Symantec ES is a lightweight but feature full solution that enabled us to get rid of multiple resource intensive endpoint agents and keep developers happy
April 21, 2022
Symantec ES is a lightweight but feature full solution that enabled us to get rid of multiple resource intensive endpoint agents and keep developers happy
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Symantec Endpoint Security
Symantec Endpoint Security is our EDR solution which helps ensure our machines stay free of infection and remain compliant with our organisational policies by providing an extensive range of functionality that we employ e.g. honeypots to waste the time of any attacker which might have gotten through, application control and isolation, ability to quarantine infected machines, ransomware protection, host-based IDS, etc.
- A lightweight agent which does not impact legitimate user tasks, even developers who compile complex code.
- Multiple modules which provide a wide range of functionality.
- Is not easily killed or uninstalled so devices remain monitored at all times.
- Also provides deception technology which other vendors often do not in similar solutions.
- Ability to intelligently quarantine machines which may be infected.
- More granular control over which USB devices can be blocked/allowed.
- Native integration with other solutions for alerting without needing to have a SIEM in between.
- Would benefit from gathering more OS logs in a manner similar to Sysmon.
- Usage in other environments rather than just on end-user machines e.g. Kubernetes nodes in the cloud.
- Ability to have all this endpoint related functionality from one single vendor.
- Low resource usage, which does not result in complaints from our users.
- Very granular configuration of policies.
- Quarantine and power erasure functionality works well and does not require devices to be wiped, helping avoid time loss by setting up new machines.
- Antimalware scanning is not very resource intensive when it runs and finishes relatively quickly.
- Fewer complaints from developers who need to compile complex code without EDR getting in the way.
- Less time is wasted wiping and rebuilding machines when an infection does occur due to competent quarantine and power erase functionality.
- Our engineers are happy since application control is now easier to manage compared with other solutions.
- Successful malware infection incidents have decreased.
Symantec Endpoint Security seems to be a more mature solution compared with CrowdStrike, particularly when CS was just recently getting their USB blocking functionality rolled out for macOS endpoints this year. Another differentiator with CrowdStrike is that Symantec ES still provides both on-demand scanning & real-time signature-based detection in addition to solely real-time machine learning detection whereas on-demand scanning and signatures are not available on CrowdStrike. This means there is a doubt as to whether we can use CS to comply with some of our PCI DSS obligations which specifically require the use of signature-based antivirus solutions.
Do you think Symantec Endpoint Security delivers good value for the price?
Yes
Are you happy with Symantec Endpoint Security's feature set?
Yes
Did Symantec Endpoint Security live up to sales and marketing promises?
Yes
Did implementation of Symantec Endpoint Security go as expected?
Yes
Would you buy Symantec Endpoint Security again?
Yes