Symantec is one of the oldest names in AV: it has also faced many security issues. How does its endpoint protection stand up against one of the most innovative solutions, SentinelOne?
Symantec has been around since 1982, becoming one of the most recognised names in anti-virus software following its M&A with Peter Norton Computing in 1990.
However, this company - with its foundations in preventing viruses from spreading via floppy disk - has also had to weather some well publicised security scandals.
In 2012 alone, source code was stolen from an Indian government server, the New York Times was hacked and details of an exploit were posted that would allow attackers to crash Symantec's connection product, pcAnywhere, on computers running Windows.
There followed lack of trust issues with both Google and Firefox, over SSL certificates. Yet Symantec Endpoint Protection (now owned by Broadcom) remains a well-regarded enterprise tool.
SentinelOne is rapidly becoming synonymous with unbeatable endpoint protection, as its record-breaking MITRE ATT&CK APT29 2020 test showed and its 100% Total Accuracy Rating by SE Labs.
Already a Gartner Magic Quadrant Leader, SentinelOne is making waves in further testing, as the table below shows. It is competitively and transparently priced, whilst in contrast, Defender for Endpoint is more expensive and subject to Microsoft's complex licensing.
SentinelOne has published some seriously impressive video proof of its capabilities, not least where it defeats Maze ransomware in under two minutes. The platform also comes with a built-in ransomware warranty of up to $1 million - a warranty that has never been claimed.
If you're looking for a next generation endpoint protection solution and need help creating a shortlist, here's a direct comparison page to help.
|
||
Business Benefits | ||
Autonomous prevention, detection, and recovery from threats in real-time. |
Yes - continuous security posture assessments. |
Yes |
Fast Recovery |
No - manual ops |
Yes - Can be automated or 1-click |
OS freedom (Windows / Mac / Linux feature parity) |
Yes | Yes |
Fewer alerts with more context |
Partial - high alert volumes |
Yes |
AI-powered prevention, detection, response, and threat hunting. | Manual - separate product | Yes |
API integration |
Graph & Rest - partial |
Yes |
Scalability | Yes | Yes - Support for containers and serverless workloads, especially Kubernetes dynamic workloads. |
Higher accuracy across entire attack surface. | Yes | Yes - Consistent identification of tactics and techniques in the MITRE Phase 2 evaluations. |
Centralised Visibility | Yes - single agent/cloud console architecture. | Yes - full storyline. |
Automation & Control | Yes - automated workload discovery. | Yes - Automated mitigation options via the Storyline Active Response Capability. |
Data analytics | Cloud analytics | No - SentinelOne does not have its own network security sources to add. |
Collection and reporting of; inventory, config and policy management of endpoint devices. |
Yes | Yes |
Mobile Threat Defence |
Yes | Yes |
Ease of deployment |
Yes - on-prem, cloud or hybrid cloud |
Yes - Excellent timeliness and quality of customer support. |
Features | ||
AI across user endpoints, containers, cloud workloads, and IoT devices. |
Yes - AI-guided policy management | Yes - New IoT discovery and protection capabilities in its Ranger product. |
Static & Behavioural AI |
Yes |
Yes |
Exploit protection | Yes | Yes + context |
Lateral movement | Through firewall rules |
Yes + context |
Remediation | Manual / Limited |
Automated |
Rollback | No |
Automated |
Integrated threat feeds | Yes |
Yes |
Remote shell | Yes - Powershell sessions for investigation and remediation. | Yes |
Device control | USB & supported devices |
Yes - Device discovery via Ranger. |
Firewall control | Yes |
Yes |
Bluetooth control | Yes | Yes |
Threat hunting |
Yes |
Yes - full storyline |
Deep visibility | Manual - IPS deep packet inspection. |
Yes |
Event Correlation | No - relies third-party SIEMs and SOARs. |
Yes |
Execution Restriction | Yes - App isolation and Control. | Yes |
Vulnerability scanning | Yes | Yes - Priority list of vulnerable applications. |
Security patching | Yes | Yes |
Triage | Yes | Yes - Investigate in seconds with automated correlations and Storyline. |
Disk Encryption | Yes | No - Missing add-on for fully featured DLP. |
Endpoint Protection |
Endpoint Protection Platform |
|
TESTING BODY |
|
Provided coverage across the attack chain stages |
APT29 2020 |
Scored record results:
|
NR |
Top ROI score and Recommended rating 2019 |
|
NOT CURRENTLY CERTIFIED since 2013 | 99.8% block rate across Windows testing | |
Top Product & ZERO false positives |
100% protection against zero-day malware attacks on Windows |
|
AAA rated: In top 10 vendors 100% Accuracy |
In top 10 vendors Recognized for the commitment to pushing the boundaries of autonomous technology — delivering innovation at scale and speed, and shaping the endpoint market. |
|
Longest installation Time Quickest scheduled scan time Highest CPU usage during scan Quickest file copy, move, and delete time Quickest file compression/decompression
|
|
Performs better than several legacy AV products for the following:
|
All prices calculated at per endpoint per month, for comparison purposes.
Pricing is 'starting from' and based on list pricing. It can be subject to change, volume discounts etc.
Correct at February 2021
Contact us for accurate pricing based on your specific requirements
Minimum purchase - 5 endpoints - only through ITHQ Payment can be billed monthly - only through ITHQ To achieve these prices below, minimum purchase 100 endpoints, billed annually. Quote always required for accurate pricing |
||
Core | Control | Complete |
$4.16 | $4.90 | $9.00 |
Includes full advanced EDR |
All Core features plus device, firewall and bluetooth control |
All Control features plus threat hunting and deep visibility |
Symantec Endpoint Protection Endpoint Detection and Response
Minimum purchase - 50 licenses
Priced according to Insight.com
Initial subscription - 1 year license + 1 year support: $72.99 per device
Editions:
SEP SMB (cloud) | SEP EDR (initial) |
$3.67 per device per month | $6.08 per device per month |