Datadog vs. Symantec Content & Malware Analysis

Datadog works really well with complex microservices architecture like any E-commerce platform which will be having multiple services but they all are interdependent to others so in this scenario Datadog will be best to monitor these as it will show the transactions also between those microservices. If you are using multiple services in your architecture whether it will be cloud services or on prem services Datadog will be the best choice to monitor all those service with in Datadog so that you can see everything in a single place. But if you are having small architecture and few services in that then in that scenario you can use Datadog but it will be little costly as compared to other but obviously the features are very well.

Incentivized

If you have Symantec based environment including Symantec proxy and endpoints, Content and Malware Analysis is the obvious choice. You can't run the CAS-MAS as a standalone deployment, you need proxies or ICAP supported devices capable to send the files/URLS. It's not a network security device where you can flow/direct the traffic to C/MAS. It does not have UBA, NBA or NTR features, it is just working for analyzing files as expected.

• Create Dashboards as per application, environments, and Custom metrics in one panel.
• Log aggregation, one-stop Application monitoring tools for the whole infrastructure.
• Playbooks, SLA definition, success and error quotas, request visualizations.
• DB monitoring, Serverless stack monitoring.
• Alerting of Production incidents so we can quickly resolve the issues on time.

Incentivized

• 0 day detection and prevenion
• Flawless integration with Symantec Ecosystem
• Integration with other vendors supporting ICAP is also working
• Custom and golden image support
• High performance on busy environments
• Many threats are already detected and prevented through the CAS, it improves the performance drastically.
• Already builtin virustotal integration
• Reference to updates and updates information where I can see the product/service detecting which APTs
• Multiple Antivirus engines which you can select/subscribe
• Manual submission of file is supported through the gui
• URL manual submission is also supported

• Alert windows cause lag in notifications (e.g. if the alert window is X errors in 1 hour, we won't get alerted until the end of the 1 hour range)
• I would appreciate more supportive examples for how to filter and view metrics in the explorer
• I would like a more clear interface for metrics that are missing in a time frame, rather than only showing tags/etc. for metrics that were collected within the currently viewed time frame

Incentivized

• API support is lacking
• Symantec/Broadcom security vision in general
• Symantec support is not perfect
• You can't run the product as a standalone network device
• No packet capture capabiliy or work in span mode
• You need a dedicated hardware to make it run
• You need to buy

There is some room for improvement, but the Datadog team sends out updates frequently, and the UI is user-friendly for engineers, with no significant loading issues or region-specific problems. That was one of the key reasons we preferred Datadog; our company has employees worldwide, and it wasn't difficult to transition to the tool.

Incentivized

The support team usually gets it right. We did have a rather complicate issue setting up monitoring on a domain controller. However, they are usually responsive and helpful over chat. The downside would be I don’t think they have any phone support. If that is important to you this might not be a good fit.

Incentivized

We are still trying other products, but people still like Datadog. After setting up a dashboard, it's great for monitoring instances on Datadog. Also, the DevOps team had a good time setting up Datadog. It means Datadog was way easier to set up compared to those others.

Incentivized

We have been using many solutions even tested nearly all available 0day sandbox solutions in the market. We choose Symantec CMA as we have already Symantec endpoint protection/EDR on the client, Symantec proxy for the web access, SCMA fits our environment. We have a big bargain when we puchase lots of equipment from the Symantec. Detection and prevention is very good at SCMA but some constant issues; like the product is not designed for heterogeneous environments, we can not integrate the SCMA with WAFs, it's lacking in api and request/reply calls. There's no file scanning, discover the option. SIEM integration is not smooth. I can not run some of the SOAR playbooks through the SCMA.

• Saved us (time & money) from developing our own monitoring utilities that would pale in comparison
• Alerts allow us to remedy issues before our customers even know about them
• Tracking resource usage over time allows us to better plan for future needs, before it becomes a pain-point.

Incentivized

• 0-day and APT risk is covered by the SCMA
• As the SSL is inspected and analyzed at Bluecoat proxy servers, hidden threats, malicous files are passed to SCMA to be analyzed.
• Getting full visibility at file trajectory level
• As it's a full proxy and ICAP integration, we are sure that the files are to analyzed and scanned for malicious activity. This is a big plus compared to NGFW analyze concept, as the NGFWs have special failsafe mechanisms allowing bypass of file analysis. SCMA fully catches the hidden threats.
• Flawless integration with Bluecoat systems is a big plus, customers are getting the same type of messages within their browsers.
• A negative impact is the standardization when I deploy SCAM to one of our locations. Then the auditors demand the same coverage within other areas and it comes with the cost. Especially maintaining these devices on premise environment has a significant cost.