Symantec Endpoint Detection and Response (EDR)
Endpoint detection & response (EDR) software
Endpoint protection software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Symantec Endpoint Detection and Response (EDR) and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Energy and utilities
- Public sector and nonprofit organizations
- Banking and insurance
What is Symantec Endpoint Detection and Response (EDR)
Symantec Endpoint Detection and Response (EDR) is an endpoint security product used to detect, investigate, and respond to suspicious activity on Windows, macOS, and Linux endpoints. It is typically used by security operations teams to triage alerts, perform endpoint investigations, and take response actions such as isolating hosts or collecting forensic artifacts. The product is commonly deployed alongside Symantec endpoint protection capabilities and integrates with Symantec’s broader threat intelligence and policy management tooling.
Integrated endpoint protection stack
The product is designed to work closely with Symantec endpoint protection controls, which can reduce operational overhead when an organization standardizes on the same vendor for prevention and detection. This integration supports workflows where prevention events and EDR telemetry are reviewed together during investigations. It can be a practical fit for organizations already using Symantec endpoint security agents and management infrastructure.
Endpoint investigation and response actions
Symantec EDR supports common EDR workflows such as alert triage, process and file investigation, and remote response actions. Typical response capabilities include isolating an endpoint from the network and collecting artifacts to support incident analysis. These features help security teams move from detection to containment without switching tools.
Broad endpoint OS coverage
The platform supports major desktop/server endpoint operating systems used in enterprise environments, including Windows, macOS, and Linux. This helps organizations apply consistent detection and response processes across heterogeneous fleets. It is relevant for mixed environments where security teams want a single EDR workflow across multiple OS types.
Complexity in enterprise deployments
EDR deployments often require careful planning around agent rollout, policy tuning, and integration with existing security operations processes. Organizations may need dedicated security engineering effort to tune detections and reduce noise to an acceptable level. This can be more demanding for smaller IT teams compared with more simplified, fully managed approaches.
Feature set varies by licensing
Capabilities and integrations can depend on the specific Symantec/Broadcom packaging and licensing purchased. This can make it harder to compare editions and ensure required investigation and response features are included before procurement. Buyers typically need to validate what telemetry retention, response actions, and integrations are available in their chosen tier.
Ecosystem transition under Broadcom
Symantec enterprise security products operate under Broadcom, and customers may encounter changes in product naming, packaging, and support processes over time. This can introduce additional diligence for renewals, roadmap alignment, and support expectations. Organizations with strict vendor governance may need to confirm long-term product direction and support channels.
Seller details
Broadcom Inc.
Palo Alto, California, USA
1961
Public
https://www.broadcom.com/
https://x.com/Broadcom
https://www.linkedin.com/company/broadcom/
