Head-To-Head: Symantec Vs. McAfee In Endpoint Protection

The Endpoint Security Platform Market

Endpoint security platforms have become commonplace on end-user devices and Internet-facing systems. In addition to malware and spyware protection, an enterprise-grade endpoint security platform typically provides some kind of device firewalling, intrusion prevention and data loss prevention capabilities. Symantec is the worldwide leader in enterprise protection market share for enterprises and consumers, according to Gartner. McAfee's enterprise protection platform ranks second in market share worldwide, Gartner said. Security experts say both firms have grown through extensive acquisitions over the years. CRN pits the two competitors head-to-head.

Antivirus-Antimalware Capabilities

McAfee and Symantec each say their endpoint protection platforms support Windows, Mac and Linux systems. The products are designed to provide security defenses against spyware, Trojans, worms and other malicious programs. McAfee SiteAdvisor Enterprise Plus can be configured by administrators to block access to certain websites. McAfee provides behavioral protection to prevent buffer overflow and zero-day attacks. The company also is working closely with parent company Intel on new hardware-based security defenses. Symantec Protection Suite Enterprise Edition uses a Web gateway security strategy to protect against malware, spyware, botnets and viruses. Symantec provides behavioral protection through its SONAR technology for stopping zero-day attacks.

Winner: Draw
Both vendors have demonstrated a desire to grow beyond traditional signature-based technologies to detect advanced threats and thwart malware evasion tactics.

Security Management Console

Symantec provides the Symantec Protection Center (SPC), which provides data collection and analytics capabilities. It integrates with the endpoint protection suite, data loss prevention and Symantec DeepSight data feeds for automated threat intelligence information. It also can connect to third-party vulnerability management solutions, including those from Qualys and Rapid7. McAfee's core management console is the ePolicy Orchestrator (ePO), which provides policy management and reporting capabilities to support all McAfee products. The ePO also integrates with third-party solutions and has more than 150 technology partners that can connect to the centralized console.

Winner: McAfee
The ePolicy Orchestrator has matured to incorporate the integration with a large number of third-party technology vendors. McAfee solution providers have praised the centralized console for reducing complexity and increasing visibility.

Mobile Device Management

Symantec sells mobile device management capabilities through its 2012 acquisition of Odyssey Software. Industry analysts also have praised the company's acquisition of Nukona, a security technology that can wrap certain applications into a sandbox to support corporate policies. Odyssey requires the installation of an agent. Gartner calls Symantec's mobile device management capabilities "solid" and rates it a challenger in its mobile device management software Magic Quadrant. Gartner describes McAfee as offering "basic" mobile device management capabilities. The foundation of McAfee's offering is from its 2010 acquisition of Trust Digital. McAfee also rolled out Secure Container, which supports Android devices and separates corporate and personal data.

Winner: Symantec
The Nukona-Odyssey Software combination has the potential to be a powerhouse for Symantec's mobile security strategy and beneficial for the company's partners.

Data Loss Prevention

The foundation of McAfee's data loss prevention is its acquisition of Onigma in 2006. The company acquired Reconnex in 2008 for its automated data classification and analysis engine. Symantec acquired Vontu for its data loss prevention technology in 2007. McAfee and Symantec extend policy and monitoring capabilities to virtual machines. Both vendors also have focused on fingerprinting for intellectual property protection. Gartner has praised McAfee's activity data capture database for reducing false positives. The research firm credits Symantec with the market leadership title due to its aggressive product road map and engaged customer base.

Winner: Symantec
Symantec's ability to integrate Vontu and aggressively roll out product enhancements working with its customers gives it a clear edge over McAfee in this category.


McAfee merged its acquisition of SafeBoot for endpoint encryption with its existing data loss prevention products in 2008. The company touts its ability to synchronize with Active Directory, PKI and others, its integration with other McAfee products and its centralized console for managing and enforcing security policies. Symantec added encryption giant PGP to its portfolio in 2010 for data encryption and key management for its data loss prevention suite. The company supports full disk encryption and file and folder encryption and has integrated PGP into its Protection Center for centralized management. Symantec also acquired GuardianEdge for its storage encryption and its Altiris Total Management Suite.

Winner: Draw
McAfee partners swear by the company's SafeBoot foundation, and Symantec partners point to the robustness of PGP and GuardianEdge.

Channel Program

Symantec CEO Steve Bennet is architecting a turnaround, telling CRN that channel partners would be relied on more heavily as it reduces its sales force. Symantec has about 90 channel field sales reps and 130 inside channel sales reps. McAfee said its channel partners generate approximately 80 percent of the company's revenue. The company has been boosting marketing and outreach and has made subtle improvements, according to channel partners. McAfee has 78 channel field sales reps and 55 inside channel sales reps. Both the Symantec Partner Program and the McAfee SecurityAlliance Partner Program were honored in CRN's 2013 Partner Program Guide.

Winner: McAfee
Symantec revealed an overhaul of its product strategy in January and is reshaping its partner program. Until more details are available, channel partners say McAfee's steady course makes it a safe bet over Symantec in the near term.

Channel View

Channel partners that CRN interviewed for this head-to-head sell both Symantec and McAfee products and remain vendor-agnostic for their clients. Symantec's channel partners tell CRN that McAfee's program is less complex and in many cases provides higher margins. Symantec's channel model is more complicated in that it provides multiple ways of registering opportunities, according to one solution provider who requested anonymity. Instead of offering margins up front, Symantec gives rebates on the back end when a deal is closed. Robert Anderson, a principal at New York City-based ingenuIT, said Symantec and McAfee will not give smaller partners the same attention they could get from endpoint security vendors struggling to gain market share. Smaller endpoint providers usually are there to provide more support, he said.

Winner: McAfee
Partners interviewed by CRN said McAfee's program was more profitable. Changes to Symantec's sales model remain unclear.

Bottom Line

Symantec continues to have a strong product portfolio and its mobile security platform has great potential, but McAfee comes out on top by the slightest of margins in CRN's analysis. McAfee has spent a lot of time attracting third-party technology partners to integrate with its central policy management console, the ePolicy Orchestrator. McAfee is innovating with hardware-based security technologies, and its endpoint encryption is solid. McAfee's channel program also appears more profitable, partners tell CRN. Symantec will remain a powerhouse for years to come, but the company has not revealed specifics on its strategy overhaul, leaving potential changes to its product road map and channel program unclear.