What is our primary use case?
We use this solution to protect our endpoints. We have a default antivirus that we use to protect our laptops. Symantec provides access to the antivirus, so they're not deploying it on our side. We use what Symantec provides to us as their cloud solution. The solution is deployed on cloud.
We have a single console, and it comes with a lot of alerts. Fortunately, I don't see many false positives, so it doesn't really bother us. Most of the time, it bothers users who are prevented from accessing certain websites.
We've thought about exploring additional features, like implementing allowed or disallowed files for programs. We have several of them configured, but there isn't a lot of targeted cybersecurity activity against us.
We use EDR just in case somebody happens to install a compromised application. That way, we can capture the activity through EDR. Symantec Enterprise doesn't include that, but Symantec Complete does.
We don't use the Symantec Global Intelligence Network, but it's part of Symantec Enterprise Complete.
In our environment, we're protecting more than 30 endpoints. We have three administrators who monitor the solution, but most of the time it just works.
We could increase usage, but it depends on the cloud because our cloud is pretty closed in terms of hosting. There's not much happening in our environment, so antivirus isn't really a concern, but we do have Symantec on some key hosting infrastructure that protects the cloud in terms of bringing un-installable files into the environment. The rest is protected.
Network activity is really hard to monitor. When it comes to network threats, Symantec has definitely helped with that. We're concerned about it because the solution blocks it.
How has it helped my organization?
Our users are mostly working from their home computers and home networks. The problem with home Wi-Fi is that your children or partner could get malware on their laptops and because you're in the same network, you could get attacks on a corporate laptop. I would rather have a solution that has strong network protection.
Symantec helps us reduce indicators of compromise. It's important to us to reduce indicators of compromise for our organization, primarily with malware protection and cloud-based threats, because we have a fair amount of files coming in and out of the organization. It's useful for network protection and Wi-Fi protection when users go outside of the office network and are working from home or using public Wi-Fi or any other Wi-Fi. I'm happy that we have much better protection in place.
Symantec helps prevent unknown attacks. We have some servers exposed to the internet on common ports, and it seems to stop all kinds of different network probing activities. I don't know how well it prevents serious attacks because we don't have that many activities in our report.
Symantec helps us secure our performance using a multi-layered strategy. Apart from Symantec, we use other solutions to control what's happening on the endpoint. In terms of additional features, Symantec has a good idea when it comes to Data Leakage Protection. There's a separate product there. It looks pricey, but they claim to have a good approach to protection when it comes to the internet resources you're accessing, not just normal file-based activities.
I think it's important because these days, every single company is worried about how to not lose customer data. Customers lose data all the time, but we're a service provider, so we can't lose any customer data for obvious reasons.
The Symantec Single Agent is quite good for attack prevention. It's just one agent that you deploy and forget about. It updates by itself in the console, and we can see what's happening and whether any agent is responding or not responding. Even with the enterprise option, it comes up with a sufficient amount of details about what's happening on the laptops. If necessary, we can easily change policies, which is also a wonderful approach. Generally, it helps us with our basic needs.
Symantec hasn't helped us consolidate our security stack because Symantec is very much concerned with what Symantec does. If you look at what AWS does with Guard Duty, AWS is looking at creating a single platform that can feed logs and get logs from a variety of different tools into one aggregated view. Symantec is a platform that just thinks about Symantec.
I think this is because of what's happening in the market. A lot of companies want to have a modular solution that can easily unplug the internet protection and plug in a different solution. The process would be like having a cloud proxy. Without a single dashboard and a single monitor for the security separation center, the reality is that it isn't going to work.
If we ever decide to aggregate it, I think we'll be looking at Symantec's options to use the API integration and actually fetch data from Symantec Cloud into the cloud platform. It's going to be something that we have to build in order to create one single view across multiple different tools.
What is most valuable?
Anti-malware is the most valuable feature. We trust Symantec for protection, and we like the idea that Symantec is preventing us from accessing certain websites that are known for containing malware. It gives us general protection of websites through the browser. There isn't much of a need for the antivirus because the number of cases when antivirus would be necessary is generally going down across the market. There aren't that many cloud-based antivirus solutions.
We also like that Symantec monitors Wi-Fi networks. If something bad comes and the public Wi-Fi isn't trusted, they recommend the users to disconnect and have an option to force the VPN connection. We're looking at moving to Symantec Complete because it has additional EDR functions and several additional features that we would like to use. The price is also good, so it was an easy choice.
They have releases a couple of times a year. The last one was in November or October. They have a lot of research and development. I'm sure that they're looking at the competitors, like Trend Micro or CrowdStrike, and they're trying to figure out what to do with those competitors, how to handle them, and how to improve over what the competitors are able to do.
What needs improvement?
It could be more responsive and have fewer delays.
We don't spend a lot of time in the platform, but it's working well. It seems like the console was written a long time ago, and sometimes the browsers have problems with updating the console because there are heavy Java issues. Maybe they'll rewrite it eventually to make it more suitable.
For how long have I used the solution?
I have used this solution for several years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
We're a small company, so the scalability is very straightforward when it comes to grouping devices into different groups and applying different policies against different groups. The endpoints are grouped based on the functionality and the kinds of policies that we want to apply.
How are customer service and support?
We've never used tech support. There was a time when we wanted to migrate from Enterprise to Complete, and we heard stories about how Symantec completely pulled out of the Australian and New Zealand market. We received a really good technical rundown from Symantec and the people working in Canberra. They were absolutely professional.
We used technical resources to explain certain features and functionalities. One of the wonderful things about that communication was that unlike CrowdStrike, we didn't feel extreme sales pressure. CrowdStrike gets into a sales-driven mode.
I would rate the technical support as nine out of ten.
How was the initial setup?
Setup is straightforward. From my perspective, the solution is pretty flexible. We haven't had any problems with deploying Symantec.
We predominantly use Workstations from Microsoft. We rarely use Apple Mac OS, but we're able to deploy agents on Mac OS as well. We're a smaller company, so it's much easier for us to deploy the agent on all of our laptops. We don't have the problems that big companies have when they need to deploy hundreds or thousands of servers and endpoint devices.
What was our ROI?
It's very hard to justify a calculated return on investment because we didn't have a high priority issue that would be prevented by Symantec. A lot of it is driven by compliance.
Even in a smaller company, we need to have people who are responsible for monitoring and following up on what's reported by Symantec or other security operation platforms. We just need to have a dedicated person who takes those tasks and responsibilities into account, follows up on what's going on, updates policies if necessary, and keeps an eye on endpoint protection.
Sometimes, a year goes by without any virus being discovered and eventually people begin to ask why we're paying for all that protection. It's because it seems like nothing is being discovered until the day comes when you actually need it.
What's my experience with pricing, setup cost, and licensing?
If you have a variety of different endpoints, including heavily protected endpoints and some endpoints that are in the field, Symantec allows you to apply different licensing so you don't have to put everything under Endpoint Complete, which is more extensive. You can split it and apply licenses for Enterprise Complete to those devices that need that level of protection.
For heavily protected servers that mostly deal with file processing or other things that don't have serious exposure, you can just keep them in the standard license. There's flexibility in the licensing.
Which other solutions did I evaluate?
We recently had the chance to look at CrowdStrike as a tool, and it was interesting to compare the two. To me, CrowdStrike has a lot of attention, but I didn't see much of a difference between what CrowdStrike is doing and what Symantec is doing. The price difference was significant, and by not proceeding with CrowdStrike, we were able to deploy Symantec on more endpoints.
CrowdStrike has some sort of DLP and other good features like controlling what kind of files have been moved from the net endpoint. Symantec DLP covers more, and there is a fair bit of network protection included in the Symantec solution, which is a valid point for us.
We looked at CrowdStrike because we were curious about the EDR functionality. We provide hosting and application support for a variety of big customers, and all of those customers are concerned with endpoint protection. They want to make sure that their data is not going to leak and that their environments are protected. EDR is one of the requirements that our customers want to impose on us, and therefore we need to deploy it.
What other advice do I have?
I would rate this solution as eight out of ten.
We're going to start using the Complete version. In a few months, we will have a better understanding of how Endpoint Complete works, including the EDR functionality, active protection, and threat hunting.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.