Symantec Advanced Threat Protection Review

Good incident management and great integrations but needs to improve its on-premises appliances

What is our primary use case?

We primarily use the solution for its integration capabilities.

What is most valuable?

Their integrations are pretty good as are their Sandbox solutions, their proxies, and their LTAs with API or ICAP protocols.

Symantec has good experience in the field. They're good at picking up on trends.

They have one of the biggest background cloud networking internet solutions due to the fact that they have a lot of customers everywhere in the world and they have a lot of data.

The incident management on the solution is very good. You get a lot of detailed information about an incident. You also get a lot of documentation in connection with the CVI or integration.

If you have to integrate it with CM solutions, you can correlate data more with other solutions, for example, with firewalls. The result of this integration is that it gives you much more information. 

There are customers where the engineers have enough time to investigate all of the incidents. However, you can also collect this data in a CM and then in an incident and response management solution. It ends up saving a lot of time

What needs improvement?

Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly.

Symantec ATP doesn't offer add-ons or anything of that nature. It's a closed architecture, a closed system. It's based on a Linux OS, and we haven't got a lot of privileges to change anything.

That said, if you are integrated with content analysis, then you have to use a lot of very good add-ons for the content analysis to find and analyze and investigate. If you only have ATP it's not enough to be effective. You have to use other solutions from Symantec, like its content analysis. You have to integrate the messaging gateway or email security and so on. 

For how long have I used the solution?

I've been using the solution for two years.

What do I think about the stability of the solution?

The solution is mostly stable. However, these types of solutions can be blocking items and will need to be adjusted. If you have any LAN, for example, and an on-premise solution, then you need to change it. When you do you will lose the connection. Therefore, if you have LAN solution, you need to change the mode out of work hours.

What do I think about the scalability of the solution?

In terms of the on-premises appliances, you need very big appliances to handle the storage. Users of on-premises solutions really need to size things up correctly at the outset, as it isn't easy to scale a physical environment.

How are customer service and technical support?

We've contacted technical support in the past. 

As of right now, with the Broadcom acquisition, many people are changing roles which causes support to be rather slow. The senior engineers are now moving to premium support. Due to these changes the customers aren't the happiest as they have to wait longer for help or information. This has only been happening for about a year, which, in thte scheme of things, isn't too long.

Which solution did I use previously and why did I switch?

We've worked with Palo Alto in the past and have just started using Check Point.

How was the initial setup?

Whether the initial setup is straightforward or complex depends on on the company and its requirements and if it plans to integrate the solution into other products.

Deployment times vary; it really depends on the organization's existing architecture and on the integration. For example, if you like to only implement systems for the EDR facility, all the EDR, along with the manager, is a pretty fast process. However, if you would like to integrate it with your email security or with your web proxy, or with anything else, that will be complicated and will lengthen the processes. The implementation can take anywhere from one month to one year.

What's my experience with pricing, setup cost, and licensing?

The solution isn't the least expensive option. Other solutions do cost more, however.

What other advice do I have?

We have been platinum partners with Symantec.

The solution is at a bit of a crossroads due to its acquisition by Broadcom and they changed their EDI solution because Broadcom had an EDI network solution too. There were EDI scanners in the network, but it's on the side. Now they have a new direction in this area, due to the fact that they want to solve these processes only from the endpoint side. Frankly, I am still waiting for the restart of this new direction. I do not think it's enough. 

While most deployments are using on-premises, we have some hybrid and cloud solutions too. It depends on the customer.

Whether or not this is a suitable solution for a company depends on its network and requirements. Different products offer different benefits. A company needs to shop around to see which fits best. For example, it's not the best solution for enterprise companies. Also, their price is not the cheapest, however, there are many more that are more expensive as well. 

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More Symantec Advanced Threat Protection reviews from users
...who work at a Comms Service Provider
...who compared it with Palo Alto Networks WildFire
Add a Comment