Try our new research platform with insights from 80,000+ expert users
Charan Teja Sana - PeerSpot reviewer
Senior Consultant at HGS - Hinduja Global Solutions
Real User
Top 5
Reporting could be improved, though it provides endpoint security
Pros and Cons
  • "We use the solution for our endpoint security."
  • "The solution's reporting could be improved."

What is most valuable?

We use the solution for our endpoint security. It's our compliance requirement to prevent virus attacks and ransomware attacks. However, it's unmanaged and not like a top competitor to CrowdStrike.

What needs improvement?

The solution's reporting could be improved. The solution could have better integration with other services.

For how long have I used the solution?

I have been using Symantec Endpoint Security for one and a half years.

What do I think about the stability of the solution?

I rate the solution’s stability an eight out of ten.

Buyer's Guide
Symantec Endpoint Security
October 2024
Learn what your peers think about Symantec Endpoint Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.

What do I think about the scalability of the solution?

More than 5,000 users were using the solution in our organization.

How was the initial setup?

We were using the signature deployment, which is not easy.

What's my experience with pricing, setup cost, and licensing?

Symantec Endpoint Security is an expensive solution.

What other advice do I have?

Given the number of alerts and the variety of attacks we get, we will require AI capabilities for threat detection. Around six to seven members were involved with the solution's deployment and maintenance. I wouldn't recommend the solution to other users unless it is updated.

Overall, I rate the solution a five out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Jawaria Abbas - PeerSpot reviewer
Security Engineer at a computer software company with 201-500 employees
Real User
Top 10
The solution provides good features like application control and host integrity checks
Pros and Cons
  • "The solution's application control feature is very, very powerful."
  • "Users mostly complain that the solution slows down the system whenever something is scanned."

What is most valuable?

The solution's application control feature is very, very powerful. The solution will automatically check the host integrity and quarantine if something is not compliant.

What needs improvement?

Users mostly complain that the solution slows down the system whenever something is scanned. Sometimes, Symantec gets blocked with legitimate applications, and we add the application in the exceptions. Users always complain that agents, which are very heavy for the system, slow down the PC's performance.

For how long have I used the solution?

I have been using Symantec Endpoint Security for seven years.

What do I think about the scalability of the solution?

Around 1,300 to 1,400 users were using the solution in my previous organization.

How are customer service and support?

I am happy with the solution's technical support team.

How was the initial setup?

The solution’s initial setup is easy.

What other advice do I have?

We started with a very old version and eventually upgraded to RU6. Since we had some Windows 7 clients in our organization, we couldn't upgrade to the next versions, RU7 and RU8, because Windows 7 support is not available in those versions. Meanwhile, we started working on upgrading some systems which have specific applications running on them.

My previous organization compared different products and decided to use Symantec Endpoint Security because it was very good back then. Symantec was the first one to highlight the 2021 cyber threat. Back then, not many people were familiar with the concept of EDR.

After comparing different products, we decided to go with Symantec Endpoint Security because our major concern was application control. We didn't want any user to come, use a USB to copy the data, and leave the organization. Since users don't give us time to upgrade the system, we put the host integrity. If a service pack is not installed on the system, the system will get quarantined.

Overall, I rate Symantec Endpoint Security an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Symantec Endpoint Security
October 2024
Learn what your peers think about Symantec Endpoint Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Security Consultant at InfySec
Real User
Remediates infected file, isolates endpoint, and communicates between endpoint and SOC, all automatically
Pros and Cons
  • "There is no other endpoint solution that will help you in preventing lateral-movement attacks on Active Directory. And Active Directory is one of the more critical assets within an organization."
  • "In a few cases, when we enable the IPS/IDS feature, there are performance-related issues on the end devices. If we run quite a few features of Symantec, especially the IPS/IDF, it consumes a lot of processing and memory capacity."

What is our primary use case?

In one of our client's environments, they need securing of their Active Directory. The solution is the only product with a separate feature to secure Active Directory as part of Symantec Endpoint Security Complete. The client was also looking for an automated endpoint detection solution. That's why we went ahead with it.

How has it helped my organization?

The very comprehensive machine learning platform has been very helpful and we have been able to prevent most attacks and detect and respond to those threats within minutes.

The reaction time for any incident has been reduced drastically. When there is an incident, the EDR engine is based on AI/ML behavioral analytics. It takes direct action and remediates the infected file, isolating the endpoint, and establishing communication between the endpoint and Symantec's threat-hunting SOC. It submits the file automatically, meaning that no manual intervention is required. If there is an attack on a weekend, we can completely rely on Symantec, rather than needing someone to manually upload these things.

Most of our incidents, no matter what has occurred, are automatically addressed. This has reduced our efforts and the time we spend on incidents. That has a direct impact on our business operations. It has improved the efficiency of our operations.

The major benefit of having Symantec's API is that you get access to all the methodologies and mechanisms, and it's accessed in a single dashboard. That makes it a one-stop solution, where you can have everything integrated. It also helps us in orchestrating and correlating our security incidents.

An added benefit is that if you have it integrated with your ticketing system, tickets will also be triggered. You get an SMS alert or an email notification, but that's a secondary thing.

The solution has helped organizations enhance their security posture considerably. We haven't faced any breaches so far, meaning we have been protected adequately. We actively perform quality assessments, penetration testing, and we do forensic analysis. In addition, we have third-party SIEM software monitoring all our assets on a day-to-day basis and they haven't identified any anomalies. That means that Symantec is protecting us well, and we have implemented it and been running it for the last three-plus years for multiple clients.

What is most valuable?

The most valuable features include the

  • Active Directory security
  • application controls
  • endpoint detection and response.

Whenever there is an issue with respect to Active Directory, Symantec identifies the issues and tries to create a signature to mimic the Active Directory-related attacks in their backend labs. They obfuscate the request going to Active Directory. Even though there may be an issue with patches still not being updated by Microsoft, we have compensating control to prevent those kinds of attacks from happening. Once Microsoft releases patches, we immediately implement them. But until then, Symantec will prevent Active Directory compromises.

And, in some cases, the architecture itself is an important feature because Symantec is one of the very few endpoint services that provides an on-premises management system. Currently, most antivirus and protection providers operate entirely from the cloud. That's a differentiating factor with Symantec. This is very critical in an instance where you should not have access to the internet, or you wanted to have it on-premises. In those situations, Symantec is the go-to product.

In addition, for threat hunting, the API is integrated so that we get real-time updates. The threat-hunting is excellent. They're one of the largest civilian cyber intelligence networks. Symantec was an early starter with respect to threat hunting. They have a global SIEM and a global threat-hunting team. They have custom, built-in tools, and their own threat-hunting intelligence mechanism. We completely depend on Symantec's threat-hunting methodology. We have no complaints so far, and it has been an excellent experience working with their threat-hunting team.

Most incidents come through machine learning. In one or two cases we might need the experts, but most of our issues are known. They have a very good AI/ML engine. Based on the signature or the anomaly, when something is detected, the object that is compromised is isolated and we get an immediate response. A link is then initiated between the infected device and Symantec's threat-hunting team.

Symantec is one of a very limited number of products that supports the entire gamut of devices. It is not only Windows devices that it covers but also mobile devices, Mac, Android, iOS, et cetera.

What needs improvement?

In a few cases, when we enable the IPS/IDS feature, there are performance-related issues on the end devices. If we run quite a few features of Symantec, especially the IPS/IDF, it consumes a lot of processing and memory capacity. We would like to enable all the features, but doing so should not have a direct impact on the performance of the system. If they can come up with an agent that consumes less memory, that would be a great enhancement.

Also, Symantec is not being promoted from a marketing standpoint. I don't see any promotions for it. There are no road shows, marketing efforts, training, or anything organized by Symantec these days, at least in my region. The product is good, but if you're not marketing it people think "Okay, we haven't gotten any updates about the product." We need to have more road shows and promotions, and we need to have people trained in the technical aspects to gain market share.

For how long have I used the solution?

I have been using Symantec Endpoint Security for about four years.

What do I think about the stability of the solution?

We don't have any issues with respect to its performance, in general. I rate the stability at nine out of 10.

What do I think about the scalability of the solution?

It is on the cloud so scaling up is not that difficult. I would rate it a 10 out of 10. It's been helping us for the last three years. We have definitely been growing and Symantec has grown along with us.

How are customer service and support?

Because the threat hunting is done by AI/ML, we have only had to reach out to support when there is an issue. If we write them an email, we get responses promptly.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We are actively using other solutions aside from Symantec because we cater to different clients. We have used CrowdStrike, Sophos, and Palo Alto XDR to name a few.

How was the initial setup?

We have multiple architectures in place. A few of our clients use it on the cloud and a few have a hybrid with on-prem. The cloud-based setup is very straightforward. Once we create the account, it doesn't take more than 30  to 45 minutes for us to get the setup done.

The steps involved for a cloud instance are that an account is created, the agent is downloaded, and you probably have to push the agent to different systems. That can be done via different means and depends on the number of client machines. We can push it via SCCM or other modules or can push it manually from the central drive by having end-users download it. The process is seamless and we have been able to install Symantec on at least 150 machines within three hours. We had three resources deploying the agents on those machines in parallel.

We do regular preventive maintenance as part of our managed services, but with the cloud instance, we have never had any issues. It is on autopilot. What we do is that we regularly check for threats and whether the threats have been quarantined. We download the daily and weekly reports. The maintenance is done by one person.

What was our ROI?

We have definitely seen a return on investment. In our clients' environments, we haven't faced any downtime because of ransomware or malware attacks. That itself is a good 30 percent return on investment.

And when it comes to employees' time for detecting and responding to threats it has saved them about 50 percent. They never spend days off or weekends working. There is no need to have anyone attend to this set of problems. If the system is up and we have EDR running, it takes care of everything, from isolating the devices to quarantining the file and uploading the file back to the Symantec backend SOC. Everything is automated and it's seamless.

What's my experience with pricing, setup cost, and licensing?

The pricing is pretty much at the market standard. I don't see any issues with it. It depends on case to case. Symantec is not that cheap and it's not that expensive compared to CrowdStrike. I would put them in the "middle block."

Which other solutions did I evaluate?

When compared to other solutions, I would give Symantec Endpoint Protection 4.5 out of five. It has interesting features, starting with Active Directory Security. There is no other endpoint solution that will help you in preventing lateral-movement attacks on Active Directory. And Active Directory is one of the more critical assets within an organization. Nine out of 10 organizations use Active Directory, and it is so often a targeted asset. Symantec is the only product that has Active Directory security.

Also, it enables us to have a hybrid architecture in which we can have Symantec Endpoint Security on-prem and integrated with the cloud. We can also have the API integrated into our SIEM and SOAR.

We have been using other endpoint security products as well. The advantage of Symantec is that you don't need a separate product to protect your assets such as Linux or Android. It's equivalent to Intune where we can have a single dashboard and have all devices onboarded. 

On top of that, with Symantec, we have application control and DLP to a certain extent. It means we don't have to have multiple products running in the ecosystem. It acts as a consolidated solution with multiple features and functionalities. This reduces the costs and resources that you would need to manage different products. When you have different products, it leads to cumbersome processes and it is very complex to manage infrastructure. Having Symantec on the cloud makes endpoint protection seamless. We can download the agent, run it, and we are up and running within 30 minutes.

What other advice do I have?

I would recommend it, but you should do a PoC. Every use case is different, so I would definitely recommend seeing whether it blocks legitimate traffic or a legitimate application or process.

There is a famous saying that only 40 percent of organizations know they are being hacked. The other 60 percent are not aware that they are being compromised. A product like Symantec would certainly enhance the security posture of an organization. It gives senior management pretty decent confidence they have a robust and scalable product with a purpose. We are approaching mitigating 99 to 99.5 percent of attacks from happening. Having said that, other threat-hunting and endpoint detection and response platforms will enhance the overall security posture and drastically bring down the risk level of the ecosystem.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
Operations Manager at Telescope Digital
Real User
Runs on different platforms, allows you to automate things when using it with AD, but needs better setup, updates, and ransomware protection
Pros and Cons
  • "I like the additional features that come with it. The firewall feature and the encryption feature that they throw in are good as well. Another thing that I like about Symantec is that it runs on different platforms, not just on Windows."
  • "Symantec isn't good in terms of updating customers about updates. You'd normally have to search it out. Sometimes, the update process for the administration and management console can be a bit intimidating, and it can be quite inconvenient to get the updates. That's because when you have to do the update, you have to update the management console, and then you need to update the clients. Their application that's installed on desktops and servers needs to go hand in hand with the management console. Sometimes, it's a bit unwieldy to see that process through."

What is our primary use case?

We use it for endpoint protection for desktops and server computers.

What is most valuable?

Some of the administrative features are very good. I like the way it allows you to automate things when you're using it with Active Directory. 

I like the additional features that come with it. The firewall feature and the encryption feature that they throw in are good as well. Another thing that I like about Symantec is that it runs on different platforms, not just on Windows.

What needs improvement?

Getting it up and running can be a bit overcomplicated. 

Symantec isn't good in terms of updating customers about updates. You'd normally have to search it out. Sometimes, the update process for the administration and management console can be a bit intimidating, and it can be quite inconvenient to get the updates. That's because when you have to do the update, you have to update the management console, and then you need to update the clients. Their application that's installed on desktops and servers needs to go hand in hand with the management console. Sometimes, it's a bit unwieldy to see that process through. 

The ransomware protection on Symantec doesn't match its competitors at the moment. Defender is doing a better job in terms of ransomware protection.

Their support can be improved. It's difficult to know who to call, and their online knowledge base is quite difficult to navigate.

For how long have I used the solution?

I have been using this solution for about 14 years.

What do I think about the stability of the solution?

Its stability is excellent. It is very stable.

What do I think about the scalability of the solution?

It is very scalable. This is one of the things I like about it.

How are customer service and support?

Their support isn't always very easy. It is difficult to know who to call. 

The online knowledge base is quite difficult to navigate because they seem to have so many products, and there are so many different versions of all of those products. It is hard to find an article that relates to the problem you are trying to solve.

How was the initial setup?

It could be a bit overcomplicated to get it up and running.

Its updates are also not easy. We only have a small team. Usually, wherever I've worked, the IT team is pretty small and you don't normally have an engineer who is dedicated to Symantec. They do various other jobs, and they look at the application infrequently. So, when a major task comes along, because of the complexity, it is sometimes quite difficult for them to achieve what they need to do. It takes them a little while to do it because they have to re-learn the application and find the correct article in the knowledge base for the right version. The instructions can sometimes be quite complicated.

What's my experience with pricing, setup cost, and licensing?

I am not sure of the initial cost, but the yearly renewals are quite affordable, which is a good thing. The price seems to have come down in recent years, and with the alternatives that are out there, such as Microsoft Defender, it needs to maintain that affordability to make it attractive.

What other advice do I have?

It seems to be a fairly robust antivirus tool. It doesn't catch all viruses and protect you from everything, but it seems to protect you from a good number of variations of viruses and malware. It doesn't catch all malware, but it does catch quite a lot. Microsoft Defender is better at detecting malware at the moment. Microsoft Defender is doing a really good job in terms of matching and probably even beating Symantec in terms of malware and ransomware protection.

A lot of people who are using Windows normally use Microsoft Defender, but I normally use Symantec on Windows Desktops. Symantec runs on different platforms. It is not just for Windows.

I would rate it a seven out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CEO at CT AMERICA
Reseller
Scalable with good central management but needs better technical support on offer
Pros and Cons
  • "The solution, especially in older versions, is quite stable."
  • "The support needs to be better. When we upgrade, we can run into issues, and it's hard to get the help we require."

What is our primary use case?

We use the solution in order to protect all the computers and servers that we are using on the premises to have some controls against some threats. We are using it as anti-malware protection on the Endpoint Security side, and for encryptions for the high-risk drives on the encryption side.

What is most valuable?

Symantec has similar functionality and characteristics compared to other solutions in the market. However, we found it was easier for us to upgrade Endpoint Encryption. The main characteristic and the main advantage that we saw was that it could handle all the settings through a central point.

The solution, especially in older versions, is quite stable.

The scalability is good.

What needs improvement?

We have many issues with the way that Symantec is a data entity in our active directory. 

We need to protect all personal devices such as mobile phones. We can't do it at the moment via this product. It is a very important aspect that is missing at this moment. If they could add mobile detection, that would be ideal. Currently, we are using a lot of mobiles as we work from our home. 

The support needs to be better. When we upgrade, we can run into issues, and it's hard to get the help we require.

Newer versions can be a bit less stable.

For how long have I used the solution?

We've been using the solution for the last eight years, more or less.

What do I think about the stability of the solution?

The solution is mostly stable, however, when we need to upgrade, at this moment we need help due to the fact that we don't have good technical support locally. 

We have been using older versions, as they are stable versions for us and we don't know how to upgrade completely to the latest version. That is the issue that we have at this moment. We need to be trained, however, we don't have any access to training, especially from Symantec. For the last two years, and it is hard.

What do I think about the scalability of the solution?

The scalability is pretty good. We can increase the number of computers managed by the solution, and we can increase the passes. We have been using these solutions for the last eight years due to the fact that we don't have any kind of problems. 

That said, when we tried to upgrade, when we got the newest features, the newest protections, we had a lot of problems as we don't have any Symantec specialists available for us to help us, to train us, and to give the appropriate support. That is the main issue that we have right now.

How are customer service and technical support?

Technical support needs to be better. We don't have any specialists available for us. We are located in Latin America. We are located in El Salvador, in Central America. We don't have any specialists available for us in order to help us or to teach us how to solve our problems. We are looking online mostly at this point for some advice in blogs and forums. That's not what our expectations were when we signed up. We open tickets through the webpage and nobody happens. We are a little disappointed in that sense.

Which solution did I use previously and why did I switch?

We have not moved to another security solution due to the pandemic, as we have been working irregularly. We have been closed for around one and a half years. Then we have been working some days in the office, some days from home. It has not been a good moment for us to change the solutions, however, we are thinking about it, not due to its scalability or stability, or even due to licensing. We have been talking about changing because of the lack of good technical support.

How was the initial setup?

It's easy to set up all the devices that are managed by the active directory, however, many devices that we are using right now to work are not managed by the active directory. For example, cell phones or any other intelligent devices. We can't protect them through Symantec Endpoint Protection, Endpoint Security.

For laptops and desktops managed by the active directory, it's relatively easy to deploy. It's not a problem as we only set a policy when a laptop or server or desktop is added to the active directory so that it's transparent. It's added immediately to the Symantec console in a transparent way. 

The deployment is immediate. With the equipment managed by the active directory, it's five minutes or less.

What other advice do I have?

We are a reseller.

We are using Symantec Endpoint Security and we're using Symantec Endpoint Encryption.

We have it implemented on-premises.

I'd advise other companies to consider the solution. It's necessary. If you have a good team of specialists around you, it's a good option.

The most important thing is to have someone to help you, especially if all of your users are working regularly from different places, with different issues, with different connections through your infrastructure. If you don't have the skills, or you don't have good advisers or good technicians to help you, you are lost. 

I'd rate the solution at a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
reviewer1337973 - PeerSpot reviewer
Computer Systems Administrator at a university with 10,001+ employees
Real User
Lacks next-generation behaviour-based detection, offers terrible technical support, and not as robust as competitors
Pros and Cons
  • "The solution detects malware very well."
  • "The stability was not the best. There were times when antivirus updates broke it. It wasn't necessarily self-updating - at least, not in terms of the virus signatures. It updated in terms of the executable files. Therefore, when Windows updates would come out, they often couldn't be installed, or the computer would hang due to the fact that the updates weren't compatible with the antivirus."

What is our primary use case?

The use case for the solution was basically this: any computer or anything used for any sort of official business needed to have endpoint protection and needed to have some sort of antivirus protection. The thing was somewhat more than just an antivirus, it also included a firewall that operated in addition to the Windows or Mac firewall.

The university policy basically required that all endpoint devices used for official business have to meet certain requirements and one of them was to have an antivirus.

How has it helped my organization?

The solution probably caught some malware a certain percentage of the time and that helped the organization. By the time we abandoned it, it was actually less effective, at least on Windows 10 machines, than the built-in antivirus that you get with the Windows 10 Defender Antivirus. It became, in the end, sort-of a liability.

It also became a liability when the company was sold to Broadcom. The name is actually different now. I don't think it's called Symantec Endpoint Protection. It's called Broadcom Endpoint Protection. We had a very difficult time even getting in touch with the technical support from that company, especially after Symantec was sold. It wasn't a very robust solution.

What is most valuable?

The solution detects malware very well.

What needs improvement?

It wasn't a very good solution overall, which is why we ended up replacing it.

Most organizations are choosing a next-gen antivirus, one that's based on artificial intelligence. Symantec Endpoint Protection was one of those legacy products that have been around forever. Symantec was a spinoff from Norton. Norton Antivirus was one of the very first antiviruses to come out in the 1980s. Symantec was very highly rated at one point in its life. It never really caught on to the new trends and antivirus protection. And so it still relied on things like a database of virus signatures that would need to get downloaded and then files would be checked for those signatures.

Modern antiviruses don't do that. They're based on behavior. They're based on intelligence algorithms. They're honed by artificial intelligence and machine learning from data collected all over the world. And so for that reason, the next-gen antiviruses are much more efficient at detecting viruses. They also take up a lighter load on the computer.

Next-generation is behavior-based detection rather than signature-based detection. Symantec tried to be a hybrid between the two. It had a behavior-based component called SONAR, however, it was still mostly a signature-based software antivirus application. For that reason, you can never keep up with all the mutations and viruses, and you can't keep up with malicious behavior that isn't based on viruses. Things like downloaded PowerShell scripts, things that computers can do with the components that they already have without needing to put any virus on the computer. A lot of malicious attacks, government-backed attacks, don't use any kind of foreign software. They take advantage of vulnerabilities within existing operating systems like Microsoft Windows or the various versions of Linux or the Mac operating system. They don't need to put additional software on the computer to compromise them.

That, in a nutshell, is why we switched to a next-gen antivirus. Next-gen antiviruses have probably been around for about five or six years. Some of the old companies made the transition to them seamlessly. Symantec didn't. It remained wedded to the old technology and that made it, you could say, a has-been.

For how long have I used the solution?

I've been using the solution for many years. It's probably been about ten years at this point, at least a decade.

What do I think about the stability of the solution?

The stability was not the best. There were times when antivirus updates broke it. It wasn't necessarily self-updating - at least, not in terms of the virus signatures. It updated in terms of the executable files. Therefore, when Windows updates would come out, they often couldn't be installed, or the computer would hang due to the fact that the updates weren't compatible with the antivirus. I give it pretty poor score for robustness.

What do I think about the scalability of the solution?

It was scalable just due to the fact that had to be installed individually on individual computers. For the unmanaged workstations, it was as scalable as you wanted it to be. There was a new download and a new install on a new computer. There are no limits on that. I'm not sure, however, how true that is, as it wasn't within my area of responsibility. I'm not sure if the managed work points overloaded the servers that were meant to monitor them. I don't think that was the case. The scalability was probably pretty good there too. I never heard any complaints about it not being scalable.

We likely had between 10,000 and 20,000 users on it. The roles would include, since it's a university, students, faculty, staff, and researchers. That pretty much covered the type of people that work at a university.

We don't plan to increase usage as we've completely phased out the solution.

How are customer service and technical support?

Once Symantec was sold to Broadcom, it became very difficult to reach out to technical support, and they just stopped being responsive. By the end, we were very unhappy with their level of support.

Which solution did I use previously and why did I switch?

I've been at the organization for 21, 22 years. Originally, before we had Symantec, it was McAfee antivirus. We had that up until maybe about 2010 or so. Now, we are using CrowdStrike Falcon.

How was the initial setup?

The initial setup was not complex. It was simple.

The deployment was always ongoing due to the fact that, as a university with something like 16,000 employees, computers were getting bought and repurposed all the time. The initial rollout was in fact not a managed version of the antivirus. It was just a standalone version that users could download from a website when they provided their credentials. After that, they would just double click on a downloaded file and run the installer and they'd have the antivirus.

However, it was completely unmonitored. The antivirus program on their computer was not sending its data anywhere. It couldn't be helped by anyone remotely to do its job of protecting the computer.

Therefore, almost all organizations now want to have a managed antivirus solution where there's software installed on the computer, but it communicates with the cloud, and IT administrators at the organization can control this behavior and learn from it.

In terms of the staff required to handle the deployment and maintenance, there was probably the equivalent of maybe two to three full-time staff that were dedicated to antivirus endpoint protection issues. 

What about the implementation team?

We handled everything ourselves in-house. We didn't need the help of a consultant or integrator.

What's my experience with pricing, setup cost, and licensing?

We pay on a yearly basis. However, I'm unsure of the exact amount.

Which other solutions did I evaluate?

We did evaluate a number of other vendors. We entertained some RFPs and we did testing on four other competing products. There was one other competitor that was close. The main factor that tilted us toward CrowdStrike is that they did make a last-minute significant cut in price to their offer. I think they reduced it by something like 30% or 40%.

CrowdStrike has been in the business longer and is a bigger company than the runner up as well. To us, that mattered. If there is winnowing out of competitors, if the market actually shrinks and there are a few big players in five years, we want to be sure that we're with one of the big players that are going to make it.

What other advice do I have?

The solution is a kind of a mix between an on-premise managed server that managing some machines, and other machines just had an unmanaged client that was distributed to students. It's not actually a cloud, it's a server. It's an on-premises server. It's not a cloud-based server that is being used. The antiviruses report to the server and policies can be set on the server.

I'd advise users to be aware that there are better solutions out there than this. I've learned that technology can change and your solution may be great now, but in a few years, it may drop to the bottom of the barrel. That's what happened here.

I'd rate the solution one out of ten. In order to get any sort of higher rating, they would need to start it over again from scratch. Instead of trying to make a legacy product better, they should abandon it and invent a new product.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Technology Specialist at Wonderla Holidays Ltd
Real User
With a single product, it gives us a big picture of our response and remediation processes
Pros and Cons
  • "If there is exposure, we need to investigate the source of the attack, e.g., whether it came from the network or externally. We view the firewall logs, and if there has been exposure, then we use the Application Isolation feature. When there is an attack with on-prem, that system will go into isolation mode, removing connectivity to other internal systems. We also restrict the WLAN part to avoid that system broadcasting to other networks."
  • "The device can be outdated. More enhancement of network and discovery would help already great features."

What is our primary use case?

We use it to secure our endpoint, especially with employees working from home.

Our company provides amusement park guest hospitality. This solution helps us with our daily operations, managing the amount of traffic in the network coming from the Internet as well as application updates and passwords. 

How has it helped my organization?

It lets us control users and their actions when browsing.

Every month, we do an analysis. This allows our systems to be the most effective with all the changes that need to be done. It gives us a dashboard where we can view four or five key components, like malware protection, exploit protection, network intrusion, behavior analysis, and additions to the firewall. We also do daily, weekly, or monthly analyses based on events. This helps us have a clearer picture of our organization, what is wrong with a security event, and where you need to really focus to prioritize events. For example, if you have a network intrusion on the firewall, this gives a detailed view of your network where you can focus on the right solution, and prioritizing events.

We are using the solution to mitigate security breaches. We are constantly monitoring the endpoint interface dashboard. If there is a breach, it gets isolated. We see those on the report and event logs. We then apply the Application Control feature to take remedial actions.

If there is exposure, we need to investigate the source of the attack, e.g., whether it came from the network or externally. We view the firewall logs, and if there has been exposure, then we use the Application Isolation feature. When there is an attack with on-prem, that system will go into isolation mode, removing connectivity to other internal systems. We also restrict the WLAN part to avoid that system broadcasting to other networks.

It gives us a big picture of our response and remediation processes with one product, which is very good.

What is most valuable?

The detection and response are quite good. We have a few templated policies that we have created for our entire organization. We have added groups to ensure that if an attack or breach happens, then it can be isolated from our network.

We use Application Control, Application Isolation, Web Traffic Redirection (WTR), and Network Integrity. These ensure that traffic is flowing. 

What needs improvement?

The device can be outdated. More enhancement of network and discovery would help already great features.

For how long have I used the solution?

The company has been using it for almost five years.

What do I think about the stability of the solution?

We haven't had any issues when updating it.

What do I think about the scalability of the solution?

The scalability meets our company's requirements of on-prem and cloud. Therefore, I would rate its scalability as nine out of 10.

How are customer service and support?

We have not yet used the Threat Hunter Team.

I would rate the technical support as nine out of 10. Most things are resolved within a day. Some things have taken a week because they needed to assess the system and what went wrong. Critical assessment of root causes takes about two to three days.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have around four to five applications. For example, we are using Oracle Fusion Middleware and ERP in-house for our operations. 

We have also used Sophos, where it took a little time to put policies in place. It is quite complicated and not that user-friendly. We had a bad experience with them.

Symantec Endpoint Security is better because it has other features, like Application Control and Application Isolation, that can be utilized. It gives us complete control of the endpoint, so we can customize our workflow to control security.

What about the implementation team?

We have used Symantec Professional Services for updates and helping to get services properly installed.

What was our ROI?

Protecting the company data is key. This solution gives a clearer picture of your endpoint, security, and network. These three things are very important for us, which is why using Symantec Endpoint Security is a win-win for us. 

Our detection and response times are very high. Whenever something happens, such as an attack, we are immediately prioritizing it via the dashboard. 

Which other solutions did I evaluate?

When we go for a product review, we normally do a PoC to understand how the application will scale our innovation before adding it into our pipeline. 

Other solutions have the detection and response feature.

What other advice do I have?

We are currently doing an assessment for VPN parameters, making it more secure. We are checking out that enhancement right now.

We have not integrated our Active Directory (AD) with this solution. We are still evaluating this. Our AD is currently not centralized. Once it is centralized, we will connect it to Endpoint Security.

We do a PoC whenever a new feature is released. They provide training, which helps us to be on the same page.

I would rate them as 10 out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Senior Infrastructure and Security Engineer at Georgetown University
Real User
Effective threat protection, simple deployment, but heavy on system resources
Pros and Cons
  • "Some of the most valuable features were antivirus, malware, and spyware. They were really good."
  • "We had trouble with the advanced features, such as the firewall builder and all the network protection modules. We were having a lot of issues because it would sometimes block users or the printing, or it would create issues with the network access resources."

What is our primary use case?

We used Symantec End-User Endpoint Security for a thin client for our servers and the full package for the user's systems.

What is most valuable?

Some of the most valuable features were antivirus, malware, and spyware. They were really good.

What needs improvement?

We had trouble with the advanced features, such as the firewall builder and all the network protection modules. We were having a lot of issues because it would sometimes block users or the printing, or it would create issues with the network access resources.

We were using the on-premise version of Symantec End-User Endpoint Security and one of the reasons to use the on-premise versions was to save the network traffic from the cloud. However, because we deployed the full package, the client's computers were really slow most of the time. End-user used to complain that their computers are running slow. It was not only the antivirus because the user had to run other applications as well, in parallel. As soon as we removed Symantec End-User Endpoint Security, the user did see a lot of improvement in their hardware performance, such as the CPU usage being lower and memory resources going down. 

The background scanning performance should be improved because it makes the computers run slow and we had the latest hardware, but it was still having issues. Their engine needs to be improved for the scanning.

For how long have I used the solution?

I have been using Symantec End-User Endpoint Security for 10 years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

We had more than 10 users using this solution in my organization.

How was the initial setup?

The installation is straightforward. The full deployment took approximately two weeks.

What about the implementation team?

We did the implementation of Symantec End-User Endpoint Security ourselves.

We have one person that supports this solution.

What other advice do I have?

We are phasing out the use of Symantec End-User Endpoint Security in my company and we only have a small number of systems using it at this time.

We plan to switch to Cisco Secure Endpoint.

I rate Symantec End-User Endpoint Security a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Symantec Endpoint Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Symantec Endpoint Security Report and get advice and tips from experienced pros sharing their opinions.