15 - Symantec Endpoint Protection

| Strengths | Weaknesses | |-----------|-------------| | Excellent signature and reputation (Insight) – very low false positives for known malware | Heavy agent compared to next-gen competitors (~300-500 MB disk, 100-200 MB RAM idle) | | Strong exploit prevention (memory heap spray, ROP, etc.) | Slower signature updates (legacy pattern updates still occur daily) | | Good offline protection – does not rely on constant cloud connection | EDR capabilities are less intuitive and slower than pure-play EDRs (e.g., CrowdStrike Falcon) | | Mature firewall and IPS built-in (unique among many EDRs) | Management consoles (especially SEPM on-prem) feel dated (Java, slow search, complex UI) | | Linux and macOS coverage is above average for traditional AV vendors | Not a leader in MITRE ATT&CK evaluations for advanced detection |

| Product | Strengths vs. SEP 15 | Weaknesses vs. SEP 15 | |---------|----------------------|------------------------| | | Superior EDR, OS integration, lower cost for M365 shops | Poor Linux coverage, heavy reliance on cloud | | CrowdStrike Falcon | Lightweight agent, world-class EDR, faster detection | Expensive, no on-prem option, no built-in firewall | | SentinelOne Singularity | Autonomous response, rollback, good Linux support | Higher false positives, management console less mature | | Trend Micro Apex One | Similar traditional+NGAV mix, better for OT/ICS | Slower response time | symantec endpoint protection 15

SEP 15 operates on a model with two primary management options: faster detection | Expensive