4 out of 5.0, Reviewed Nov 17, 2016
ATP was extremely easy to install and has provided visibility insights that we were not recieving from other products. It also gave an easy way to quarantine a computer that has SEP installed
Make sure that each version upgraded to is bug free for a while before upgrading
Provides additional visibility into hosts that other tools do not provide. Good single pane of glass
I do not like that there are so many issues that corrupt the host database
Ensure that patches are not going to duplicate hosts in the host record database
Implementation went great
4 out of 5.0, Reviewed Aug 1, 2016
Product fit our infrastructure SecOps perfect. This product fit the best, out of all the vendors we reviewed, with our current security operations. We were already a Symantec Endpoint Protection and Managed Services Customer. This meant we did not have to deploy a new endpoint product and the logging and alerting was a check box to send to the Symantec Security Operations Center for 24x7x365 correlative monitoring and alerting. This meant this new product "snapped into" our current processes and procedures and essentially gave us another layer of needed protection against crypto-malware products and the like.
Consider this product from a holistic, strategic perspective. Other Advanced Detection products like this are installing end points. The value to this solution, to us, was the way it fit our strategy, current vendor relationship and sec ops - being a current SEP customer made this very compelling. That said, this product works with other anti-malware product vendors, so don't let that dissuade you from looking at the cloud and physical/virtual appliance options.
The way it fit into our SecOps and current product portfolio so well.
The newness of this product in the Symantec portfolio means we've had to deal with bugs. That said, they have been fixing them quickly and providing us very good support.
Helped to ensure we got the (puah button) endpoint isolation functionality working right away. Great compelling feature that you have to do some work to get functioning in your environment.
Look more closely at this as a cloud offerings also. That said, we are happy with our on-premises appliance decision to allow for future in-line blocking of threats before they reach the endpoints.
Right now, we are using it primarily for monitoring and alerting (tap mode). We are beginning testing on blocking mode (capability released recently). We also want to take advantage of their push button isolation mode where an infected endpoint will be isolated from the network and allow for further forensics, etc. If/when we get blocking and isolation in place, I would rate this a 5.