OneLink Decision on Symantec

Over the last few years, we have presented to all our customers the changes to Symantec technology and business processes as reasons to consider switching to a different vendor.

Due to the continuing worsening situation with Broadcom/Symantec business processes, OneLink has made the decision that any customers that wish to continue using Symantec products do so at their own risk. We will continue to sell and renew Symantec products but with no support or assistance from OneLink of any kind. This includes no pre-sales support to determine if a product will meet your needs and fixing licensing issues after orders are placed. Simply put you tell us what you want and we will order it for you.

Why Should you Switch from Using Symantec Solutions

Technical Support Changes

Broadcom outsourced technical support to their distributors. Initially this included a wide range of distributors in the United States but we now have only one distributor to work with for our commercial customers and another for our government customers. Our original distributor for commercial customers initially hired US based former Symantec resources to provide technical support but due to a recent merger this has changed to off-shore groups that sometimes have challenging communication issues and unproven technical product knowledge.

Licensing Issues and license email requirements

Customer Services used to handle items such as who to contact for sales assistance or fixing licensing issues. Broadcom has removed these services entirely. Unfortunately, despite great effort, licensing issues upon renewal continue to happen due to mistakes by Broadcom. Every renewal require that we provide the previous year’s license email sent by Broadcom. We have manually requested a copy of this email and stored it so we had it at the time of the renewal. Moving forward it is up to our customers to store this email and provide it to us if they wish to renew.

If a licensing mistake happens, OneLink can no longer get these resolved but must instead repurchase and then hope for a properly handled refund. Unless we determine that OneLink did not place the right order, whenever a licensing issue occurs, we will require another payment from the customer to obtain the proper license and then will refund the customer once we receive our refund.

Reseller Changes

Broadcom removed the authorized reseller program. Only their largest partners have access to internal resources. Since this change OneLink has no access to technical product changes or even ongoing education. We have reached the limit of our historical knowledge on the Symantec solutions. All our competitors selling into this market are experiencing the same issue.

The above impacts all Symantec products. The rest of this document only covers Endpoint Protection.

SEP Technical Issues

Over the last year, some of our Symantec Endpoint Protection/Security customers have experienced successful Ransomware attacks. Simply put the older technologies in SEP/SES are no longer adequate on their own to protect you from modern threats. It is also important to note that as the large enterprise market has better protected their environments from ransomware, the focus of the hackers has changed to smaller and medium sized businesses (SMBs). The FBI reported that in 2021 70% of financial losses from ransomware came from SMBs.

Symantec does offer a more expensive solution called Symantec Endpoint Security Complete (SESC). It adds an application firewall to your servers that may block ransomware attacks but you cannot run this on your other systems. It provides a bunch of investigation and mitigation tools but those only help clean up after a successful Ransomware attack. Simply put, even this solution is not adequate on its own and there are better solutions available at a lower price. These solutions are called Endpoint Detection and Response and you will see them called EDR or XDR solutions. EDR provides automatic response and XDR provides tools you use to investigate the source of the infection. These solutions monitor all running processes and as soon as they do something malicious, such as encrypting your hard drive, stop those processes.

  • Major companies like Trend Micro, Sophos, and Trellix (formerly McAfee) now only sell solutions that include EDR technologies
  • There are a few newer companies that sell only the EDR/XDR solutions, such as Malwarebytes, CrowdStrike, and the solution OneLink recommends, SentinelOne Singularity
  • Minor companies like Norton, BitDefender, Avast, Kaspersky, and Microsoft Defender do not offer EDR solutions and offer no better protection than SEP/SES

What should I do?

Right now, any decision you make will require additional investment. The only question is where should you invest. Here are our recommendations:

  1. Invest in a good backup solution first
    • You should have a backup solution and processes in place that are ransomware resilient
  2. Implement defense in depth next
    • Add security to your email and/or web browsing activity
    • This can prevent threats from entering your environment in the first place
  3. Implement a new type of Endpoint Protection Solution called Endpoint Detection and Response often denoted by vendors as EDR or XDR
    • EDR would replace your current endpoint protection solution

You need to weigh the risk and expense of a successful attack against these increased costs. The solutions that OneLink recommends you use are from VERITAS, Trend Micro, SentinelOne, and Conceal. We also can sell all but a few of the backup and security solutions on the market so if you have a specific interest in another vendor, please just reach out to us to discuss.

Recommended Solutions for your Endpoints

Backup Exec for backup

This solution has been on the market for over 40 years. Backup Exec is designed specifically for the SMB market but continues to add functionality normally found in more expensive solutions. It can back up to tape, local drives, NAS devices, and the cloud. Most importantly it prevents any other processes from making changes to your backup sets. This prevents encryption of your backups by Ransomware. The latest version also backs up your M365 environment.

Trend Micro Email Security Standard for email protection

This solution provides technology to scan your email for threats. The email scanning technology scans attachments for malicious code but also checks all embedded links to see where they lead and checks those sites for threats. It also includes anti-spam technology that is more accurate than the free technologies built into your email solutions. The result of these scans should prevent all phishing schemes attempting to infect your environment through social engineering attacks against your users.

Sentinel One Singularity for endpoint protection

Sentinel One (S1) currently provides the best solution on the market for protecting endpoints and investigating infections, Singularity. They have agents to protect Windows, Mac, and Linux. The reason it is the best solution on the market is it can log all activities of all running processes without slowing down your systems. When a malicious process is discovered, this log is sent to their Internet cloud site for evaluation, which then sends down instructions to the local agent on how to fully clean up the results of the attack. Other solutions can stop the malicious process but are not as good with the cleanup. This makes it a truly install-and-forget solution.

Please refer to the Appendix for a detailed comparison of SEP and Singularity.

Trend Micro Worry-Free Services Suites

Trend Micro Worry-Free Business Security Services Normal for endpoint protection

This solution provides the same protection level as SES but with a single, management interface to support all Windows, Linux, Mac, iOS, and Android devices. It includes a basic EDR engine but without any configuration or response capability.

Trend Micro Worry-Free XDR for endpoint and email protection

This solution provides the same protection level as the basic service with a more advanced EDR engine and tools for configuration, response, mitigation, and investigation. Its primary difference from Sentinel One Singularity is the cleanup as was discussed in the Singularity section. It also includes all the capabilities in Trend Micro Email Security Standard.  This provides you a two-in-one solution.

ConcealBrowse for web protection

This solution is an easy-to-install browser extension solution that detects, defends, and isolates malicious, unknown internet activity by your users in real-time. It comes with a centralized cloud-based manager to configure the solution so it works no matter where your users are located. If a user clicks on a URL in an email that traffic is also scanned to protect you.

Pricing for the Recommended Solutions

The pricing provided here is not a quote and is only meant to provide a general idea of your costs. All are subscription pricing that include one year of maintenance.

      • Backup
        • Backup Exec Simple Core Pack is available at $770 for 5 servers
      • Endpoint Protection
        • Solutions without EDR technology:
          • Symantec Endpoint Security (SES) is available at $25/seat/year
          • Trend Micro Worry-Free Business Security Normal is about $36/seat/year
        • Solutions with EDR technology:
          • Singularity Control is about $50-66/seat/year depending on the quantity
        • Solutions with EDR technology and XDR tools:
          • Singularity Complete is about $60-75/seat/year
          • Trend Micro Worry-Free XDR is about $75-90/seat/year – includes email protection
          • Symantec Endpoint Security Complete (SESC) is about $250/seat/year
      • Email Protection
        • Trend Micro Email Security is about $25/seat/year
        • Trend Micro Worry-Free XDR is about $75-90/seat/year – includes endpoint protection
      • Web Protection
        • ConcealBrowse is about $25/seat/year

      Schedule Your Free Consultation Today
      Call       541-946-5133

      Appendix

      This chart compares the features of Symantec Endpoint Protection (SEP) and SentinelOne Singularity. Please read all notes as a direct comparison is difficult due to how they protect your devices differently.

      FeatureSEPSingularity
      Signature-based DetectionX
      File-based DetectionXX
      Process-based Detection1Only right after Opening a FileContinually for all Processes
      Behavior Blocking Artificial IntelligenceOnly for Operating System Triggered EventsAll Activity
      Automated Threat CleanupKnown threat automation but new threat types usually require admin actionThreat stopped immediately then automated cleanup upon connection to the cloud
      Full protection with the local agentRequires cloud for newer threat protection engines to fully functionX
      Desktop firewallXX
      Device control2XX
      File blacklisting3Admin Created ListAutomated
      File whitelisting (exclusions)Admin Created ListAutomated
      Full system scanning requirementAfter each signature updateOnce upon agent installation
      Application Inventory and Vulnerability AnalysisX
      Remote Device Management4X
      One management interfaceX
      Agent device impactCurrently takes 4 GBs+ of memory and growingLess than 200 MBs of memory
      Remote Device Automation5With Singularity Complete
      Threat Investigation ToolsWith SES CompleteWith Singularity Complete
      1 – Executables open processes to function and processes can generate additional processes that are potentially missed by traditional file-based detection technologies
      2 – Device control allows locking down physical system ports so they cannot be used to steal data
      3 – File blacklists in Singularity are provided by SentinelOne with the ability of the admin to add more resulting in replacing the signature detection method used in SEP
      4 – Remote Device Management allows the ability to perform basic admin tasks from a remote location such as rebooting systems, obtaining log files, and other activities potentially necessary to troubleshoot
      5 – Remote Device Automation allows you to push scripts to systems and execute them