capabilities of Symantec have evolved to meet emerging security challenges. Symantec has a huge database of threat intelligence solutions. We receive very regular updates. It seems like they're very consistent. This means once an event happens somewhere (from the web or dark web), it's included immediately in its threat intelligence, and every other user will benefit from this update.

It has centralized management, product intelligence, is very easy to deploy, regularly updated with the latest virus and threat definitions, and has very good technical support.

Symantec have everything – documentation, videos, data sheets. That should be on the list of positive things.

Symantec could improve the learning resources to make the initial deployment smoother. It could become more popular with training because the initial deployment requires some experience. Sometimes, we don't find the necessary experience. They need to make their model more popular.

We provide it as a service. For more than five years now, since 2019.

Overall, I would rate the stability a ten out of ten. It remains stable once deployed. We never touch the setup again. 

It is very scalable. We once deployed it for a client of 5,000 end users. 

When it was directly with Symantec, the technical support was perfect. After Broadcom acquired Symantec, the level of technical support dropped. It wasn't the same as before.

It could be more responsive. They should go back to having responsive and highly knowledgeable teams. They were almost like that, but after the Broadcom acquisition, there were noticeable changes.

It's very straightforward because it uses centralized management. You don't need a very complex infrastructure.

Depending on the environment, it takes us at least five days and, at most, fifteen days.  

It can be deployed both on cloud and on-premises. 

The ROI is very good. Once deployed, you don't need a lot of skilled administrators to manage it. It's alert-based, so if you don't have an alert, you don't need to do anything. You don't need someone monitoring the screen 24/7.

The licensing is okay.  Symantec has a very granular licensing model, so you only buy what you need.

It's similar to other competitors. I don't see them as being higher or lower than others in terms of pricing.

There are other options, but we haven't fully evaluated them due to our large deployment. We have more than 5,000 users, so we would need a very good reason to change.

First, define your use cases perfectly. Symantec is a license-based product, and if you don't know exactly what your requirements are, you might purchase unnecessary licenses.

Overall, I would rate the solution a nine out of ten. 

Symantec adds a huge security layer to the company. We can protect any endpoint, on or off the network. If someone's working from a coffee shop, for example, they're still protected. It is a huge feature. This reduces risk and improves the company's security posture.

I'm an admin in an IT consulting company and we have different companies that use Symantec Endpoint Security Enterprise.

Symantec provides a lot of security for the end user. For example, if I'm going to a website that is not trusted, Symantec will alert me that it's not trusted or it will even block it. It's endpoint security that always gives you alerts about the dos and don'ts before you even get into danger. Some antiviruses will only alert you once you are in danger. With Symantec, you get the alert before you even click on or visit a dangerous site. The detection processes are very good and they have a good notification process to tell you if whatever you are opening or working on is not good for the PC.

I have the solution on my phone and that makes it quite secure. It blocks all ads and malware. Before Symantec, I used to get a lot of ads, especially if I was doing research on the internet. Since I started using Symantec on my phone, it has blocked all of them. And it is connected to my main account on the PC, so it gives me a combined report on whatever I'm doing and whichever sites I've visited.

For us, as an MSP, Symantec is the best for breach prevention. We have been using it for almost two years now and we haven't had any major attacks or ransomware. We are always protected. Previously, before we got to Symantec, one of our clients was attacked by ransomware, but since we deployed Symantec on all our users' endpoints, we haven't had any issues.

In the long run, it has made the security side of our company more solid. Now, we don't battle with viruses and malware. It has helped with our company's growth. Symantec has given us a great sense of assurance and protection. We know that all the devices and endpoints are well secured and that there won't be any major attacks or any damage to them.

The mobile application is valuable. You are able to see the reports of intrusions and the like on mobile devices. That is one of the coolest aspects.

Also, they recently upgraded the solution to provide a graphical interface that gives you an overview of the detections and whatever has been blocked. It gives you a pie chart with a breakdown of whoever is trying to access things.

In addition, it's always running and it doesn't consume a lot of memory, which would slow a PC down.

I have been using Symantec for almost two years. I do the admin part of it for Windows and mobile phones, including installations and reports.

It's very reliable. It's very steady and doesn't give us issues.

The scalability is also 100 percent. Its ability to grow with the organization is positive. It's something that our company wants to use in the long term.

We have used their technical support a few times because we have had challenges with licensing issues. 

You have to go to the support site and log a ticket. They will assign it to an agent and then the agent will call and assist you with the issue. They have always been helpful whenever we have contacted them.

Positive

We were using Trend Micro. We switched to Symantec because the intrusion level is very low and the alerting system is very good. Symantec gives you an alert whenever you are doing something that is not right. You don't even need a techie to tell you not to do this or that.

The setup is very easy, especially when done by email. You just add the end-users information on Symantec and they get an invite via email. Once they get the link they click on it. That downloads the installation file and installs it for them. Our IT team of four people work on it together.

We get the key from a local partner and we apply it on our portal. From there we push the installation files to the users and install them. Then we do the reporting system.

In terms of maintenance, it's mostly cloud-based. Updates are done automatically.

We do it ourselves.

We have seen ROI. It has saved us a lot of money.

The pricing is good, very moderate, and the licensing is also good. It gives you more room to install a lot of endpoints and it even gives you the opportunity to install it on your mobile phone without any extra cost.

The one issue we have is that whenever we buy a license, it takes us to a new tenant. We communicate with our local partners and they give us the license key. Then, we have to go to the portal and apply it, but sometimes it doesn't work. We then have to create a new administrative account and migrate all our endpoints. That is the only major issue we have been battling with. Apart from that, it's fine.

We already had our eyes set on Symantec because it was something that some of our clients had been using.

I always tell my colleagues in the IT space that Symantec is one of the best antivirus solutions that we have used. Most of our clients, before we approach them, use different solutions so we do a test. We put a virus on their PC to see if their antivirus is able to detect it, and we find that it does not detect that there is a virus or an intrusion on the device. Once we install Symantec, it blocks everything and immediately detects that there is malware or an intrusion on the PC that needs attention.

Symantec is the best when it comes to other antiviruses and endpoint solutions in the global market.

Symantec Endpoint Protection is something I would recommend. It's one of the best.

It is used for detecting and blocking web attacks. 

It has helped me in providing authentication mechanisms, restricting devices, and blocking global threats. There is about 10% to 15% improvement.

All Symantec Endpoint Protection (SEP) features, such as anti-malware, zero-day attack protection, and IPS features, are valuable.

Zero-day threat and device management or device control can be better. The patch implementation or patch management can also be better because sometimes, they are issuing or deploying patches in old versions.

It should support the next-generation IPS. Currently, it supports only IPS.

I have been using this solution since 2010.

We haven't had any issues with SEP. We have been using it for quite a long time, and it has been stable. It is reliable. We are getting upgrade patches. 

We are also using other Symantec solutions, such as Blue Coat, and we have had issues with them but not with SEP.

It can be scaled up with EDR and XDR extensions. We have deployed it at multiple locations, and we have plans to increase its usage.

Their technical support is fine. I didn't find any issues with that. I would rate them a nine out of ten.

Positive

I used to use Trend Micro Quick Scan. I switched because we were getting some attacks, and Trend Micro was not able to detect them.

It was straightforward. We had around 500 systems, and it took about a week. About three to four people were involved in its deployment. Their roles were engineer, team lead, and admin.

We had a consultant from Symantec for its implementation. In terms of maintenance, it doesn’t require that much maintenance, but it requires patch updates on a regular basis. I take care of its maintenance.

The pricing is as per the environment. If all the features are there, there will be a cost for them. There were no additional costs for me. Support and other things were included in the pricing.

We did a PoC of McAfee, Trend Micro, and other solutions in our environment. Symantec was better. So, we went for it.

I would advise using all of its features, such as IPS. These features are very good. I'm using a lot of solutions from Symantec. I am using SEP, and I am also using Blue Coat devices. They provided us with the entire solution design.

I would rate Symantec Endpoint Security a nine out of ten. It is a nice product.

Symantec Endpoint Security is a comprehensive solution that provides all the packages in one product. The most valuable features of Symantec Endpoint Security are endpoint protection, antivirus, firewall, and policy creation.

The one thing I don't like about Symantec Endpoint Security is the amount of resources it uses.

I have been using Symantec Endpoint Security for ten years.

I rate Symantec Endpoint Security an eight out of ten for stability.

More than 500 users are using this solution in our organization.

I rate Symantec Endpoint Security an eight out of ten for scalability.

I rate Symantec Endpoint Security seven to eight out of ten for the ease of its initial setup.

We implemented the solution through an in-house team. Two to three people can deploy Symantec Endpoint Security in a couple of minutes.

We have seen a return on investment with Symantec Endpoint Security.

Symantec Endpoint Security is a moderately priced solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a five out of ten.

I am working with the latest version of Symantec Endpoint Security. One person is enough for the solution’s maintenance.

Overall, I rate Symantec Endpoint Security an eight out of ten.

We haven't had problems with the product recently.

The solution does the job.

It seems to be user-friendly. Our users seem to like it for the most part. 

Every time an OS comes out, I have to upgrade the Symantec product. They don't know how to patch it. If they would produce a patch instead of uninstalling or installing over the current version and rebooting I'd be a lot happier with the product. 

As far as what it attacks and how good it is and its job I don't really care. It drives me nuts because every time I have to do a feature update it requires a new version of SAP. Then, I have to go through the silly process of putting it into the configuration manager, running tests and upgrading it, and making customers reboot their machines. It should make a pass and be done with it.

We've had Symantec for many years. It's likely been 10 plus years.

We haven't been too happy with technical support, We'd like them to be more helpful and responsive. 

We deploy the solution ourselves. 

I don't have any insights into the pricing or licensing aspects of the product.

We were looking at Microsoft Defender Antivirus due to the fact that we were looking at switching away from Symantec.

We're a customer and an end-user.

I'm a client guy, I'm not the security team that inspects the end product. My team deploys it and we have a configuration manager that makes sure it's deployed correctly. We have staging processes around Windows 10 and policies, et cetera, however, as far as inspecting it, that's not up to us. It's not our mandate. It's the security team that makes the decisions about the products we use. 

While our current version is on-prem, everything's going to the cloud. If we stay with it, maybe that is something we're looking at, however, we have a lot of different security products on our machine and we have applications that our customers use. Hopefully, they're going to decide to get something that combines the five or six other apps that we have that are doing various things beyond slowing our machine down.

I'm not sure if we are on the latest version of the solution. 

My main issue with the product is that I just can't stand the way they force you to upgrade the product instead of putting a simple patch on it.

I'd rate the solution at a seven out of ten.