Symantec Endpoint Protection
Strengths: The most comprehensive tool of its type that we’ve seen with superb installation and documentation.
Weaknesses: Almost nothing to speak of beyond the way support is charged.
Verdict: We love this product, even with the support cost wart. There is a misconception among everyone – except security/IT engineers – that they all are geeks and love to spend their time tinkering, writing code and manually configuring. Nothing could be farther from the truth. These folks are so overloaded that any onerous task becomes more onerous as a consequence. We loved the no-brainer setup and administration and for that alone, if for none of the other powerful capabilities of this tool, we make it our Recommended product this month.
We wish all of the products that we test over the course of the year went in as quickly and smoothly as this one. We were up and running in about five minutes. Then we got to work with configuration, policies and such. That took about 15-30 minutes and we were done. If there was nothing else to this product, that alone would be enough to get our attention. But, in fact, there is much more. This is a nearly full-function tool, lacking only control over files and folders, and removable media. We won't short them for that, though, because the rest worked so well.
With step-by-step instructions, the administration manual and the quick-start guide both get you up and running quickly. These docs cover everything from planning to activating the licence to setting up the endpoint protection manager. After we deployed the server and an endpoint, we went to the policy editor. There we set up a group and went through virus and spyware policies, the firewall policy, and determined which files and applications we were going to exclude from scanning. Not only was there a summary of these steps, if we had questions, the details were well-covered later on in the administrator's guide.
Like a true next-generation product, this one leverages machine learning, an extensive cloud system with a huge number of telemetry points around the world. In fact, the vendor claims that this telemetry network is the largest civilian network of its type in the world. Nonetheless, 175 million endpoints and 57 million attack sensors in 175 countries is a pretty healthy telemetry net.
The feature set is extensive covering all of the endpoint protection features and many of the DLP functions one would expect. While not characterising the tool as a DLP product - which Symantec is not - the tool still has some DLP features that are useful. Symantec has had a lot of success with anti-malware over the years and that has been parlayed into this much more comprehensive tool set. The IPS and firewall rule sets are as comprehensive as any we've seen.
The website is as complete as one would want. Just about everything you need is there, including product downloads and documentation - manuals and such - and a lot of reference material. Documentation is excellent with individual manuals for all of the major functions one will need to perform, such as deployment quick-start, management administration and endpoint agents. The endpoint operating systems that are supported are the current versions of Windows, Mac OS and the main flavors of Linux.
Additionally, it supports docked or synced Android and iOS mobile devices when they are tethered - necessarily physically - to a protected computer. So this means that the system treats mobile devices not as endpoints, but more as peripherals, and it protects against exfiltration that is contrary to policy. What this means is that the Endpoint Protection is not - nor does it claim to be - a mobile device management tool. Symantec does have one of those as well, but it is not part of this tool.
Standard - or what Symantec calls "Essential Support - costs 23 percent of the licence costs and there are higher tiers. It is 24/7 and there is both phone and email assistance. We think that is a bit steep. We have seen a trend toward the smaller companies - those with a smaller marketing footprint - offer basic support at no additional cost. The larger companies, in many cases, still take the old-fashioned approach that support should be a charge to the user. We don't agree. Basic - keep-the-lights-on support - should be included. Then charge whatever the market will bear for enhanced services.