There are several areas where Symantec Endpoint Detection and Response can improve, including shell features, web control, asset management, and device control. Specifically, the application control features and automation could be enhanced.
Symantec is a dead product. The product does not have any add-on features. The interface has many issues. There is no proper KB article to fix the error.
The solution needs to provide better integration. We may receive things from email, network, or the machine itself. So we need a centralized system to get alerts or messages which are not available in the product. The solution must provide features to centralize the alerts received. It should provide integration with other Symantec products.
Learn what your peers think about Symantec Endpoint Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
The solution's price could be better. Presently, it is expensive for basic functionality. Also, they should make its UI more user-friendly. It takes time to find the policies and analyze their effects. They should add a customization option for policies. In addition, they should add more scanning features to it.
Consultant Cybersecurity & SD WAN at a computer software company with 201-500 employees
Reseller
Top 10
2023-04-13T11:29:51Z
Apr 13, 2023
They need to improve their cloud presence. They need to keep developing prevention. Many OEMs are focusing on the detection part only. They need to address the challenge of gathering false positives. We do not need any extra features.
I'm not sure if there are any features that need to be added. We'd like them to continuously improve their security posture to ensure they can protect customers from future threats. While they are quite dynamic, they need to ensure they are detecting threats faster in the future to keep people safer.
Technical Support Administrator at a newspaper with 51-200 employees
Real User
Top 20
2022-12-09T11:37:38Z
Dec 9, 2022
We are in Iran, so for some Symantec services, we face sanctions. The interface is very complicated. It needs to be simplified in future releases. It needs to offer better documentation around configurations during setup. Scalability is limited. It needs more expansion capabilities and should offer more efficiency.
I think we have experienced some technical issues because the company focuses mainly on bigger clients. They should treat every client equally instead of only targeting high-profile or high-revenue-generation clients. The focus should be client-centric, not only revenue-centric. Also, sometimes the solution fails to detect zero-day attacks, so that feature needs some enhancement because it is lacking compared to other solutions.
I have not picked up anything that is lacking in terms of features while using this tool. They do need to minimize the number of agents installed on a server. The response time for technical support takes too long.
Head: Cyber and Information Research Centre at Council for Scientific and Industrial Research
Real User
2022-05-08T05:57:53Z
May 8, 2022
In the future, it would be nice to have playbooks in the tool, to allow for some of the common activities to be automated. For example, some of the scannings of the malware can be too manual for a specific device. Additionally, a vulnerability manager would be beneficial.
Vice President, Head of Infrastructure, Information Systems Group at a financial services firm with 10,001+ employees
Real User
2022-02-18T08:26:59Z
Feb 18, 2022
The unpredictability of the pricing is a cause of concern. It would be good if it can anticipate zero-day attacks. I don't know how it can be done and if it is even a feature of this product.
Function Head Corporate Desktop Services at a tech services company with 5,001-10,000 employees
Real User
2021-11-22T20:41:36Z
Nov 22, 2021
Their customer support has deteriorated significantly since Symantec was purchased by Broadcom. We have issues interfacing with Broadcom. eg: There is no TAM / sales team in Broadcom for Symantec products. We have faced up to 3 months delays in getting a quote to renew the license through their partners.
Senior Security Architect at a tech services company with 11-50 employees
Real User
2021-10-12T15:32:34Z
Oct 12, 2021
The solution should offer more features, such as ones which are forensic and timeline. The tech support was very bad in the immediate aftermath of the merger, although it is now slightly better. The problem came down to the ownership of the case. Support was horrible when the Broadcom entered the picture, but they have done much work in this area and things are mostly better. It would be nice to see more granular timeline analysis.
Project Manager at a consultancy with 501-1,000 employees
Real User
2020-06-30T08:17:33Z
Jun 30, 2020
Reporting is a major issue, as it is not user friendly. It's the biggest challenge we are facing. I have raised this issue multiple times. With virus detection, if one OEM vendor is detecting the virus at 1:10 am, within 24 hours all others will detect it. For example, Symantec will detect the virus, then McAfee will detect it then Trend Micro, all within 24 hours, everyone will have it covered. In the next release, I would like to see the option to customize the report as per our needs, and better reporting in general.
I think the network forensics feature could be improved. It's not part of SEP, but it's part of the package and I think that could be improved because we need the decryptor. Without that you can't actually decrypt the SSL traffic going in the network. If the solution could be completely software-based, it would be a formidable product. Symantec could include that as an additional feature, it's something that other solutions provide. Secondly, instead of just making it endpoint deception, they could make it network deception as well and that would make it a complete endpoint protection solution.
I don't see much room for improvement. I am not an analyst for this product. I just manage this product for an analyst. I like the dashboard, it has lots of information like threats and we can see activity on the dashboard. It shows new and unknown threats in the environment. This feature is very good for EDR monitoring and management.
Symantec Endpoint Detection and Response (EDR) is a powerful security solution designed to help organizations proactively detect, investigate, and mitigate advanced threats across their endpoint environments. As part of Broadcom's cybersecurity portfolio, Symantec EDR provides comprehensive visibility into endpoint activities, enabling security teams to quickly identify and respond to threats that evade traditional defenses.
Symantec EDR leverages machine learning, behavioral analysis, and...
There are several areas where Symantec Endpoint Detection and Response can improve, including shell features, web control, asset management, and device control. Specifically, the application control features and automation could be enhanced.
The solution could improve their service.
Symantec is a dead product. The product does not have any add-on features. The interface has many issues. There is no proper KB article to fix the error.
The GUI could be better. It has reports for every part of the product, but it doesn't have reports for better usage.
The solution’s scalability and stability could be improved. The solution's investigation feature can be further improved.
The solution needs to provide better integration. We may receive things from email, network, or the machine itself. So we need a centralized system to get alerts or messages which are not available in the product. The solution must provide features to centralize the alerts received. It should provide integration with other Symantec products.
It should be easier to deploy Symantec's client for end-users.
The solution's price could be better. Presently, it is expensive for basic functionality. Also, they should make its UI more user-friendly. It takes time to find the policies and analyze their effects. They should add a customization option for policies. In addition, they should add more scanning features to it.
They need to improve their cloud presence. They need to keep developing prevention. Many OEMs are focusing on the detection part only. They need to address the challenge of gathering false positives. We do not need any extra features.
I'm not sure if there are any features that need to be added. We'd like them to continuously improve their security posture to ensure they can protect customers from future threats. While they are quite dynamic, they need to ensure they are detecting threats faster in the future to keep people safer.
We are in Iran, so for some Symantec services, we face sanctions. The interface is very complicated. It needs to be simplified in future releases. It needs to offer better documentation around configurations during setup. Scalability is limited. It needs more expansion capabilities and should offer more efficiency.
I would like to see better scanning capabilities.
I think we have experienced some technical issues because the company focuses mainly on bigger clients. They should treat every client equally instead of only targeting high-profile or high-revenue-generation clients. The focus should be client-centric, not only revenue-centric. Also, sometimes the solution fails to detect zero-day attacks, so that feature needs some enhancement because it is lacking compared to other solutions.
I have not picked up anything that is lacking in terms of features while using this tool. They do need to minimize the number of agents installed on a server. The response time for technical support takes too long.
Symantec Endpoint Detection and Response could improve the reporting. It is very difficult to create reports from the user interface.
In the future, it would be nice to have playbooks in the tool, to allow for some of the common activities to be automated. For example, some of the scannings of the malware can be too manual for a specific device. Additionally, a vulnerability manager would be beneficial.
The unpredictability of the pricing is a cause of concern. It would be good if it can anticipate zero-day attacks. I don't know how it can be done and if it is even a feature of this product.
Their customer support has deteriorated significantly since Symantec was purchased by Broadcom. We have issues interfacing with Broadcom. eg: There is no TAM / sales team in Broadcom for Symantec products. We have faced up to 3 months delays in getting a quote to renew the license through their partners.
It would be beneficial to have more integration and compatibility with other platforms.
The solution should offer more features, such as ones which are forensic and timeline. The tech support was very bad in the immediate aftermath of the merger, although it is now slightly better. The problem came down to the ownership of the case. Support was horrible when the Broadcom entered the picture, but they have done much work in this area and things are mostly better. It would be nice to see more granular timeline analysis.
Some fine-tuning is required because we often see false positives.
Reporting is a major issue, as it is not user friendly. It's the biggest challenge we are facing. I have raised this issue multiple times. With virus detection, if one OEM vendor is detecting the virus at 1:10 am, within 24 hours all others will detect it. For example, Symantec will detect the virus, then McAfee will detect it then Trend Micro, all within 24 hours, everyone will have it covered. In the next release, I would like to see the option to customize the report as per our needs, and better reporting in general.
I think the network forensics feature could be improved. It's not part of SEP, but it's part of the package and I think that could be improved because we need the decryptor. Without that you can't actually decrypt the SSL traffic going in the network. If the solution could be completely software-based, it would be a formidable product. Symantec could include that as an additional feature, it's something that other solutions provide. Secondly, instead of just making it endpoint deception, they could make it network deception as well and that would make it a complete endpoint protection solution.
I don't see much room for improvement. I am not an analyst for this product. I just manage this product for an analyst. I like the dashboard, it has lots of information like threats and we can see activity on the dashboard. It shows new and unknown threats in the environment. This feature is very good for EDR monitoring and management.
The Symantec portfolio is not big enough to cover the organization in all 360 degrees.