What is our primary use case?
There are two use cases. One is the compliance of policies or standards, and the second is vulnerability assessment. The Symantec Control and Compliance Suite helps us in the development of policies and policy lifecycles.
We perform vulnerability assessments on our technology infrastructure and compliance audits to do a compliance check on CIS benchmarks. We can perform CIS benchmarking and compliance testing with this tool.
What is most valuable?
I find the vulnerability assessment and asset prioritization feature valuable. It actually creates a risk profile of assets. It's also good for basic infrastructure scanning.
What needs improvement?
The support mechanism can be improved. I would also like to add that it would be great if we could scan a previous date or based on the previous date's updates. Like today, if I want to run that scan on a system, if a system allows me to exclude all the patches that were released after October 2020, it will actually provide a clearer picture. This is because in October, we had these vulnerabilities, and these vulnerabilities are fixed now.
Anyway, there's no point in talking about improvements. Symantec has already told us to buy another product as they are discontinuing this solution.
For how long have I used the solution?
We have been using Symantec Control Compliance Suite for about ten years.
What do I think about the stability of the solution?
Symantec Control Compliance Suite is a stable solution.
What do I think about the scalability of the solution?
Symantec Control Compliance Suite is scalable. We can deploy different, multiple scanners to scale across multiple geographic locations.
How are customer service and technical support?
The support mechanism needs improvement because whenever we went to them with a problem, the support was very poor.
Which solution did I use previously and why did I switch?
We deployed or used several products. We used Nessus, Qualys, and Rapid7. It isn't easy to compare these products. For example, I am very comfortable with the Symantec product for endpoint protection or email security, but I'm not comfortable using it for vulnerability scanning.
For vulnerability scanning, I would go with other products like Nexpose, Nessus, and Qualys. I personally rate those products better than Symantec. But for the vulnerability assessment and compliance area, and something not generic like antivirus, Symantec is good. We are also using the email gateway, which is good.
How was the initial setup?
The initial setup was simple.
What about the implementation team?
We deployed it by ourselves. My team also maintains the product.
What's my experience with pricing, setup cost, and licensing?
Symantec Control Compliance Suite was the cheaper option for us. But the main reason why we're still using it is that we purchased the complete suite back in 2011. At that time, product prices were low. Over the last ten years, there's been an annual incremental growth of prices, but our previous contract lowered the prices through renewals.
Initially, the local vendor will charge you for deployment. The rest are all patches, updates, upgrades, and everything was covered in the license, even support. But at that time, these deployment charges weren't all for Symantec Control and Compliance Suite alone. It was for an umbrella project we did with nine different products.
What other advice do I have?
The vulnerability scanning market is mature. I would recommend products like
BeyondTrust, Rapid7, Qualys, Nexpose, and Nessus. These are all good, but they have their limitations. For example, some of these products aren't specialized for network scanning, and you'll have to use another product for that.
On a scale from one to ten, I would give Symantec Control and Compliance Suite an eight.
Which deployment model are you using for this solution?