Symantec Endpoint Protection...it's not for me, and possibly not for you, either.
Overall Satisfaction with Symantec Endpoint Protection
We use Symantec Endpoint protection on all Desktops, Laptops, and Servers. This is across all departments of the organization. It addresses the need for anti virus software within our organization. We use Microsoft Windows exclusively, so this pertains to Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 R2 for server operating systems. We have it deployed on Windows 7, Windows 8, and Windows 10 for endpoints.
Pros
- It's easy to manage. Installation of a premade package is very straight forward and generally goes without incident.
- It's fairly reliable at detecting malware and viruses in Windows.
- It's updated frequently, so new threats are updated at least daily.
Cons
- Removing dead clients from the console. This is nearly impossible to do, and makes keeping the console clean a very difficult task.
- Poorly tested versions are sometimes released that cause serious issues for users. This ranges from browsers malfunctioning to BSOD errors.
- Malware detection is good but not great. We are not confident in SEP by itself to neutralize malware threats. It's detection rate just isn't high enough for next generation and zero day threats.
- It has forced us to deploy secondary software to handle malware threats, as far too many of them slip by SEP unnoticed. We'd prefer not to have such an approach, but with SEP we aren't fully protected without such additional software.
- The CPU footprint vs other similar products wastes extra CPU cycles on scanning, causing us to need larger ESX hosts for a given number of VM's, due to the overhead from the SEP client.
- On more than one occasion, a bad update has caused significant business impact, causing us to heavily consider a different product when our next renewal period is up.
I actually didn't make the decision to go with Symantec at all. It was already in place when I started working at my current employer, and we have not yet had the opportunity to replace it. I replaced it at my two previous employers with Sophos Endpoint Protection, which was overall a much better choice for a variety of reasons: 1) They never released updates that broke Windows; 2) They had a higher detection rate for Malware than Symantec; 3) Cost was substantially lower, 4) Support was much better and more thorough; 5) The Management Console was much cleaner and easier to manage
I consider Symantec to be an average product that will be sufficient for some companies, but overall I think there are better options available. Some of those options are cheaper (Sophos), and some are more expensive (Kaspersky). If you are heavily invested in Symantec already, it may make financial sense to use it, but I'd highly recommend accompanying it either with dedicated Anti Malware Software (Malwarebytes), or Next Generation AV (Carbon Black).
I consider Symantec to be an average product that will be sufficient for some companies, but overall I think there are better options available. Some of those options are cheaper (Sophos), and some are more expensive (Kaspersky). If you are heavily invested in Symantec already, it may make financial sense to use it, but I'd highly recommend accompanying it either with dedicated Anti Malware Software (Malwarebytes), or Next Generation AV (Carbon Black).
Comments
Please log in to join the conversation