4 out of 5.0, Reviewed Aug 1, 2016
Product fit our infrastructure SecOps perfect. This product fit the best, out of all the vendors we reviewed, with our current security operations. We were already a Symantec Endpoint Protection and Managed Services Customer. This meant we did not have to deploy a new endpoint product and the logging and alerting was a check box to send to the Symantec Security Operations Center for 24x7x365 correlative monitoring and alerting. This meant this new product "snapped into" our current processes and procedures and essentially gave us another layer of needed protection against crypto-malware products and the like.
Consider this product from a holistic, strategic perspective. Other Advanced Detection products like this are installing end points. The value to this solution, to us, was the way it fit our strategy, current vendor relationship and sec ops - being a current SEP customer made this very compelling. That said, this product works with other anti-malware product vendors, so don't let that dissuade you from looking at the cloud and physical/virtual appliance options.
The way it fit into our SecOps and current product portfolio so well.
The newness of this product in the Symantec portfolio means we've had to deal with bugs. That said, they have been fixing them quickly and providing us very good support.
Helped to ensure we got the (puah button) endpoint isolation functionality working right away. Great compelling feature that you have to do some work to get functioning in your environment.
Look more closely at this as a cloud offerings also. That said, we are happy with our on-premises appliance decision to allow for future in-line blocking of threats before they reach the endpoints.
Right now, we are using it primarily for monitoring and alerting (tap mode). We are beginning testing on blocking mode (capability released recently). We also want to take advantage of their push button isolation mode where an infected endpoint will be isolated from the network and allow for further forensics, etc. If/when we get blocking and isolation in place, I would rate this a 5.