Symantec Advanced Threat Protection Review

Offers elaborate detection features and provides information linked to each of the attacked computers


What is most valuable?

They manage to solve detection quite nicely. There is some rather elaborate detection compared to other providers. Most of the providers of the security software offer a threat graph, for example, so you can see how the menace propagates throughout the infrastructure. Symantec also provides a small set of information linked to each of the attacked computers. It provides a bunch of information that I find useful.

What needs improvement?

The endpoint protection looks old.

Another issue is in the deployment requirement for the ATP single instance. They should work on lowering, for example, the storage requirements which is around one terabyte but only for one ATP instance. The whole product works for more complex infrastructures and is designed to work with more than one instance, so you can imagine the requirements. 

It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case.

For how long have I used the solution?

I've been using the solution for three to four months.

What do I think about the stability of the solution?

I didn't evaluate the stability of the solution but it didn't crash after installing. It's been working nicely. I cannot provide a definitive response. Normally, I would test this part of it using some kind of test, libraries and so on but I didn't do that.

What do I think about the scalability of the solution?

For the EPP, it seems like it was initially designed for the small business segment. The scale and scalability are poor. For the ATP, it is well designed with scalability in mind even with the most complex deployment possible.

According to that documentation, it should scale up to a much higher level of complexity. So, scalability seems acceptable in my opinion. We have about 90-100 licenses right now.

How are customer service and technical support?

I've never had to contact technical support.

How was the initial setup?

For EPP, Endpoint Protection Product the setup easy. You can almost set it up blindfolded. 

For ATP, I bumped into some documentation with misleading paragraphs. The video appliance requires three network interfaces and the documentation is confusing because they are, on one side, documented and seen from the internet. On the other side, they have been named as seen from the internal video appliance. There is no real correlation between these two. You scratch your head two days trying to figure it out. They should at least document it much better. 

Which other solutions did I evaluate?

Over the last few years, I have had the opportunity to test and evaluate a lot of solutions, specifically security software enterprise-class solutions. I don't know how we came to the conclusion that Symantec was the answer. I don't consider that this is the best solution for me but it's a serious product and it deserves appropriate attention.

What other advice do I have?

I would recommend GravityZone over the Symantec package.

Symantec has a lot of products which are working individually and separately and in the last two or three years, they have tried hard to integrate one with the other. ATP has had some serious features cut, and they're not working timing-wise if you don't integrate it with endpoint protection. My advice to the company would be to either make them work individually, separately or to integrate them seriously. 

The dependency between several separately sold products from Symantec is bothersome. You buy a product, for example, Endpoint Protection and, a lot of the features only work if you buy also another product, say ATP. If you want the network detection or manage services or whatever other technology you have to buy another product which also integrates with the first and the second one, and so on.

This is one of the reasons that I like GravityZone because it has everything inside. The worst part is that you don't buy the license for some feature that's inside. They are already there, they are already working. You can at least deactivate them if you don't buy the add-on license. Symantec has the exact opposite perspective. You have to buy each individual product and then integrate them. For a small company, the integration part is easy. If you have 500 endpoints, you integrate three or four and separate the security products, it's done. If you have a complex company with branch offices and separate domains etc. the integration part may take you months of work because the products are separately sold which is bothersome.

I would rate this solution between 8 or 8.5 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email