We just raised a $30M Series A: Read our story

Symantec Endpoint Encryption OverviewUNIXBusinessApplication

Symantec Endpoint Encryption is the #2 ranked solution in our list of top Endpoint Encryption tools. It is most often compared to Microsoft BitLocker: Symantec Endpoint Encryption vs Microsoft BitLocker

What is Symantec Endpoint Encryption?
Symantec Drive Encryption, powered by PGP technology provides organizations with strong full-disk and removable media encryption and the ability to integrate with Symantec Data Loss Prevention. Intuitive management enables enterprise scale deployments and features compliance-based, out-of-the-box reporting plus customizable reports. Management capabilities include support for native OS encryption (FileVault2) and Opal compliant self-encrypting drives.

Symantec Endpoint Encryption is also known as Symantec Drive Encryption.

Symantec Endpoint Encryption Buyer's Guide

Download the Symantec Endpoint Encryption Buyer's Guide including reviews and more. Updated: September 2021

Symantec Endpoint Encryption Customers
Citrix Systems Inc., City of Lansing, Commercial & Industrial Property, France T_l_visions, Fujian Mobile Co. Ltd., Group Lotus plc, Hall Booth Smith & Slover, P.C. (HBSS), Portugal Telecom, PostFinance, Public Pension Agency
Symantec Endpoint Encryption Video

Archived Symantec Endpoint Encryption Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Imtiaz Hussain
Malware Hunter and Incident Responder at Computer Network Systems
Real User
Leaderboard
A solution that offers good encryption, good stability and an easy setup

Pros and Cons

  • "The encryption feature is very good."
  • "The agent can be improved on the solution. Right now, we have an Endpoint Protection agent as well as an encryption agent and another for the DLVs and other services. We would prefer a single agent for the entire product."

What is most valuable?

The encryption feature is very good.

As we're just in the testing phase, we haven't explored many other features in-depth yet.

What needs improvement?

When we started at that time, the engineers configured the solution only for our roaming users. Now, we have to reconfigure to SQL because we have almost 10,000 clients. We have to do this through SQL because we cannot keep a record of each client.

The agent can be improved on the solution. Right now, we have an Endpoint Protection agent as well as an encryption agent and another for the DLVs and other services. We would prefer a single agent for the entire product.

Endpoint Encryption should be the same as Endpoint Protection. However, for security purposes, we don't want to show to the client the hard drive encryption and all of those related features. If the solution could remove this visibility on the client level and keep it on the control level of the server, that would be better. We don't want to show to the user the security policies.

For how long have I used the solution?

I've been using the solution for 3 months.

What do I think about the stability of the solution?

We haven't had any issues with the stability of the solution.

What do I think about the scalability of the solution?

The scalability of the solution is fine.

How are customer service and technical support?

We haven't had any issues with the solution yet, so we've never had to contact technical support.

How was the initial setup?

The initial setup is not complex. It's very easy. Deployment time depends on the client and on the machine. Some machines take 24 hours, some machines take three days. Some machines even take up to a half-day. It depends on the hardware.

What about the implementation team?

We had assistance with the integration.

What other advice do I have?

We're using the on-premises deployment model.

I would rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
KM
IT Operations Manager at a tech services company with 10,001+ employees
Real User
The stability and scalability are good

What is our primary use case?

The primary use case is for protecting accounts.

What is most valuable?

Protecting accounts.

What needs improvement?

We would like some advanced security protection features.

What do I think about the stability of the solution?

The stability has been good, so far.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and technical support?

The technical support is good.

How was the initial setup?

The initial support was straightforward.

What was our ROI?

The solution has helped to increase staff productivity.

What other advice do I have?

It is a good product.

What is our primary use case?

The primary use case is for protecting accounts.

What is most valuable?

Protecting accounts.

What needs improvement?

We would like some advanced security protection features.

What do I think about the stability of the solution?

The stability has been good, so far.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and technical support?

The technical support is good.

How was the initial setup?

The initial support was straightforward.

What was our ROI?

The solution has helped to increase staff productivity.

What other advice do I have?

It is a good product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Symantec Endpoint Encryption. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
540,694 professionals have used our research since 2012.
CS
Security Subdirector at a government with 11-50 employees
Real User
It has reduced the number of incidents related to the loss of information

Pros and Cons

  • "It has reduced the number of incidents related to the loss of information."
  • "It's a bit difficult to get good support. Their response times are really bad."

What is our primary use case?

The primary use case is to protect from data loss prevention in my company.

How has it helped my organization?

It has reduced the number of incidents related to the loss of information.

What is most valuable?

The precision that it has to identify all my assets.

What needs improvement?

I would like them to improve their support.

What do I think about the stability of the solution?

The stability is really good and nice. We don't have any issues with the stability, in particular. 

What do I think about the scalability of the solution?

You can get any size or use it in any size organization. So, scalability is not a problem.

How are customer service and technical support?

It's a bit difficult to get good support. Their response times are really bad. I don't like it.

How was the initial setup?

The initial setup was straightforward. It was fast, easy, and not intrusive on my company.

What about the implementation team?

Symantec did the deployment.

What was our ROI?

This solution has helped to increase staff productivity.

What's my experience with pricing, setup cost, and licensing?

The licensing costs yearly are $5000.

Which other solutions did I evaluate?

We had three vendors on our shortlist. I choose this vendor because it was a leader at that time, and it still is the leader right now. 

I am happy with it and not looking to change vendors.

What other advice do I have?

Try to look at many vendors. There are a lot of papers about solutions, especially this one. So, it's really nice. 

I started my security program four years ago, and we now have a mature security program. We added this solution as the last part of our security program.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JJ
Information System Security Manager at a aerospace/defense firm with 10,001+ employees
Real User
Helps us put antivirus solutions in place and prevent malware from infecting our machines

Pros and Cons

  • "It helps us put antivirus solutions in place and prevent malware from getting to our machines."
  • "I can only patch monthly. I don't know what the solution is there, besides being vulnerable for three weeks out of four. But there's got to be an option somehow."

What is our primary use case?

We use it to patch information systems.

What is most valuable?

It helps us put antivirus solutions in place and prevent malware from getting to our machines. It's a pretty clear-cut solution.

What needs improvement?

Semantic is out there doing the work, identifying viruses and malware that come out weekly. That's the real-world landscape and they're pushing that stuff out as quickly as they can. But I can only patch monthly. I don't know what the solution is there, besides being vulnerable for three weeks out of four. But there's got to be an option somehow.

What do I think about the stability of the solution?

The stability is 100 percent. We've never had a problem with downloading it or accessing it. It works as advertised. It's an extremely good product.

What do I think about the scalability of the solution?

I can put it on anything I want. It's 100 percent scalable.

How are customer service and technical support?

I've never had to use technical support.

Which solution did I use previously and why did I switch?

The government requirement was to be using McAfee, and we're using Semantic and we just pushed back on it. I told them I have a solution, it's deployed, it's working. It's 100 percent. Why is the government specifying a solution for one particular vendor in an environment where there are many solutions out there? It actually got quite heated and they backed off on the requirement. I was really surprised at that. It's an argument I went into expecting to lose and they came back and said, "Okay, maybe you have a point." But it is a DoD requirement to use McAfee as the antivirus solution.

How was the initial setup?

The initial setup was straightforward. We downloaded the software, put it on a disk, sneakernetted it over to an isolated network, dropped it in the drive, initialized it, and enabled it. It was pretty easy.

What was our ROI?

It's satisfying our requirements at a very high level. That's a return on investment. I don't have a metric, but the results are very good.

Which other solutions did I evaluate?

This solution was chosen for me. I didn't make the decision.

Last year at RSA, Malwarebytes had a booth. I was talking to the vendor and he had some very interesting research. I won't go into too much here, but he had a graph on how many threats McAfee misses, how many Symantec misses, and how good Malwarebytes is, of course. He was trying to sell their software. He said Malwarebytes is a stopgap between the two. We could use it as he suggested. The problem with that is that when you have multiple antivirus engines installed on a machine, they identify each other's threats and cancel out each other's work. It doesn't really work that way. 

But I have to look at the results. We haven't had a malware incident as a result of the Semantic solution that we have on 95 percent of our machines. We actually have McAfee on two machines because they are for a different customer and it was easier to do that.

What other advice do I have?

If you make the investment in tech, in updated hardware and software, there are other tools - here we are at RSA 2019, those tools are all over the place. There are other tools that are not single-point solutions. You can solve a whole lot of problems for a lot less money if you're using updated hardware and software rather than old stuff, end-of-life, where you just have one other thing that you have to take care of it. You can put an umbrella over everything with a bigger, newer, better product. But you have to have your hardware and software up to date, rather than the situation that my organization is in.

Semantic an excellent product. It's really just the timing that I mentioned earlier that doesn't work well for us.

On the other hand, we haven't had a breach. We haven't had any issues. We haven't had any incidences of malware popping up. But that's more due to the isolated aspect of our networks. We're not touching the outside, so it's really hard for anything to get in. But disks can be sneakernetted in, hard drives can be brought in, USBs can be brought in, mistakes can be made. Not everything is malicious. Sometimes there is just incompetence involved where somebody hooks up something that they're not supposed to and you have exposure. But we haven't seen any threats related to any of that kind of behavior. I can't really say that we have had a case where anything has gone bad.

In terms of security maturity, we're "mature" in the sense that we're ancient, using old equipment that has reached end-of-life. It's really from the old-age home, it's so mature. We're in dire need of tech refresh and I don't have the budget to support that. But if you unwrap that and look at it from the other side, what would we do without it? 

But the real mitigator, the thing that's actually protecting us, is our isolation. We have isolated systems so nothing can get at us. If I get audited, I'd better have antivirus definitions loaded up, current ones. But it really has not affected our security maturity.

If it wasn't for the exception that I mentioned, Symantec Endpoint Encryption, would have been 100 percent successful and I would have to have given it a ten out of ten. With that exception, I have to knock it back to 90 percent, a nine out of ten because, as I said, we're exposed.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DL
Senior Security Analyst at a tech vendor with 11-50 employees
Real User
We can handle remote people very easily with it

Pros and Cons

  • "The management console gives us the ability to quickly control who sees what, ensures we are on the latest version, and up-to-date."
  • "I would like them to have integration with a wider range of non-Symantec products."

What is our primary use case?

The primary use case is just endpoint protection. It is the basis of our whole infrastructure for security staff.

How has it helped my organization?

It ensures that we are kept on the same page of the latest version, as updates are being rolled out.

We can automate the solution. It is very simple, and we can handle remote people very easily.

What is most valuable?

The management console: Being able to quickly control who sees what, ensures we are on the latest version, and up-to-date.

We now have visibility on our metrics.

What needs improvement?

I would like them to have integration with a wider range of non-Symantec products.

It is the industry standard product with the common set of features, but we would like extra features added on.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is pretty stable.

What do I think about the scalability of the solution?

We are a small company. We have had no issues with the scalability nor do we anticipate issues as we grow.

The product works best with large companies, but if you will be opening multiple branches (scaling up), the product may be a fit for you.

How are customer service and technical support?

The technical support is very good and responsive.

Which solution did I use previously and why did I switch?

I don't know what they had before because I am new to this role.

How was the initial setup?

At first, the initial setup was a little complex. Once I understood what I needed to do, it became straightforward. So, initially, there was a bit of a learning curve. For example, I needed to understand that I wasn't overpaying for the number of seats that we needed based on how we expected to scale up for that number of employees that we had.

We upgraded to the latest version within the last six months.

What's my experience with pricing, setup cost, and licensing?

It can be expensive. However, if you plan to scale or are at a large enterprise company, this product could be what you need.

Which other solutions did I evaluate?

I used to work at Symantec, so the team chose the solution based on that. There wasn't a rigorous evaluation process. Though, I am sure that we also looked at Palo Alto Networks.

What other advice do I have?

Give it a serious look.

Our security team is more on the immature side rather than the mature side, as we build thing out. This automated solution puts us at the base level where we can get better. We went from not being happy with what we had to this product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user8682
Consultant at a tech company with 10,001+ employees
MSP
Master Boot Record (MBR) Corruption and PGP Whole Disk Encryption (WDE)
Today is a big deadline in work. The point when weeks of work move from development to production (via numerous sprints/releases to UAT). The culmination of the development team and my efforts over the last two months. As with most IT projects the last two weeks have been a bit fraught, testing us as we prepare to launch a new suite of Cognos reports. Today is also the day my Thinkpad has decided to corrupt its master boot record (MBR). Preventing my laptop from loading its operating system. Thankfully Microsoft (and third parties) provide bootable utilities to repair MBRs. However………… Master Boot Record Corrupt. FAIL! My MBR failure is complicated by IBM (sensibly) requiring us to use Symantec’s PGP Whole Disk Encryption (WDE). PGP’s WDE protects our laptops, and any sensitive…

Today is a big deadline in work. The point when weeks of work move from development to production (via numerous sprints/releases to UAT). The culmination of the development team and my efforts over the last two months. As with most IT projects the last two weeks have been a bit fraught, testing us as we prepare to launch a new suite of Cognos reports.

Today is also the day my Thinkpad has decided to corrupt its master boot record (MBR). Preventing my laptop from loading its operating system. Thankfully Microsoft (and third parties) provide bootable utilities to repair MBRs. However…………

Master Boot Record Corruption / Failure
Master Boot Record Corrupt. FAIL!

My MBR failure is complicated by IBM (sensibly) requiring us to use Symantec’s PGP Whole Disk Encryption (WDE). PGP’s WDE protects our laptops, and any sensitive data on them, in the event laptops are lost or stolen. As a mobile worker, and someone regularly on the move, WDE is a nice saftey blanket. Yes, I know it has venerablities and yes, if someone really wants the data on my laptop they will get it. But for additional security and if the laptop is lost it provides some reassurance. It’s also company policy, there is no point in fighting it.

Update: I was wrong about PGP being crackable. Support are able to sort a forgotten password because we run a support server and since 9.7 there are backups in place to recover a forgotten password. But there is still no known published way to crack PGP WDE. E.g. If you can’t decrypt the hdd, the data is lost. On one hand this makes me feel safer about the loss of a laptop and on the other it makes me glad I have most of my data/files backup up. A reminder that I also need a better backup solution for a hdd failure.

With the entire hard disk drive (hdd) encrypted I can’t use a utility program to fix the MBR. The utilities require you to boot from them and in so doing they skip PGP’s BootGuard. BootGuard lets the OS use the encrypted hdd.  Until the hdd is decrypted the utilties can’t access the MBR, it’s encrypted and the booting hdd doesn’t even appear. Thankfully, I keep my PGP up to date and the right recover CD handy. Recovery Images can be downloaded here:

https://www.symantec.com/business/support/index?page=content&id=TECH149679

Key to know which version of PGP you have. If you can boot into PGP’s BootGuard screen it’s easy to find out: Selecting ‘advance’ instead of ‘continue’ from the options will display the version and other options to assist in recovery. Since a similar failure in 2009 I keep a note of the PGP version I’ve installed (including any service packs). Just incase PGP’s BootGuard also fails to load. It’s not unheard of for both MBR and PGP BootGuard to be corrupted at the same time. Not knowing which version of PGP 9 I’d installed, combined with the bad sectors that caused the HDD to fail, resulted in my old drive being scrap.

Symantec provide a guide for how to recover from this situation here:

https://www.symantec.com/business/support/index?page=content&id=TECH149345

With the matching version of the recovery disk in place I booted off the recovery CD and tried to let Windows boot itself. In rare cases it’s possible that using the Recovery CD instead of the BootGuard installed on the machine will let Windows boot. Sadly this wasn’t the case, I still had an MBR issue. Back to the drawing board, the next step is a longer one: Rebooting off the Recovery CD, entering my password and then pressing ‘D’ to decrypt the entire hdd. We’re now at 90% having started at 9am this morning.

The laptop hdd is 250gig capacity, of which 80gig was in use. I’m hoping the first 80gig takes the longest to decrypt. Ideally the final170gig will be a lot quicker, as it’s empty disk space. I’ll leave it over night and then all being well use MS’s MBR fixer tomorrow. If anything goes wrong or the laptop gets disrupted during the decrypt, all data is lost. Not the most relaxing situation to be in but I have 90% of my data backed up. All my work is stored on IBM’s cloud and I only stand to lose several recently archived locally emails. The main loss will be time in having to rebuild my Thinkpad. As a worst case this isn’t too bad, but fingers crossed I can full decrypt the hdd and recover my current MBR.

Update: Sadly my 80gig and free space decrypting quicker theory has been proved wrong. It’s now at 38% left to go and hopefully will be sorted in the early hours of Tuesday morning (3.5 days to decrypt 250gig). Keeping everything crossed it keeps going and finishes, allowing me to fix the MBR and recover all my data / Laptop. Decryption takes a fraction of the time if the hdd is mounted as a slave on another system. Lesson learnt! From now on I’ll run two hdd and regularly clone (more on this to come in another post).

BootGuard, PGP's Recovery Disk93% – Not going anywhere for a while…………..

Before starting a decrypt via the recovery CD I googled alternative options. If you have a second machine with the same version of PGP installed you can plug the hdd in as a slave (via a USB caddy) and use PGP on the local machine to decrypt the hdd. This is the fastest way, sadly I don’t have another machine with PGP installed.

Update: Plugging the hdd in via a USB caddy / as a slave in a second machine is a lot faster because the Recovery CD is limited to 16 bit processing. If in Windows / Linux or OSX the decryption process can be run at 32bit and takes a fraction of the time. With hind sight waiting for SC to get home and pinching her work laptop would have been a better bet. It’s at 83% now with a very slim chance of being finished by Sunday. At least it’s still going. No physical hdd errors, yet!

I used to backup an image of my machine but Windows 7 made this harder and since upgrading I’ve taken to using IBM’s could to backup all of my work and accepting that if I had a failure I’d need to get an additional machine from IBM and rebuild it. Having now tested this theory it doesn’t work!

The new plan
The Plan comes in two flavours: Get a smart phone and improve laptop & return to weekly disk cloning.

1. Smart Phone: 99% of my work calls are handled by VOIP but I’ve been toying with getting a smart phone for work as a backup access to my work email, calendar, instant messaging and terminal services. Four key components of my day job that I’m currently without due to my laptop decrypting (and being corrupt). As a result I’ve bitten the bullet and ordered the Asus Fonepad. It’s not the best spec but a Galaxy Note II is out of the question at the moment. I hardly make calls on my work phone thanks to VOIP. If I did have to make a call I always have my iPhone5 with free minutes to make an emergency work call while out and about. The concept of a 7inch tablet that doubles as an emergency phone (and can be used with my headset) for £180 delivered was too good to get hung up on the negatives (slower processor and you’d look like a sketch from Trigger Happy TV if you tried to make a call in public on it!). I’ll post more on this when it arrives.

2. SSD and Weekly Cloning: My boss has an SSD drive and the boot times + smoothness of operation have always appealed. I’ve been waiting since I had a reason to rebuild the laptop to get one and this is it. I’ve ordered a Kingston Value 120gig drive after reading this review:

https://www.hardocp.com/article/2013/01/28/kingston_ssdnow_v300_120gb_ssd_review/#.Uc1wrj7F1SU

The time it takes to boot my Thinkpad always frustrates me. Even since upgrading from 4 to 8 gig of RAM it’s still sometimes hangs while paging and under heavy loads. Hoping the SSD will also prove more reliable. My Thinkpads travel a lot, the one before clocked over 100k miles. Combined with being on 5 days a week, most weeks of a year, it’s no wonder hdd fails / issues like this occur. With no moving parts an SSD should prove more reliable. It also means I can keep my current drive as a spare (if it’s not beyond repair) and regularly clone the SSD as a backup. More on this to come after the SSD swap and hopeful recovery. A new backup strategy is required (feel free to suggest any ideas in comments, or to laugh at my expense).

For now the Thinkpad is slowly chugging away decrypting and I’m off out to recover and watch Knee High Perform: https://www.kneehigh.co.uk/show/tristan_yseult.php

Thanks to my teams’ efforts and with lots of phone calls the release has gone to UAT and we’ll go live first thing Monday morning. Wish me luck and for a working Thinkpad asap :) .

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user8535
Architect at a tech company with 10,001+ employees
MSP
Quick comparison of disk performance before and after full disk encryption
The following measurements were taken with a Lenovo Thinkpad W500 with 8Gb ram & running Windows 7 SP1+fixes. The CPU is a 2.5 Ghz core duo. Whilst not intending to do a thorough controlled test, I thought it would be interesting to see what the effect of Symantec PGP encryption might be on I/O performance Here’s my SSD before encryption And here’s the same afterwards Write speed has roughly been quartered whilst read speed is a little over half Given this is an SSD the overall throughput is still decent, though this came with a significant increase in CPU – in fact this is now the limiting factor it seems, with the “System” (ie kernel) showing maxed out CPU whilst previously this CPU wasn’t noticeably high With the hard drive the before…

The following measurements were taken with a Lenovo Thinkpad W500 with 8Gb ram & running Windows 7 SP1+fixes. The CPU is a 2.5 Ghz core duo.

Whilst not intending to do a thorough controlled test, I thought it would be interesting to see what the effect of Symantec PGP encryption might be on I/O performance

Here’s my SSD before encryption

And here’s the same afterwards

Write speed has roughly been quartered whilst read speed is a little over half

Given this is an SSD the overall throughput is still decent, though this came with a significant increase in CPU – in fact this is now the limiting factor it seems, with the “System” (ie kernel) showing maxed out CPU whilst previously this CPU wasn’t noticeably high

With the hard drive the before measurements were :

Pretty consistent and average for a hard drive. Now adding encryption

Nowhere near such a bad effect – less consistency, but due to the lower data rates the cpu load was lower, and not so close to being maxed out.

This was all done on an idle machine – so the biggest impact will be heavy UI when the system is busy. I expect bootup to be quite a bit slower for this reason

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Endpoint Encryption
Buyer's Guide
Download our free Symantec Endpoint Encryption Report and get advice and tips from experienced pros sharing their opinions.