Symantec Advanced Threat Protection Reviews

We primarily use the solution for its integration capabilities.

Their integrations are pretty good as are their Sandbox solutions, their proxies, and their LTAs with API or ICAP protocols.

Symantec has good experience in the field. They're good at picking up on trends.

They have one of the biggest background cloud networking internet solutions due to the fact that they have a lot of customers everywhere in the world and they have a lot of data.

The incident management on the solution is very good. You get a lot of detailed information about an incident. You also get a lot of documentation in connection with the CVI or integration.

If you have to integrate it with CM solutions, you can correlate data more with other solutions, for example, with firewalls. The result of this integration is that it gives you much more information. 

There are customers where the engineers have enough time to investigate all of the incidents. However, you can also collect this data in a CM and then in an incident and response management solution. It ends up saving a lot of time

Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly.

Symantec ATP doesn't offer add-ons or anything of that nature. It's a closed architecture, a closed system. It's based on a Linux OS, and we haven't got a lot of privileges to change anything.

That said, if you are integrated with content analysis, then you have to use a lot of very good add-ons for the content analysis to find and analyze and investigate. If you only have ATP it's not enough to be effective. You have to use other solutions from Symantec, like its content analysis. You have to integrate the messaging gateway or email security and so on. 

I've been using the solution for two years.

The solution is mostly stable. However, these types of solutions can be blocking items and will need to be adjusted. If you have any LAN, for example, and an on-premise solution, then you need to change it. When you do you will lose the connection. Therefore, if you have LAN solution, you need to change the mode out of work hours.

In terms of the on-premises appliances, you need very big appliances to handle the storage. Users of on-premises solutions really need to size things up correctly at the outset, as it isn't easy to scale a physical environment.

We've contacted technical support in the past. 

As of right now, with the Broadcom acquisition, many people are changing roles which causes support to be rather slow. The senior engineers are now moving to premium support. Due to these changes the customers aren't the happiest as they have to wait longer for help or information. This has only been happening for about a year, which, in thte scheme of things, isn't too long.

We've worked with Palo Alto in the past and have just started using Check Point.

Whether the initial setup is straightforward or complex depends on on the company and its requirements and if it plans to integrate the solution into other products.

Deployment times vary; it really depends on the organization's existing architecture and on the integration. For example, if you like to only implement systems for the EDR facility, all the EDR, along with the manager, is a pretty fast process. However, if you would like to integrate it with your email security or with your web proxy, or with anything else, that will be complicated and will lengthen the processes. The implementation can take anywhere from one month to one year.

The solution isn't the least expensive option. Other solutions do cost more, however.

We have been platinum partners with Symantec.

The solution is at a bit of a crossroads due to its acquisition by Broadcom and they changed their EDI solution because Broadcom had an EDI network solution too. There were EDI scanners in the network, but it's on the side. Now they have a new direction in this area, due to the fact that they want to solve these processes only from the endpoint side. Frankly, I am still waiting for the restart of this new direction. I do not think it's enough. 

While most deployments are using on-premises, we have some hybrid and cloud solutions too. It depends on the customer.

Whether or not this is a suitable solution for a company depends on its network and requirements. Different products offer different benefits. A company needs to shop around to see which fits best. For example, it's not the best solution for enterprise companies. Also, their price is not the cheapest, however, there are many more that are more expensive as well. 

I'd rate the solution seven out of ten.

We use this solution for email threat protection. It automatically scans our emails, including attachments. It also provides a sandbox feature.

It is hosted within the Symantec cloud.

The most valuable feature is Click-time URL protection. If there are any URLs in the email then they will be automatically scanned, and then opened.

The support for this solution can be improved because we are not receiving alerts for maintenance.

There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed. For example, you can only block three thousand IPs.

In the past two years, we have had no issues with stability. We have had ninety-nine percent uptime.

We have one hundred and twenty-five users for this solution, and we plan to increase our usage in the future.

The initial setup of this solution is straightforward. It is cloud-based and not complex.

We did the configuration ourselves. We only needed to set up the IPs for the incoming and outgoing mail servers. 

The pricing of this solution is inexpensive and affordable.

This is a good solution, and whatever our requirement is, all of the features are there.

I would rate this solution a nine out of ten.

Endpoint production is to protect our laptops. So, we use it to secure our corporate laptops.

It has certainly helped out our audit efforts because we each stay compliant in terms of various security standards. So, it's pretty good detecting.

It's very helpful from a centralized administration point of view, e.g., doing policy updates.

It works all the time. We do test against it by doing penetration testing and other things. It triggers and block these attacks. We think it holds up, but there's always zero-days.

What we want to do is be able to customize some of this on the administrative side. Right now, it is pretty much turnkey. Therefore, it would be nice if we have more customization. We would also like alerting, not to just to the end users, but to the administrators, when something happens.

An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance.

It has been around for awhile. It has had several revisions which we have through, and it's stable.

It scales fine because it runs on individual laptops.

I have never tried to contact the technical support.

We do security scans. We started to detect with security scans that there is no blocking, or we can actually compromise a laptop, we do internal testing and determine if it's time to move to another product.

We previously had a cloud-based solution by Symantec, but switched to this internally managed, centralized solution when we were acquired. The products are similar just meant for different types of organizations: large enterprises (this solution) vs SMBs (cloud-based solution).

The initial setup was pretty straightforward because the team that came in and helped us deploy it had already done so in various other business units within our parent company. They had done this setup many times.

We had an internal deployment team which handled it. Therefore, we do not have to use an integrator at all. However, our parent company is pretty big and they have a large IT team who handles deployment.

It decreases our downtime for laptops by protecting them.

Pricing is covered by our global procurement team. It is the solution that they chose.

It's a solid solution.

Do your testing. Get a trail edition. Try to attack it with malware in your lab. See how it will stand up in a bake-off.

The key thing is to keep up with all the industry changes. There are more services running on the cloud and figuring out how to do that.

We use the solution for endpoint protection. I'm an infrastructure team leader and we are a customer of Symantec.

Endpoint to network is a good feature, it can protect the line. 

In general, improvements can be made but nothing specific. I think SonicWall and McAfee are better solutions.  I think this is a good solution for someone looking for endpoint protection but not so great if you're looking for advanced threat protection.

I've been using this solution for about six years. 

I think this is a stable solution, we haven't had any bugs or glitches. 

I've contacted technical support many times, they are quite good and helpful. 

Initial setup is relatively straightforward, deployment on our systems took about two or three months. We deployed with our own team. 

I would rate this solution a seven out of 10. 

They manage to solve detection quite nicely. There is some rather elaborate detection compared to other providers. Most of the providers of the security software offer a threat graph, for example, so you can see how the menace propagates throughout the infrastructure. Symantec also provides a small set of information linked to each of the attacked computers. It provides a bunch of information that I find useful.

The endpoint protection looks old.

Another issue is in the deployment requirement for the ATP single instance. They should work on lowering, for example, the storage requirements which is around one terabyte but only for one ATP instance. The whole product works for more complex infrastructures and is designed to work with more than one instance, so you can imagine the requirements. 

It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case.

I didn't evaluate the stability of the solution but it didn't crash after installing. It's been working nicely. I cannot provide a definitive response. Normally, I would test this part of it using some kind of test, libraries and so on but I didn't do that.

For the EPP, it seems like it was initially designed for the small business segment. The scale and scalability are poor. For the ATP, it is well designed with scalability in mind even with the most complex deployment possible.

According to that documentation, it should scale up to a much higher level of complexity. So, scalability seems acceptable in my opinion. We have about 90-100 licenses right now.

I've never had to contact technical support.

For EPP, Endpoint Protection Product the setup easy. You can almost set it up blindfolded. 

For ATP, I bumped into some documentation with misleading paragraphs. The video appliance requires three network interfaces and the documentation is confusing because they are, on one side, documented and seen from the internet. On the other side, they have been named as seen from the internal video appliance. There is no real correlation between these two. You scratch your head two days trying to figure it out. They should at least document it much better. 

Over the last few years, I have had the opportunity to test and evaluate a lot of solutions, specifically security software enterprise-class solutions. I don't know how we came to the conclusion that Symantec was the answer. I don't consider that this is the best solution for me but it's a serious product and it deserves appropriate attention.

I would recommend GravityZone over the Symantec package.

Symantec has a lot of products which are working individually and separately and in the last two or three years, they have tried hard to integrate one with the other. ATP has had some serious features cut, and they're not working timing-wise if you don't integrate it with endpoint protection. My advice to the company would be to either make them work individually, separately or to integrate them seriously. 

The dependency between several separately sold products from Symantec is bothersome. You buy a product, for example, Endpoint Protection and, a lot of the features only work if you buy also another product, say ATP. If you want the network detection or manage services or whatever other technology you have to buy another product which also integrates with the first and the second one, and so on.

This is one of the reasons that I like GravityZone because it has everything inside. The worst part is that you don't buy the license for some feature that's inside. They are already there, they are already working. You can at least deactivate them if you don't buy the add-on license. Symantec has the exact opposite perspective. You have to buy each individual product and then integrate them. For a small company, the integration part is easy. If you have 500 endpoints, you integrate three or four and separate the security products, it's done. If you have a complex company with branch offices and separate domains etc. the integration part may take you months of work because the products are separately sold which is bothersome.

I would rate this solution between 8 or 8.5 out of 10.

In general, we use the solution as our endpoint protection. It's an additional layer, and it's our endpoint security for our antivirus product for the company.

All of the solution's features are quite valuable for us. We especially like the threat protection it provides.

The cloud platform needs to have improvement in terms of the user interface and the different capabilities it has available. It needs to match the other leading next-gen EDR products that are available in the market. That's the reason why we are stepping away from Symantec. Their cloud environment is just generally lacking in comparison to others.

If they could intercept the detection on the different kill chain analysis that would be great.

We've been using the solution since the inception of the company. I personally have been working with it for three years.

Whenever there's a new update we have some issues. The on-premise product would crash and would not function so we would have to reach out to Symantec. 

The scalability of the solution is good. I'd rate it eight out of ten. About 96% of the company uses the solution.

The support team that Symantec offers didn't know how to solve issues even though they referred to themselves as "engineers". They are not really that experienced and well versed in the product. We've been complaining to Symantec on their support because most of them are actually not able to help us whenever we have problems.

When I joined the company, Symantec was already in place.

The initial set-up was complex. 

Our team handled the implementation internally. We did it without the support of Symantec.

We originally deployed the on-premises model, but over the past year, we've started to use the cloud deployment as well.

It would be really great if we had some involvement from Symantec's side. Some of the other endpoint protection products in the market or other companies who are selling the same product, are, in my experience, really helpful. That's one thing that's lacking on the Symantec side. For those considering implementing the product, try to get Symantec as involved as possible. It would be better.

I'd rate the solution six out of ten, based on the cloud capabilities and the privacy offered.