We just raised a $30M Series A: Read our story

Symantec Advanced Threat Protection OverviewUNIXBusinessApplication

Symantec Advanced Threat Protection is #7 ranked solution in top Advanced Threat Protection (ATP) tools. IT Central Station users give Symantec Advanced Threat Protection an average rating of 6 out of 10. Symantec Advanced Threat Protection is most commonly compared to FireEye Network Security:Symantec Advanced Threat Protection vs FireEye Network Security. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is Symantec Advanced Threat Protection?

Symantec Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and remediates advanced attacks. The product fuses intelligence from endpoint, network, and email control points, as well as Symantec’s massive global sensor network, to stop threats that evade individual security products. It leverages your existing Symantec Endpoint Protection and Symantec Email Security.cloud investments, so it does not require the deployment of any new agents. You can deploy a new installation of Symantec Advanced Threat Protection and start to discover suspicious activity in under an hour. Using the proven technology in Symantec Insight reputation based detection, Symantec SONAR behavioral analysis with the new Symantec Cynic sandbox and file analysis platform, Symantec Advanced Threat Protection provides better detection and prioritization than other vendors, allowing security analysts to “zero in” on just those specific security events of importance.

Buyer's Guide

Download the Advanced Threat Protection (ATP) Buyer's Guide including reviews and more. Updated: November 2021

Symantec Advanced Threat Protection Customers

ECI

Symantec Advanced Threat Protection Video

Archived Symantec Advanced Threat Protection Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Mohammed Asif
Asst. Manager System Administration at Saudi Re
Real User
Protects us from email threats that include file attachments and embedded URLs

Pros and Cons

  • "The most valuable feature is Click-time URL protection."
  • "There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed."

What is our primary use case?

We use this solution for email threat protection. It automatically scans our emails, including attachments. It also provides a sandbox feature.

It is hosted within the Symantec cloud.

What is most valuable?

The most valuable feature is Click-time URL protection. If there are any URLs in the email then they will be automatically scanned, and then opened.

What needs improvement?

The support for this solution can be improved because we are not receiving alerts for maintenance.

There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed. For example, you can only block three thousand IPs.

For how long have I used the solution?

I have been using this solution for two years.

What do I think about the stability of the solution?

In the past two years, we have had no issues with stability. We have had ninety-nine percent uptime.

What do I think about the scalability of the solution?

We have one hundred and twenty-five users for this solution, and we plan to increase our usage in the future.

How was the initial setup?

The initial setup of this solution is straightforward. It is cloud-based and not complex.

What about the implementation team?

We did the configuration ourselves. We only needed to set up the IPs for the incoming and outgoing mail servers. 

What's my experience with pricing, setup cost, and licensing?

The pricing of this solution is inexpensive and affordable.

What other advice do I have?

This is a good solution, and whatever our requirement is, all of the features are there.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SS
Competitive Engineer at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Offers elaborate detection features and provides information linked to each of the attacked computers

Pros and Cons

  • "They manage to solve detection quite nicely. There is some rather elaborate detection compared to other providers."
  • "It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case."

What is most valuable?

They manage to solve detection quite nicely. There is some rather elaborate detection compared to other providers. Most of the providers of the security software offer a threat graph, for example, so you can see how the menace propagates throughout the infrastructure. Symantec also provides a small set of information linked to each of the attacked computers. It provides a bunch of information that I find useful.

What needs improvement?

The endpoint protection looks old.

Another issue is in the deployment requirement for the ATP single instance. They should work on lowering, for example, the storage requirements which is around one terabyte but only for one ATP instance. The whole product works for more complex infrastructures and is designed to work with more than one instance, so you can imagine the requirements. 

It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case.

For how long have I used the solution?

I've been using the solution for three to four months.

What do I think about the stability of the solution?

I didn't evaluate the stability of the solution but it didn't crash after installing. It's been working nicely. I cannot provide a definitive response. Normally, I would test this part of it using some kind of test, libraries and so on but I didn't do that.

What do I think about the scalability of the solution?

For the EPP, it seems like it was initially designed for the small business segment. The scale and scalability are poor. For the ATP, it is well designed with scalability in mind even with the most complex deployment possible.

According to that documentation, it should scale up to a much higher level of complexity. So, scalability seems acceptable in my opinion. We have about 90-100 licenses right now.

How are customer service and technical support?

I've never had to contact technical support.

How was the initial setup?

For EPP, Endpoint Protection Product the setup easy. You can almost set it up blindfolded. 

For ATP, I bumped into some documentation with misleading paragraphs. The video appliance requires three network interfaces and the documentation is confusing because they are, on one side, documented and seen from the internet. On the other side, they have been named as seen from the internal video appliance. There is no real correlation between these two. You scratch your head two days trying to figure it out. They should at least document it much better. 

Which other solutions did I evaluate?

Over the last few years, I have had the opportunity to test and evaluate a lot of solutions, specifically security software enterprise-class solutions. I don't know how we came to the conclusion that Symantec was the answer. I don't consider that this is the best solution for me but it's a serious product and it deserves appropriate attention.

What other advice do I have?

I would recommend GravityZone over the Symantec package.

Symantec has a lot of products which are working individually and separately and in the last two or three years, they have tried hard to integrate one with the other. ATP has had some serious features cut, and they're not working timing-wise if you don't integrate it with endpoint protection. My advice to the company would be to either make them work individually, separately or to integrate them seriously. 

The dependency between several separately sold products from Symantec is bothersome. You buy a product, for example, Endpoint Protection and, a lot of the features only work if you buy also another product, say ATP. If you want the network detection or manage services or whatever other technology you have to buy another product which also integrates with the first and the second one, and so on.

This is one of the reasons that I like GravityZone because it has everything inside. The worst part is that you don't buy the license for some feature that's inside. They are already there, they are already working. You can at least deactivate them if you don't buy the add-on license. Symantec has the exact opposite perspective. You have to buy each individual product and then integrate them. For a small company, the integration part is easy. If you have 500 endpoints, you integrate three or four and separate the security products, it's done. If you have a complex company with branch offices and separate domains etc. the integration part may take you months of work because the products are separately sold which is bothersome.

I would rate this solution between 8 or 8.5 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Broadcom, FireEye, Palo Alto Networks and others in Advanced Threat Protection (ATP). Updated: November 2021.
555,139 professionals have used our research since 2012.
RP
System Administrator at a non-tech company with 201-500 employees
Real User
Offers email protection, monitoring detection, network intrusion detection, and overall advanced threat protection

Pros and Cons

  • "Technical support is very responsive. You just have to open a ticket. They respond in a timely manner. Their response is good. I'm satisfied."
  • "The administration interface needs a lot of improvement. It should be UI based, and simple. They need to improve it. It's pretty much not that friendly compared to what we were using as Bitdefender before. It's okay but is improving, actually."

What is most valuable?

Overall, the product supports everything already. Feature-wise, because it has something like email protection, monitoring detection, network intrusion detection, it has advanced threat protection.

What needs improvement?

The administration interface needs a lot of improvement. It should be UI-based and simple. They need to improve it. It's not that friendly compared to what we were using at BitDefender before. It's okay but is improving, actually.

For how long have I used the solution?

I've been using the solution for two to three months.

What do I think about the stability of the solution?

Stability-wise, it's okay. We're not really facing any issues at the moment. It's doing its job, it's detecting things and it's reporting it to us, so it's pretty much right on doing that. We did face some issues with applications being blocked, but that's an actual feature of the AV itself so it's not really a problem. Stability-wise, it's okay.

What do I think about the scalability of the solution?

We haven't added any actual features but we counted on having around 2,000 licenses on it. We're licensed for 2,000 users, so it detects everything. If an agent is connected to the manager itself or the to server, it automatically detects the license so we don't really have to do anything on that end. We would know right away how much is being used and how much we need to scale. We are also using this solution for our servers, so around 150 servers and the rest of the licenses are for end-users. We have it installed on most of our workstations now.

How are customer service and technical support?

Technical support is very responsive. You just have to open a ticket. They respond in a timely manner. Their response is good. I'm satisfied.

Which solution did I use previously and why did I switch?

We previously had BitDefender and we have been using it for our advanced protection. We decided to change because we didn't have any product updates from them. We were looking for what upcoming features or additions that they could offer to us, but they didn't, so that's why we tried to search for a better solution that would actually cater to everything. We wanted just one agent that supports multiple endpoint protection like malware, SONAR or network intrusion, advanced threat protection, behavior analysis. Just one agent for everything. We didn't want multiple agents so that's what we were looking for, and we switched.

How was the initial setup?

The initial implementation was a little bit complex because you have to set up a lot of databases and connectivity between the databases and it's tricky because it's Windows-based. If it could have been a Unix or a Linux based, it would have been pretty straightforward, it would have its own database and everything.

What about the implementation team?

We had the help of a partner during implementation.

What other advice do I have?

Overall I can recommend the product. It's pretty much the best for protecting from intrusions or other malicious items that are coming from the endpoint and the servers. If you have the ATP software, it will actively seek out whatever is being affected inside it because it has PFM threat protection enabled for it. Each of these features is not normally found for endpoint protection.

I would rate this solution 8 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
VC
Senior Director of IT Operations at a comms service provider with 10,001+ employees
Real User
It's very helpful from a centralized administration point of view

Pros and Cons

  • "It has certainly helped out our audit efforts because we each stay compliant in terms of various security standards."
  • "An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance."

What is our primary use case?

Endpoint production is to protect our laptops. So, we use it to secure our corporate laptops.

How has it helped my organization?

It has certainly helped out our audit efforts because we each stay compliant in terms of various security standards. So, it's pretty good detecting.

It's very helpful from a centralized administration point of view, e.g., doing policy updates.

What is most valuable?

It works all the time. We do test against it by doing penetration testing and other things. It triggers and block these attacks. We think it holds up, but there's always zero-days.

What needs improvement?

What we want to do is be able to customize some of this on the administrative side. Right now, it is pretty much turnkey. Therefore, it would be nice if we have more customization. We would also like alerting, not to just to the end users, but to the administrators, when something happens.

An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance.

What do I think about the stability of the solution?

It has been around for awhile. It has had several revisions which we have through, and it's stable.

What do I think about the scalability of the solution?

It scales fine because it runs on individual laptops.

How are customer service and technical support?

I have never tried to contact the technical support.

Which solution did I use previously and why did I switch?

We do security scans. We started to detect with security scans that there is no blocking, or we can actually compromise a laptop, we do internal testing and determine if it's time to move to another product.

We previously had a cloud-based solution by Symantec, but switched to this internally managed, centralized solution when we were acquired. The products are similar just meant for different types of organizations: large enterprises (this solution) vs SMBs (cloud-based solution).

How was the initial setup?

The initial setup was pretty straightforward because the team that came in and helped us deploy it had already done so in various other business units within our parent company. They had done this setup many times.

What about the implementation team?

We had an internal deployment team which handled it. Therefore, we do not have to use an integrator at all. However, our parent company is pretty big and they have a large IT team who handles deployment.

What was our ROI?

It decreases our downtime for laptops by protecting them.

What's my experience with pricing, setup cost, and licensing?

Pricing is covered by our global procurement team. It is the solution that they chose.

What other advice do I have?

It's a solid solution.

Do your testing. Get a trail edition. Try to attack it with malware in your lab. See how it will stand up in a bake-off.

The key thing is to keep up with all the industry changes. There are more services running on the cloud and figuring out how to do that.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Syed Ubaid Ali Jafri
Manager Security Operation Center at Engro Corporation
Real User
Real-time threat analysis is quick, takes action immediately

Pros and Cons

  • "Real-time threat analysis is quick and takes action on threats immediately."
  • "The great advantage in using this product is it creates multiple services."
  • "Currently we have 800-plus nodes connected with this solution, without any issues. The solution is scalable."
  • "There are some ‎features that would add value to this product. One of them would be a graphical presentation of threats that the system has encountered."
  • "It should be able to collect information if the agent is disabled."
  • "It also needs network-based threat protection for shared folders and files."

What is most valuable?

Real-time threat analysis is quick and takes action on threats immediately.

What needs improvement?

There are some ‎features that would add value to this product. One of them would be a graphical presentation of threats that the system has encountered. 

It should be able to collect information if the agent is disabled.

It also needs network-based threat protection for shared folders and files. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues yet with stability. The great advantage in using this product is it creates multiple services.

What do I think about the scalability of the solution?

Currently we have 800-plus nodes connected with this solution, without any issues. The solution is scalable.

How are customer service and technical support?

I rate tech support eight out of 10.

Which solution did I use previously and why did I switch?

As a firm we used three or four different products from the top vendors. The slight differences which made us go with Symantec were technical support‎, ease of use, easy deployment of rules, and a better view from the dashboard.

What's my experience with pricing, setup cost, and licensing?

Pricing is good. It is nice to have a great product at a fair price, rather to have an insecure product.

Which other solutions did I evaluate?

Mcafee, Next-Generation Security.

What other advice do I have?

I think you should procure this product. It is a long-term investment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Advanced Threat Protection (ATP) Report and find out what your peers are saying about Broadcom, FireEye, Palo Alto Networks, and more!