Since the Broadcom acquisition, Symantec’s EDR has evolved more slowly than cloud-native competitors (e.g., CrowdStrike, Microsoft Defender for Endpoint, SentinelOne). Features like real-time OSQuery, automated threat hunting across all endpoints, and AI-driven attack storylines lag behind.
SOC teams can contain threats via network isolation, kill processes, delete/quarantine files, and initiate custom remediation scripts directly from the console. Automated playbooks (via Symantec SOAR integration) accelerate routine IR steps. Since the Broadcom acquisition, Symantec’s EDR has evolved
Symantec, now operating as a core brand within Broadcom’s enterprise software portfolio, delivers an EDR solution deeply integrated with its long-established Symantec Endpoint Protection (SEP) platform. From a security operations perspective, here is an evaluation of its strengths and limitations. For existing SEP customers, the EDR module uses
For existing SEP customers, the EDR module uses the same lightweight agent and management console. This minimizes operational friction, agent sprawl, and training overhead — a significant advantage over deploying a standalone EDR alongside a separate AV/EPP. its strengths in threat intelligence
Symantec's Endpoint Detection and Response solution offers a comprehensive set of features and capabilities to detect, investigate, and respond to advanced threats on endpoints. While the solution may be complex and costly, its strengths in threat intelligence, behavioral analysis, and incident response make it a leading contender in the EDR market. Organizations seeking a robust EDR solution with strong threat detection and response capabilities should consider Symantec's offering.