Symantec Endpoint Protection (SEP) delivers strong defenses against a spectrum of cyberattacks. Its multi-layered security involves artificial intelligence and proprietary technologies to identify and stop threats, including zero-day exploits. It will manage any number of endpoints through a single interface and software agent. Yet for all its strengths, SEP contains noticeable gaps. Read the review for details.
Founded in 1982, Symantec is a storied brand in the world of cybersecurity. Its renowned Norton antivirus software for home users became a separate company after Broadcom purchased Symantec’s enterprise products in 2019.
Symantec Endpoint Protection (SEP) serves as the introductory product in Broadcom’s security software line. It’s the least expensive tier of service, yet provides effective endpoint protection through the use of multi-layered security leveraging artificial intelligence (AI).
SEP delivers this protection quickly and efficiently, with computer performance impact well below industry averages. Your users won’t notice it doing its protection work in the background.
Let’s dive into the specifics of this solid endpoint security software to help assess its value to your organization.
Who is Symantec Endpoint Protection for?
Symantec Endpoint Protection fits any size business with a dedicated IT department looking for endpoint security focused specifically on attack prevention. SEP’s features are ideal for companies with many endpoints to manage.
SEP is on-premises security software. It works on Windows, Mac, and Linux-based personal computers (PCs) and servers, but mobile endpoints are not covered.
Small businesses needing to stop threats from infiltrating your IT network will find SEP a good fit. Companies looking for a solution that encompasses mobile device protection and addresses attacks that slip through your defenses should consider upgrading to Broadcom’s Symantec Endpoint Security (SES) Complete product.
SES Complete covers mobile endpoints, threat hunting, and other advanced security features. These include options for Symantec cloud, on-premises, or a hybrid with both.
Symantec Endpoint Protection’s features
The Symantec Endpoint Protection platform uses several security layers to safeguard your IT network. AI-powered Symantec business antivirus constitutes SEP’s core, while several other features round out its functionality.
Symantec Endpoint Protection’s combination of security tactics allow it to deliver effective attack prevention. It’s why Symantec antivirus is among the best business antivirus for malware protection.
Symantec’s global intelligence network provides security data from millions of worldwide systems. AI analyzes this data and billions of other factors across users, files, and websites to evaluate the risk factors of every file accessed online.
It also examines over one thousand file behaviors in real time through its SONAR behavioral monitoring AI to assess if a file exhibits risky actions. This AI-driven approach allows SEP to effectively identify malware, even if previously unknown, to block attacks.
How does this technology translate into real-world scenarios? The independent testing firm AV-Test Institute sent nearly 22,000 malware samples through SEP. The software caught all of them.
Another test subjected SEP to zero-day threats. These attacks exploit software vulnerabilities to circumvent defenses. Most endpoint protection software finds zero-day attacks difficult to stop. The industry average protected against 97.6% of these attack types. Symantec Endpoint Protection stopped 100%, earning the platform a perfect score in protection.
The Symantec security platform uses several strategies to accurately identify and stop attacks. Image source: Author
Your security must stop attacks, but you don’t want it to block legitimate software installs. In this area, SEP correctly identified over one million software samples without a single mistake while the industry average included 28 false positives.
Symantec Endpoint Protection encompasses a range of cybersecurity features beyond malware prevention. You can set up security policies for your endpoints, create alerts to proactively notify you of risks, and view the status of all endpoints. A depth of features and configuration settings provide IT teams flexibility to deploy and manage your company’s security to fit your needs.
SEP’s options are all managed through a single interface called the Symantec Endpoint Protection Manager. Its homepage succinctly summarizes key insights, such as how many endpoints experienced new malware infections.
The SEP Manager will be your IT team’s primary security management tool. And it’s intuitive for the most part, making navigation around the platform straightforward.
A single interface makes Symantec Endpoint Protection functionality easy to manage. Image source: Author
So much functionality exists, it can be a challenge to find specific features. For example, some advanced settings are tucked behind links named "tell me more," which is a vague label and easy to overlook.
Reports are a critical component of any endpoint protection platform. They deliver the visibility required to maintain the health of your IT security. SEP offers many options in this area.
The platform comes with built-in reports. You can run an audit of the security policies used by your endpoints and view the results of security scans. See risk instances such as when SEP’s risk assessment system automatically blocks suspicious file creation.
Symantec Endpoint Protection reporting capabilities provide in-depth analysis of your IT security. Image source: Author
The standard reports cover a wide swath of security insights. You can schedule the most commonly-used reports for automated email delivery to key IT recipients, such as your security operations center (SOC) staff.
Symantec Endpoint Protection delivers several security layers in addition to malware prevention. These are some highlights.
- Device control: SEP blocks threats attempting to sneak in via devices connected to the endpoint, such as USB drives.
- Deception: SEP provides a deception tool that presents decoys for cyberattacks to target. This helps your IT team to safely identify an intrusion.
- Attack surface reduction: SEP reduces your exposure to threats in multiple ways. It isolates privileged applications in castles so no attacks can get at them. Whitelists and blacklists control allowable software installs. SEP looks at your Windows Active Directory configuration to suggest security improvements, and vulnerability assessments determine if you have old versions of software requiring updates.
SEP’s features are deep, but no one platform can do it all. SEP integrates with other Symantec security products, so as your security needs grow, you can seamlessly extend security capabilities to create a suite of protection tools.
SEP also integrates with security software from approved external vendors through open APIs (application programming interface) as part of the company’s Technology Integration Partner Program (TIPP).
The Policies section comes with default policies to get you started. Image source: Author
More advanced security features, such as endpoint detection and response (EDR) used to catch threats that slipped through your defenses, are only available on the higher tier Symantec Endpoint Security Complete product.
Symantec Endpoint Protection’s ease of use
SEP’s Symantec Endpoint Protection Manager provides an intuitive interface to monitor its capabilities, along with a single software agent to install on your endpoints. This makes setup straightforward. Once installed, your IT team conveniently manages network security through SEP Manager.
SEP preconfigures standard settings such as virus and spyware protection, which are automatically applied to your endpoints. These preconfigured settings are a substantial time-saver, allowing you to deploy SEP immediately. If you choose, you can fine-tune settings after your security is up and running.
Easily configure security alerts to your needs through the Notifications screen. Image source: Author
Ironically, the biggest challenge to SEP’s ease of use is its depth of features. There’s a significant learning curve as you get up to speed on SEP’s unique options such as SONAR and Power Eraser, an aggressive scanning tool you’ll want to master to avoid unnecessary false positives.
Symantec Endpoint Protection’s pricing
The Symantec Endpoint Protection platform is available only through third-party providers. Pricing varies across these Broadcom partners and is based on the number of endpoints you’re protecting. Since SEP is on-premises software, Symantec cloud pricing is not included unless you opt for Broadcom’s SES Enterprise or SES Complete offerings.
Some partners provide discounts and special offers, such as lower pricing for schools. You’ll find a list of partners on Broadcom’s website.
To give you some idea, the cost to buy a one-year business subscription can range from $16.90 per endpoint for a minimum of 5,000 endpoints to $49.99 for less than 25 endpoints. The cost may be greater or less than these examples, depending on the partner and associated discounts.
Broadcom’s pricing approach feels out of step with modern security competitors, who provide transparent pricing. You’ll have to do the pricing research to assess which partner provides the best value.
Symantec Endpoint Protection’s support
Broadcom supplies several technical support options for its SEP platform. They offer the industry standard self-service portal filled with product documentation, how-to articles, and training videos.
Additional help options include phone support, a community forum, and an online IT ticketing system to report issues. Broadcom also provides a diagnostic tool allowing your IT team to troubleshoot issues on their own.
Benefits of Symantec Endpoint Protection
Symantec Endpoint Protection performed perfectly in tests against threats such as malware and zero-day attacks. The effectiveness of SEP’s security is its greatest asset.
SEP’s wide range of security features and customization options give you substantial flexibility. Your IT team can deploy SEP matched to your company’s security standards.
Symantec Endpoint Protection offers a number of configuration options to set up security for your servers. Image source: Author
As your needs grow, you can migrate to the SES Complete product or add Broadcom’s other security solutions. The company’s unique TIPP program and capabilities, such as SONAR, add to the unique strengths of the Symantec Endpoint Protection platform.
A good start to strong protection
Symantec Endpoint Protection achieves what it sets out to do. It delivers highly effective endpoint protection centered around attack prevention. It solves security needs for PC and server endpoints while offering plenty of flexibility and customization.
SEP is a good start to your small business antivirus and endpoint security. In the long run, companies are better served by Broadcom’s Symantec Endpoint Security Complete product. SES Complete includes the same strong SEP protections combined with post-breach response and remediation as well as mobile device security.
Given the widespread use of smartphones for work activities, the lack of mobile protection is a substantial SEP feature gap, particularly given the types of malware that target mobile devices.
Symantec Endpoint Protection delivers strong performance against cyberattacks, so if you want to begin your IT security with a lower-cost option to test the waters, SEP is a solid starting point.