Please share with the community what you think needs improvement with Symantec Advanced Threat Protection.
What are its weaknesses? What would you like to see changed in a future version?
In general, improvements can be made but nothing specific. I think SonicWall and McAfee are better solutions. I think this is a good solution for someone looking for endpoint protection but not so great if you're looking for advanced threat protection.
The cloud platform needs to have improvement in terms of the user interface and the different capabilities it has available. It needs to match the other leading next-gen EDR products that are available in the market. That's the reason why we are stepping away from Symantec. Their cloud environment is just generally lacking in comparison to others. If they could intercept the detection on the different kill chain analysis that would be great.
The support for this solution can be improved because we are not receiving alerts for maintenance. There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed. For example, you can only block three thousand IPs.
The administration interface needs a lot of improvement. It should be UI-based and simple. They need to improve it. It's not that friendly compared to what we were using at BitDefender before. It's okay but is improving, actually.
The endpoint protection looks old. Another issue is in the deployment requirement for the ATP single instance. They should work on lowering, for example, the storage requirements which is around one terabyte but only for one ATP instance. The whole product works for more complex infrastructures and is designed to work with more than one instance, so you can imagine the requirements. It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case.
What we want to do is be able to customize some of this on the administrative side. Right now, it is pretty much turnkey. Therefore, it would be nice if we have more customization. We would also like alerting, not to just to the end users, but to the administrators, when something happens. An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance.