OneLink Decision on Symantec
Over the last few years, we have presented to all our customers the changes to Symantec technology and business processes as reasons to consider switching to a different vendor.
Due to the continuing worsening situation with Broadcom/Symantec business processes, OneLink has made the decision that any customers that wish to continue using Symantec products do so at their own risk. We will continue to sell and renew Symantec products but with no support or assistance from OneLink of any kind. This includes no pre-sales support to determine if a product will meet your needs and fixing licensing issues after orders are placed. Simply put you tell us what you want and we will order it for you.
Why Should you Switch from Using Symantec Solutions
Technical Support Changes
Broadcom outsourced technical support to their distributors. Initially this included a wide range of distributors in the United States but we now have only one distributor to work with for our commercial customers and another for our government customers. Our original distributor for commercial customers initially hired US based former Symantec resources to provide technical support but due to a recent merger this has changed to off-shore groups that sometimes have challenging communication issues and unproven technical product knowledge.
Licensing Issues and license email requirements
Customer Services used to handle items such as who to contact for sales assistance or fixing licensing issues. Broadcom has removed these services entirely. Unfortunately, despite great effort, licensing issues upon renewal continue to happen due to mistakes by Broadcom. Every renewal require that we provide the previous year’s license email sent by Broadcom. We have manually requested a copy of this email and stored it so we had it at the time of the renewal. Moving forward it is up to our customers to store this email and provide it to us if they wish to renew.
If a licensing mistake happens, OneLink can no longer get these resolved but must instead repurchase and then hope for a properly handled refund. Unless we determine that OneLink did not place the right order, whenever a licensing issue occurs, we will require another payment from the customer to obtain the proper license and then will refund the customer once we receive our refund.
Broadcom removed the authorized reseller program. Only their largest partners have access to internal resources. Since this change OneLink has no access to technical product changes or even ongoing education. We have reached the limit of our historical knowledge on the Symantec solutions. All our competitors selling into this market are experiencing the same issue.
The above impacts all Symantec products. The rest of this document only covers Endpoint Protection.
SEP Technical Issues
Over the last year, some of our Symantec Endpoint Protection/Security customers have experienced successful Ransomware attacks. Simply put the older technologies in SEP/SES are no longer adequate on their own to protect you from modern threats. It is also important to note that as the large enterprise market has better protected their environments from ransomware, the focus of the hackers has changed to smaller and medium sized businesses (SMBs). The FBI reported that in 2021 70% of financial losses from ransomware came from SMBs.
Symantec does offer a more expensive solution called Symantec Endpoint Security Complete (SESC). It adds an application firewall to your servers that may block ransomware attacks but you cannot run this on your other systems. It provides a bunch of investigation and mitigation tools but those only help clean up after a successful Ransomware attack. Simply put, even this solution is not adequate on its own and there are better solutions available at a lower price. These solutions are called Endpoint Detection and Response and you will see them called EDR or XDR solutions. EDR provides automatic response and XDR provides tools you use to investigate the source of the infection. These solutions monitor all running processes and as soon as they do something malicious, such as encrypting your hard drive, stop those processes.
- Major companies like Trend Micro, Sophos, and Trellix (formerly McAfee) now only sell solutions that include EDR technologies
- There are a few newer companies that sell only the EDR/XDR solutions, such as Malwarebytes, CrowdStrike, and the solution OneLink recommends, SentinelOne Singularity
- Minor companies like Norton, BitDefender, Avast, Kaspersky, and Microsoft Defender do not offer EDR solutions and offer no better protection than SEP/SES
What should I do?
Right now, any decision you make will require additional investment. The only question is where should you invest. Here are our recommendations:
- Invest in a good backup solution first
- You should have a backup solution and processes in place that are ransomware resilient
- Implement defense in depth next
- Add security to your email and/or web browsing activity
- This can prevent threats from entering your environment in the first place
- Implement a new type of Endpoint Protection Solution called Endpoint Detection and Response often denoted by vendors as EDR or XDR
- EDR would replace your current endpoint protection solution
You need to weigh the risk and expense of a successful attack against these increased costs. The solutions that OneLink recommends you use are from VERITAS, Trend Micro, SentinelOne, and Conceal. We also can sell all but a few of the backup and security solutions on the market so if you have a specific interest in another vendor, please just reach out to us to discuss.
Recommended Solutions for your Endpoints
Backup Exec for backup
This solution has been on the market for over 40 years. Backup Exec is designed specifically for the SMB market but continues to add functionality normally found in more expensive solutions. It can back up to tape, local drives, NAS devices, and the cloud. Most importantly it prevents any other processes from making changes to your backup sets. This prevents encryption of your backups by Ransomware. The latest version also backs up your M365 environment.
Trend Micro Email Security Standard for email protection
This solution provides technology to scan your email for threats. The email scanning technology scans attachments for malicious code but also checks all embedded links to see where they lead and checks those sites for threats. It also includes anti-spam technology that is more accurate than the free technologies built into your email solutions. The result of these scans should prevent all phishing schemes attempting to infect your environment through social engineering attacks against your users.
Sentinel One Singularity for endpoint protection
Sentinel One (S1) currently provides the best solution on the market for protecting endpoints and investigating infections, Singularity. They have agents to protect Windows, Mac, and Linux. The reason it is the best solution on the market is it can log all activities of all running processes without slowing down your systems. When a malicious process is discovered, this log is sent to their Internet cloud site for evaluation, which then sends down instructions to the local agent on how to fully clean up the results of the attack. Other solutions can stop the malicious process but are not as good with the cleanup. This makes it a truly install-and-forget solution.
Please refer to the Appendix for a detailed comparison of SEP and Singularity.
Trend Micro Worry-Free Services Suites
Trend Micro Worry-Free Business Security Services Normal for endpoint protection
This solution provides the same protection level as SES but with a single, management interface to support all Windows, Linux, Mac, iOS, and Android devices. It includes a basic EDR engine but without any configuration or response capability.
Trend Micro Worry-Free XDR for endpoint and email protection
This solution provides the same protection level as the basic service with a more advanced EDR engine and tools for configuration, response, mitigation, and investigation. Its primary difference from Sentinel One Singularity is the cleanup as was discussed in the Singularity section. It also includes all the capabilities in Trend Micro Email Security Standard. This provides you a two-in-one solution.
ConcealBrowse for web protection
This solution is an easy-to-install browser extension solution that detects, defends, and isolates malicious, unknown internet activity by your users in real-time. It comes with a centralized cloud-based manager to configure the solution so it works no matter where your users are located. If a user clicks on a URL in an email that traffic is also scanned to protect you.
Pricing for the Recommended Solutions
The pricing provided here is not a quote and is only meant to provide a general idea of your costs. All are subscription pricing that include one year of maintenance.
- Backup Exec Simple Core Pack is available at $770 for 5 servers
- Backup Exec Simple Core Pack is available at $770 for 5 servers
- Endpoint Protection
- Solutions without EDR technology:
- Symantec Endpoint Security (SES) is available at $25/seat/year
- Trend Micro Worry-Free Business Security Normal is about $36/seat/year
- Solutions with EDR technology:
- Singularity Control is about $50-66/seat/year depending on the quantity
- Solutions with EDR technology and XDR tools:
- Singularity Complete is about $60-75/seat/year
- Trend Micro Worry-Free XDR is about $75-90/seat/year – includes email protection
- Symantec Endpoint Security Complete (SESC) is about $250/seat/year
- Solutions without EDR technology:
- Email Protection
- Trend Micro Email Security is about $25/seat/year
- Trend Micro Worry-Free XDR is about $75-90/seat/year – includes endpoint protection
- Web Protection
- ConcealBrowse is about $25/seat/year
Schedule Your Free Consultation Today
This chart compares the features of Symantec Endpoint Protection (SEP) and SentinelOne Singularity. Please read all notes as a direct comparison is difficult due to how they protect your devices differently.
|Process-based Detection1||Only right after Opening a File||Continually for all Processes|
|Behavior Blocking Artificial Intelligence||Only for Operating System Triggered Events||All Activity|
|Automated Threat Cleanup||Known threat automation but new threat types usually require admin action||Threat stopped immediately then automated cleanup upon connection to the cloud|
|Full protection with the local agent||Requires cloud for newer threat protection engines to fully function||X|
|File blacklisting3||Admin Created List||Automated|
|File whitelisting (exclusions)||Admin Created List||Automated|
|Full system scanning requirement||After each signature update||Once upon agent installation|
|Application Inventory and Vulnerability Analysis||X|
|Remote Device Management4||X|
|One management interface||X|
|Agent device impact||Currently takes 4 GBs+ of memory and growing||Less than 200 MBs of memory|
|Remote Device Automation5||With Singularity Complete|
|Threat Investigation Tools||With SES Complete||With Singularity Complete|
2 – Device control allows locking down physical system ports so they cannot be used to steal data
3 – File blacklists in Singularity are provided by SentinelOne with the ability of the admin to add more resulting in replacing the signature detection method used in SEP
4 – Remote Device Management allows the ability to perform basic admin tasks from a remote location such as rebooting systems, obtaining log files, and other activities potentially necessary to troubleshoot
5 – Remote Device Automation allows you to push scripts to systems and execute them