Review: Symantec Endpoint Protection v12.1.2

It protects against malware (such as viruses, worms, trojans, spyware and adware), and provides protection against sophisticated attacks that evade traditional security measures (such as rootkits, zero-day attacks and spyware that mutates). Providing low maintenance and high power, Symantec Endpoint Protection communicates over a network to automatically safeguard both physical and virtual systems against attacks. The major components of the solution include the Symantec Endpoint Protection Manager (this is a server that manages computers connected to a company's network), Database (stores security policies and events), Symantec Endpoint Protection Client (protects computers with virus and spyware scans), a firewall, an intrusion prevention system, and other protection technologies.

The solution runs on the servers, desktops and portable computers that one wants to protect. For example, the Symantec Endpoint Protection Mac client protects computers with virus and spyware scans, the optional Symantec Protection Center (which integrates management consoles from multiple supported Symantec security products), optional LiveUpdate Administrator (downloads definitions, signatures and product updates from a Symantec server and distributes the updates to client computers). 

Symantec Endpoint Protection currently protects millions of endpoints. The SONOR engine monitors nearly 1,400 file behaviors to mitigate risk and defend against zero-day and previously unknown threats. Symantec Insight uses its resources and experience to track files on the internet to separate those that are known from those at risk. It also provides organizations with the advanced context to determine if a file is trusted. As well, the solution improves VMware's vShield endpoint performance by reducing scan overhead by up to 70 percent while preserving 90 percent of disk input/output. 

To prepare for our installation, Symantec provided a clean set of documents that guided our installation and configuration efforts. Symantec Endpoint Protection Manager is most commonly installed on a Windows Server, 32-bit processor (Intel Pentium 4 or equivalent recommended) or 64-bit processor (2 GHz Pentium 4 with x86-64 support) with 4 GB memory (2 GB minimum for 64-bit) using either the embedded database or SQL Server database. 

Operating the system was very intuitive. The dashboard was simple and uncluttered. Everything from monitors, reports, policies, clients and admin was located on the left toolbar, while a set of status graphs and reports provided a quick security status. 

Symantec offers basic and essential support. Basic is a no-cost option offering eight-hours-a-day/five-days-a-week telephone access to engineers during business hours (8 a.m. to 6 p.m.). Essential provides 24/7/365 connectivity. The company also offers website access to resources, a knowledge base and FAQ. 

We found that the value for the money spent is good.

Strengths: Experience and contributions from more than 210 million systems. Weaknesses: Cost is a little high. Verdict: Symantec has put together a solid product.