Computer guys: Symantec Endpoint Protection worth it?

Discussion of all things technological and/or gadgety
Post Reply
User avatar
Weetabix
Posts: 6106
Joined: Fri Aug 15, 2008 11:04 pm

Computer guys: Symantec Endpoint Protection worth it?

Post by Weetabix »

My boss just called. Our out-sourced IT guys recommended Symantec Endpoint Protection (enterprise edition). $40/machine for 5 years.

He likes the idea, so my question is, is there any harm in it?
Note to self: start reading sig lines. They're actually quite amusing. :D
Konall
Posts: 1
Joined: Wed Nov 02, 2011 4:07 am

Re: Computer guys: Symantec Endpoint Protection worth it?

Post by Konall »

It's kind of late to respond, but in case you're still considering, here's my take on Symantec Entpoint Protection (SEP).

It's a decent product. If you outsource your IT, then SEP is probably a good choice for you.

I've been running it at work for several years.
It is pretty much an install, setup, and forget it product. The initial setup was a time consuming PITA because it had to be customized to what we wanted, but once configured and working for my sites, I don't have to even look at it months at a time.

There are a couple things I dislike about it.
First, the response time for zero-day events could be a lot better. I run Sophos on one of my servers (speced by the vendor), so that gives me the ability to compare signature update times. When I find a zero-day exploit I submit a sample to both Symantec and Sophos. Sophos will usually respond with an evaluation in a few minutes, and include it in an update to their signatures in 2 to 4 hours, while Symantec won't be detecting it until a day later, sometimes two, and I've only ever received robot generated responses.

Second, it is a bandwidth hog. If you don't have mulitple sites with a WAN, that may not be an issue for you, but it can be a real hassle in my case since I have some dedicated DSL links to my remote locations. While the frequency of updates is configurable, to get the best security you'll want to let it apply updates as soon as they are released. It looks like SEP is pretty inefficient--it tends to have huge updates even when they come out just a few minutes apart. I don't know for sure why, but I bet it just re-downloads all the old signatures with a couple new ones tacked onto the file. When it hits one of my WAN links with a series of frequent large updates, it can choke my slow DSL link for quite a while. I've also had a couple machines that decided to download an update over and over all day long--thus choking their DSL link. The only solution Symantec could some up with was uninstalling SEP from the machine and reinstalling.

Make that three things--tech support is non-english and appallingly obtuse. I have to be reeeeally desperate to contact tech support, because it us usually a waste of my time and a huge exercise in frustration trying to communicate with someone who thinks they speak english (but really doesn't), and who claims they fully understand your problem while demonstrating with their very next sentence that they have no bloody clue and didn't read a single thing I wrote in my problem description. Fortunately, the product works well enough that a couple hours of trial and error, and digging through their cumbersome documentation, is usually enough to avoid support calls.
Post Reply