Symantec Endpoint Security Reviews

We have used Symantec for several scenarios depending on a client's requirements. We have used the Symantec solution for host integrity, device control, and communication policies. It has the host integration part where we get the custom option to add certain scripts.

Most of the clients have been using it on-prem, but we are now looking into the cloud or SaaS environment because it would be much easier to manage the infrastructure. Our clients have Amazon AWS and Microsoft Azure.

Policies are very important and valuable for us. We have to ensure the security of the client environment. We have to ensure that there is no tampering, and restrictions are applied to the devices when one uses third-party devices such as storage and pen drives. It has the flexibility to integrate with other devices.

It is helpful in identifying the rogue devices in the environment where we don't have any agents deployed. We can identify them through Symantec. We have also heard that with cloud Symantec, we can do remote deployment through the console itself.

The dashboard view and reporting are valuable. It is stable and easy to integrate, and it provides custom options.

The agent is lightweight, and the response to the known infections with regular updates from Symantec is also valuable.

Nowadays, threats are changing, and they are moving more towards script control and zero-day attacks. So, we would like to have more control similar to an EDR solution. Symantec Endpoint Protection has certainly come a long way as a traditional antivirus, but because the threats are changing, we would like to have more EDR features so that we have a detailed view of the source from where the infection entered the environment and whether it has tried to connect any other endpoint. It should provide such a detailed view for investigation. It should protect against zero-day threats, etc. These are the key enhancements that can make it a complete solution for any enterprise. Currently, we have seen organizations going for two solutions: antivirus and EDR. With both these capabilities, it would be a complete package.

I have been supporting various clients for six to seven years.

It is stable, and that's why I recommend Symantec, especially when it comes to the server environment.

We follow the N-1 process. Whenever there is a new version, we don't upgrade immediately because there can be potential risks. We upgrade to a new version immediately only if we get the recommendation from the vendor or they have fixed any vulnerability or issue that was reported. Otherwise, we follow the N-1 version approach for upgrades.

I have not seen any challenges with the scalability of the solution. I have worked with multiple clients. One of our clients has about 30,000 end users. They are located in eight to nine countries and have about 15 different remote locations.

We have plans to increase the usage of the product, but it all comes down to client requirements. It depends on their environment, its size, and how we want to further enhance that.

Generally, we get a response, and it works, but we have seen some delays or very generic responses. If there is a quarantined file and we need information about what kind of data is there in that file, it takes a lot of time. We sometimes have to escalate to the next level for getting a proper and timely response because it's our client's data that is in quarantine. I would rate them an eight out of ten.

Positive

I have worked with multiple solutions, such as McAfee, Cortex, and CrowdStrike. McAfee has several components, and if any component stops, it impacts the compliance status and puts everything at risk because the definition will not be distributed. Symantec has an edge there because it does not have too many components. Only with the GUP server, we can distribute the definition in remote locations, which makes it easier. It also provides a view of all the GUP servers in the console.

EDR is a different solution. It provides complete visibility and footprint of zero-day and other threats based on the behavior. Symantec also provides that, but it needs more enhancement on the investigation part.

Based on what I have seen and the feedback I have received, its deployment is straightforward. It takes almost a week because it goes through various stages, such as planning, designing, and deployment. It also depends on a client's environment.

The implementation strategy varies, and it depends on a client's environment, such as whether they are a huge organization or whether they have multiple remote locations.

After the deployment, the next stage is doing the configuration, which takes a little while because it involves engaging different departments of a client and doing segregation and restructuring.

It doesn't take more than four to six months for the technology to mature in the client environment. Immediately after deployment, we start making changes to tune the policies based on a client's requirements and define the exceptions. It takes four to six months to have a stable environment.

We have a separate team that does the deployment, but I do share some recommendations depending upon the client environment. After the deployment, that team hands it over to my team for operations, and then we make the changes. So, they do the basic deployment, and we then take over and make the solution mature.

Generally, its deployment does not require more than two people. At the initial stage, they collect and gather information from various sources and proceed with the deployment, and then it takes some time to do the configuration. So, two people are good enough for initial deployment, but when it comes to rolling out the agent to the entire landscape, it takes time. You have to engage various people from different departments. The people involved in its deployment and configuration are administrators and engineers.

It usually doesn’t require much maintenance. We do our regular health checks to see whether the definitions are getting updated or not and whether their replications are working or not. Its maintenance is a one-man job, but the operational activities of the organization generally require two to three people, but the number can vary based on the size of the environment.

Our clients have certainly seen an ROI. They have been using the solution for a long time. They don't want to switch from one solution to another, and that's why we recommend the most stable ones to them.

Pricing is handled by a separate team. Whenever a new client asks for a recommendation, we provide it, but they deal directly with Symantec or other vendors for the pricing.

You should first understand a client's environment in terms of:

• What does the client environment look like?
• What is the size of the environment?
• What are the features they are looking for?
• What is the criticality of their environment?

All these aspects are important. At times, we have seen that clients just ask for the best solution, but they don't have a vision of what would make a solution best for them and what are they expecting from it. They should summarize their requirements, and accordingly, you can propose how Symantec can meet their requirements.

Overall, I would rate it a nine out of ten.

The main use case is to scan vulnerabilities on our endpoints. We need to make sure that our antivirus software is up to date. We need to ensure that patches on our workstations are up to date and that we can scan through folders and files to detect malware.

It's very good. Most of the clients are using this solution. It's able to protect workstations from threats, malicious files, and malicious USB drives. It's able to protect business-related files on the workstations. If you have an environment where you need to protect critical files from threats, it's a good solution.

It also defends us against the latest sophisticated attacks, such as key-finding attacks and spyware. It provides protection against threats, spyware, ransomware, malware, etc. It's pretty good at that.

It provides a single pane of glass. You can see everything through the dashboard. It's pretty good.

It has improved our security posture. It protects us from attacks outside, and it protects our files. It also prevents the corruption of files and secures our critical business-related files.

Symantec Endpoint Security is easy to use, fast, and good for small and medium-sized businesses.

Unlike other AV products, such as Norton, Symantec Endpoint Security doesn't use many system resources.

Its GUI needs improvement. It's good, but it needs to be improved in terms of management and reporting. Its reporting features aren't straightforward.

We've been using the solution for around five years. 

It's stable.

It's scalable. One of the clients has 50 users and another one has 10 users. It's good and pretty fast. It's being used at multiple locations.

It's very easy to increase the number of endpoints. You just need to purchase more licenses. If you have more users, you need more licenses.

We have plans to increase its usage.

I'd rate them an eight out of ten. We had to raise an issue only once, and it was resolved within hours.

Positive

We have other endpoint security solutions. We bid for many companies. We check what the client wants to achieve, and we also take the price into consideration

Generally, Symantec can provide all the features that our clients commonly require. Its price is also good compared to other solutions such as Cisco AMP. Cisco AMP is very expensive. We only deploy it at the airports.

We have different test cases to show how effective it's against different types of malware, corrupt files, malicious files, etc. It works pretty well. We are happy with it. It's able to detect and stop all types of malware. We also tested it to see how it treats benign files, and it works pretty well.

It's simple to install. Its deployment is easy. It takes two to five hours. You need an antivirus server. You can directly download the antivirus client on your PC from there and then you just click next, next, and next to install it. 

We have seen an ROI. Based on the service that you get in return, it's definitely worth the money. 

It's pretty awesome price-wise. That's why we give it to most of our clients. It isn't very expensive.

Compared to Cisco AMP, which is very expensive, its price is okay. It's also cheaper than Malwarebytes.

The license that you purchase lasts a period of time. After that, you again need to purchase another license. Otherwise, you will not be able to get support from Symantec every time you have issues.

I've not used it on mobile devices, but on workstations, it's awesome. You don't require any other antivirus solution. It's simple to install. It works very well in the Windows environment. You don't need to install anything else. It provides any type of endpoint security, including USB protection.

If you have a critical network environment and security is very important to you, you can consider this solution. It can offer you the level of security that you need. It can provide what you are looking for in terms of endpoint protection.

It's very good for a small or medium organization. If you have a very large environment, you can consider other alternatives, but for small environments with 50 users, it works very well. For bigger environments, such as airports, we use Cisco AMP.

It hasn't as such saved time when responding to issues. Sometimes we have issues where the user isn't able to use the system until we resolve the issue. We have had cases where the issue got resolved immediately, but sometimes, we have had issues that required opening a case with them or intervention from the administrator.

Overall, I'd rate this solution an eight out of ten. 

Our client uses Endpoint Security at a school for antivirus protection. For example, if someone plugs in a USB on a classroom computer, Endpoint Security protects the network from infection. We have around 35 classrooms and eight teachers per class, so that's about 280 people.

The school does not use Endpoint Security to its full potential. The use case is basic. For example, it isn't being used to block stealth techniques. Sophos Firewall handles those kinds of attacks. Active Directory isn't used in the classroom, so the ability to block an AD takeover isn't being used. 

We haven't eliminated any other security solutions by adopting Endpoint Security, but we are trying to consolidate our solutions by installing a new FortiGate firewall and client licenses of FortiClient.

Endpoint Security provides the school with fundamental protection against viruses and other malware. It only covers traditional endpoints, not mobile devices, but we've never had any outbreaks. 

The best thing about Symantec is its ability to control our endpoints from a single point. You can manage the antivirus definitions, upgrades, remote scanning, etc., from one console. 

In four years, we had no reason to switch solutions, but lately, we've found that Symantec is slowing down the machines. They are looking to change solutions. I would like to stop the Endpoint Security Client's scan when the device boots. It slows the machine a lot. The scan should only run when the machine is idle. The scan often happens when the machine is at its peak load. 

I would also like Symantec to add ransomware protection. If a machine is infected by ransomware, it's hard to recover the data. We don't have any data on the client, so we're not overly concerned about that. Still, it would be nice to have this feature if there are any future problems. 

My client has been using Endpoint Security for two or three years.

Endpoint Security is stable. 

Endpoint Security is a scalable tool. 

I rate Symantec support a nine out of ten. I only had to contact them once in ten years, and the support was excellent. They solved the problem in ten minutes.

Positive

We're looking at other solutions. We mainly want something that doesn't experience performance degradation during scans or updates. 

I started to work with this client two years after implementation. I have been managing the solution for a year and a half. I provide them with renewals and updates when necessary. It doesn't require much maintenance. I didn't have to visit the premises this year.

The price of Symantec is on the higher end. They face some competition from a company called Quick Heal, which is much cheaper than Endpoint Security. They offer three years of protection at just 900 rupees.

I rate Symantec Endpoint Security an eight out of ten. My first piece of advice is not to deploy Endpoint Security on traditional machines because it'll slow it down. India is a price-sensitive market. Many companies won't pay attention to the speed of a hard drive. They'll only look at the size. They would rather go for a 500 GB hard drive, even if it is not required, rather than a 256 GB SSD. 

If you want to deploy something over and above your operating system's capabilities, you need to have a powerful machine to handle that. Performance is mainly an issue on devices using traditional drives. The performance doesn't deteriorate by more than two percent on an SSD drive, whereas it is more than 15 to 20 percent on an average drive.

The solution's application control feature is very, very powerful. The solution will automatically check the host integrity and quarantine if something is not compliant.

Users mostly complain that the solution slows down the system whenever something is scanned. Sometimes, Symantec gets blocked with legitimate applications, and we add the application in the exceptions. Users always complain that agents, which are very heavy for the system, slow down the PC's performance.

I have been using Symantec Endpoint Security for seven years.

Around 1,300 to 1,400 users were using the solution in my previous organization.

I am happy with the solution's technical support team.

The solution’s initial setup is easy.

We started with a very old version and eventually upgraded to RU6. Since we had some Windows 7 clients in our organization, we couldn't upgrade to the next versions, RU7 and RU8, because Windows 7 support is not available in those versions. Meanwhile, we started working on upgrading some systems which have specific applications running on them.

My previous organization compared different products and decided to use Symantec Endpoint Security because it was very good back then. Symantec was the first one to highlight the 2021 cyber threat. Back then, not many people were familiar with the concept of EDR.

After comparing different products, we decided to go with Symantec Endpoint Security because our major concern was application control. We didn't want any user to come, use a USB to copy the data, and leave the organization. Since users don't give us time to upgrade the system, we put the host integrity. If a service pack is not installed on the system, the system will get quarantined.

Overall, I rate Symantec Endpoint Security an eight out of ten.

We use the solution for our endpoint security. It's our compliance requirement to prevent virus attacks and ransomware attacks. However, it's unmanaged and not like a top competitor to CrowdStrike.

The solution's reporting could be improved. The solution could have better integration with other services.

I have been using Symantec Endpoint Security for one and a half years.

I rate the solution’s stability an eight out of ten.

More than 5,000 users were using the solution in our organization.

We were using the signature deployment, which is not easy.

Symantec Endpoint Security is an expensive solution.

Given the number of alerts and the variety of attacks we get, we will require AI capabilities for threat detection. Around six to seven members were involved with the solution's deployment and maintenance. I wouldn't recommend the solution to other users unless it is updated.

Overall, I rate the solution a five out of ten.

The primary use cases of this solution are for antivirus protection, anti-malware protection, and personal firewall protection.

The most valuable feature is the automated updating. They send out updates on a regular basis. All that we have to do is to set it up on our server to download it, then it is distributed to the individual endpoints. 

Individual machines could do the same thing but it would only be on that one machine.

It seems to block things fairly well.

This solution is resource-heavy. It uses up a lot of memory and a lot of disk space. It demands a lot of resources. There have been improvements with Windows 10 and it's not as problematic.

The firewall capabilities did not seem to do what the documentation claimed it should do.

Port control is one of the things that this solution does do, but it does it on a higher level. When I say port control, it's things like USB ports that can be used to plug things in. For example, if you plug in a wired mouse or a wireless mouse then you want the flexibility to be able to do that. It should be able to identify that it is a mouse and let you use it. 

By the same token, if you plug in a 1 TB external hard drive, that should be shut down unless it is one of your hard drives. The only way to detect that would be to have units with their own serial number and the system programmed in such a way that it would recognize it.

Seagate for example has many external drives. They have serial numbers on those drives, and we don't want to just set it up for use by any Seagate drive. We want our external drives to be used, only. We don't want to have to go purchase Seagate drives to have it work. We want them to get it from us, that we know works, and have them return it to us.

I would like to see a check-in system where you can log which specific drives your staff can access and what they cannot access.

I have been using this solution for approximately six to eight years.

With Windows 7 there were some stability issues. The environment handled resources differently. You could have a fairly resource-heavy solution that would make the system unusable.

Windows 10 improved stability quite a bit.

Technical support is good, but when they sold to Broadcom, even though people were paying for the support they were not getting it.

This product is more reasonably priced than some competing solutions.

We spoke with some vendors who recommended Sophos and Crowdstrike. While Crowdstrike has some incredible features, it's four times the cost.

Sophos is supposed to handle our needs.

Crowdstrike could handle our needs and then some, but we couldn't justify the cost.

Within the last three or four months, we decided to drop Symantec on its own because of some issues we have with the company. We will be using Sophos.

Symantec sold off their enterprise solutions, which this product falls into. When they sold it. they sold it to a company that has purchased software packages in the past and not done very well with it. They are a hardware company trying to expand into the software realm. This is another example of a hardware company that thinks that they can do software and they can't.

We were told that Broadcom was ignoring all of their customers that were below a certain level of license purchases. Some of the customers were calling wanting to renew their product and they were having to wait a month or six weeks just to get a quote.

We did our own research and confirmed that what we were told was true and decided that we were not going to renew and went to Sophos.

If you are going with Symantec, definitely purchase the 24/7 tech support. They will help you with just about everything, or at least they used to. I am not sure if that still applies to Broadcom.

They now offer the option to put it into the cloud for the management capabilities. That way the endpoints, the individual laptops, and desktop computers are actually going to a website to get the management, the new definitions, and new configurations. This option should seriously be considered. 

I am not recommending that they do that but they should at least seriously consider it, because, while having that one server to do that one thing is fairly important, it would be nice to not have to deal with it.

For what we were using this product for it was pretty good, but there were some things that we didn't like, and some things that we would have like to take advantage of.

I would rate this solution an eight out of ten.

We are a solution provider for end customers like Telco, banks, etc. We are also a Symantec partner and reseller. Not only do we use it but we also position this solution for customers.

We have a telecom company that was using Kaspersky and they still had some vulnerabilities and attacks and we discussed with them and succeeded in presenting this solution. The one we proposed was Symantec Protection Suite, SPS Enterprise Edition, for about more 1,100 endpoints, exactly 1,100 users. We also implemented the mailer for Symantec Messaging Gateway for spam protection. Until now they used the solution and they are very satisfied with it. We started with SEP 12.1 but later they upgraded to SEP 14.

We had a bank that we were working with and they had a challenge in which they needed to protect against vulnerability. They had previously used Kaspersky, we discussed and told them that Symantec is capable and is able to address their specific challenges. We gave them a trial version. When they started they found it very easy; not easy to implement but easy to use. We started with the headquarters here and later we also implemented it for all the subsidiaries in the region, in other countries. They have a centralized solution, so they can help other countries in management. 

We had to position Symantec in big companies like Telco and several banks. With this solution, you also get the Protection Suite, endpoint protection, SEP, and you also have the Mail Security and Messaging Gateway. It's really integrative and our customers find it very valuable. It addresses almost all of the challenges on security for endpoint messaging. Symantec is going to be used much more because of its features.

The mobility solution should be improved. You need to separately purchase mobile, like a smartphone with Android and so on, you need to buy it separately with SAP, for example. It would be better for the user to use the same solution with all devices, even laptops, desktops, server and so on. They should also use the same endpoints for mobile devices. 

There are a few negative points. They should separate the feature for each separate solution for mobile devices. The second one is about the price, it's expensive. Finally, the third would be the complexity of implementation.

It is very stable. Even the customers don't really complain compared to other solutions. 

It is very scalable.  

Their technical support is reactive. When you have an issue, you just log a service request and you can find an engineer to help you. I would rate their technical support a nine out of ten. We're very confident that whenever we have an issue we can find the solution. It also depends on the support you choose. We have 24-hour support.

We also use McAfee because of the scalability. It had the issue that it consumed too many resources and for vulnerabilities, sometimes there are some direct varieties you cannot delete.

The initial setup is a little bit complex. You need to have a certain level of training before being able to set up it. What is nice is that you can remotely install the set up on all of the infrastructures from the server, the SAPM, that is the Symantec Endpoint Protection Manager, you can manage all the endpoints but it's not really easy to set up or to configure the policies. Sometimes customers find it a little bit difficult to implement for the configuration because you need some knowledge to implement the feature.

The setup depends on the issues of the network. The bottom line is if the network is really mastered, the policies on the network are really mastered in around three to four days for the new companies.

We only need one person who is well trained to manage and support this solution. 

It's not planned yet to switch to another product but we can potentially implement Cisco as we are also a Cisco partner and we find it sometime interesting when requested by the customer. But we push and we recommend Symantec.

This solution is very effective. It can really address the challenges but you need to have training in order to be able to effectively implement it. If you don't fully know how to implement it you can't use the features very usefully.

I would rate it a nine out of ten because of its ability to address challenges and because of the completeness of the solution.

We're primarily using this solution for our workstations.

The product is a good antivirus in terms of the fact that it can do real-time scanning and scheduling. We can plan scans for the weekend. We can also control it on the server for all the clients it manages. 

The solution gets real-time updates of virus definition files from the internet. If there is any malware attack or something, then it can immediately download and apply it to the clients.

The initial setup is straightforward.

The pricing is pretty good. We don't find it too expensive to have in our organization.

We've had some issues with the performance. There have been some minor hiccups. Now it's better. Initially, it had some issues, not for all, but some of the systems only. We had applied a fix that was released in the 14.1 version. By 14.2 they fixed the issue. Ever since we applied 14.2, it's good.

During the scanning time, it could be less intrusive for the users. Right now, it's not exactly working quietly in the background.

Technical support could be more responsive.

I've been using the solution for six years at this point. It's been a while since we began working with it.

While we've had issues with stability in the past, since version 14.2 it hasn't been a problem. We no longer have issues.

The resources can be expanded with more load and all, however, I'm not sure how scalable it is in terms of expanding it.

Internally, there are likely 800 users that use this product.

We've dealt with technical support in the past. They are okay, however, they could be faster in their response time. We're not fully satisfied with their level of service.

We didn't previously use a different solution.

The initial setup is not too complex. It's pretty simple and straightforward. A company shouldn't have too much trouble with the implementation.

The installation of the server would have taken few hours, however, on the client site we attracted an automated installation, so it deployed from the server and we can pose the agent to the server from the client.

We had a manager and two consultants that handled the implementation.

We had a consultant assist us with the client.

We need licenses to use the product, however, the pricing is reasonable. It's not too expensive.

I'd recommend the solution. I'd rate it at an eight out of ten.