Sold by: Symantec
Deployed on AWS
Free Trial
Symantec Protection Engine for Cloud Services is a flexible and feature rich client/server application that provides primary and advanced malware and threat detection technologies for application data protection through a single yet simple engine maximizing your AWS protection and performance
4.1
Overview
Symantec Protection Engine for Cloud Services is a flexible and feature-rich client/server application that allows customers to incorporate malware and threat detection technologies into almost any application. SPE for Cloud Services provides access to innovate security that helps to ensure the safety of your information on the web. Symantec's file reputation service puts files in context, using their age, frequency, location, and other factors to expose threats that would otherwise be missed. Advanced Machine Learning tunes the solution according to scanning behavior. Protection Engine for Cloud Services includes Symantec's proprietary URL categorization technology and industry-leading malware protection for fast, scalable, and reliable scanning services that help you protect your data and storage systems against the ever-growing malware threat landscape. Alongside native Internet Content Adaptation Protocol (ICAP) support, Protection Engine for Cloud Services provides a full client software development kit (SDK) that enables customers to fully embed malware protection in business-critical applications, services, and devices. Platform support spanning Microsoft Windows, Red Hat Enterprise Linux, Rocky Linux and CentOS ensures that you can take advantage of market-leading malware detection wherever you need it. Rich, easy-to-use centralized console is now available for managing and monitoring all instances.
Highlights
- Advanced protection - Stop known and unknown malware and advanced threats before reaching storage through intelligent file and URL security capabilities, as well as file reputation and advanced machine learning analysis.
- Wide coverage and High Performance - Secure applications effectively on-prem, virtually, and in the hybrid cloud. SDK and ICAP support enables integration with most applications. Scale easily in large cloud and hybrid deployments. Achieve consistent, high performance even in heavy load cloud scenarios.
- Centralized management and monitoring console - Rich, easy-to-use centralized console is now available for managing and monitoring all instances. Policies can be customized and applied to scanner groups consistently and instantly through the console. Events, Alerts and Dashboards keep you vigilant on the security and health posture of your environment.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c5.4xlarge Recommended | $4.65 |
m5.4xlarge | $2.54 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
- Base image OS is Rocky Linux
- To connect to the operating system, use SSH and the username rocky.
- For further instructions see the quick start guide at the following link: https://knowledge.broadcom.com/external/article/218996
- By default REST API is enabled with default password on port 8008. To use REST API modify the AWS security group to allow inbound http traffic on port 8008. It is recommended to change the password before allowing access to REST API service. You should also allow only authorized IP addresses to access REST API
- If you want to use new Symantec Protection Engine console then it is required to enable REST API access.
- Installer of new console is available at /home/rocky/spe-console-installer.exe. You need Windows machine to install SPE console.
- For more information about using REST API and new SPE console check product documentation at https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/9-3-0.html
Resources
Vendor resources
Support
Vendor support
Symantec Technical Support for this product is available via email. For product related queries email to esg-spe-aws-admins.pdl@broadcom.com
NOTE: Broadcom regularly updates this product listing with new version/fixes. Always use latest version available. Broadcom support will be available only for non End-Of-Support versions.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Bitdefender
By Cloud Storage Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Malware and Threat Detection
Advanced malware and threat detection technologies utilizing file reputation service that contextualizes files based on age, frequency, location, and other factors to identify threats.
Machine Learning-Based Analysis
Advanced machine learning capabilities that tune the solution according to scanning behavior to detect known and unknown malware threats.
URL Categorization and Security
Proprietary URL categorization technology providing intelligent URL security capabilities for threat prevention.
Multi-Platform Integration
Client/server architecture with native Internet Content Adaptation Protocol (ICAP) support and full software development kit (SDK) enabling integration with business-critical applications, services, and devices across multiple platforms.
Centralized Management Console
Rich centralized console for managing and monitoring all instances with customizable policies applied to scanner groups and event tracking through alerts and dashboards.
Real-time Threat Detection and Prevention
Machine learning and behavioral analytics detect and mitigate known and emerging threats across file systems, memory, processes, and registry with real-time protection capabilities.
Automatic Remediation and System Recovery
Automatic remediation feature identifies threats and reverses malicious activity by rolling back affected systems to a safe state without disrupting operations.
Scan Offloading and Resource Optimization
Proprietary scan offloading and caching technologies via Bitdefender-hosted Security Virtual Appliances reduce resource consumption and infrastructure overhead for cloud workloads.
Centralized Management and AWS Integration
Centralized GravityZone console with deep AWS integration enables synchronization of inventory with Amazon EC2 and deployment across Amazon Machine Images for unified visibility and control.
Risk Management and Device Control
Integrated risk management and device control capabilities help organizations proactively minimize attack surface across cloud and hybrid infrastructure.
Multi-Engine Malware Detection
Leverages triple engine technology with Sophos, CSS Premium, and CSS Secure engines that can be used simultaneously to optimize accuracy and performance at petabyte scale.
Multiple Scanning Models
Supports Event-based scanning for real-time detection of new/modified objects, Retro scanning for on-demand or scheduled scanning of existing objects, and API-based scanning via REST interface for inline scanning before file storage.
Multi-Source Storage Support
Scans across multiple AWS storage services including Amazon S3, Amazon EBS, Amazon EFS, and Amazon FSx.
Advanced Analysis Techniques
Performs static and dynamic analysis powered by SophosLabs Intelix Platform without executing files, with sandbox detonation capabilities, and forensic analysis with file segmentation by bucket and account.
In-Tenant Data Processing
Solution installs and runs within the customer's AWS account ensuring data never leaves the environment or region, with support for centralized security services account deployment and private VPC endpoint options.
Standard contract
No
No
No
Customer reviews
Eunsok Kim
Detailed policies have improved web protection but integration and pricing still need work
Reviewed on Feb 03, 2026
Review from a verified AWS customer
What is our primary use case?
I tried using Symantec Protection Engine on AWS cloud and have constructed some implementations. It was purchased through AWS marketplace.
What is most valuable?
What I appreciate in Symantec Protection Engine is the Virtual Policy Manager (VPM) and the Application Name feature, which are really effective. The simple match request URL features are basic but highly efficient. The header and request header controls represent a significant improvement compared to other vendors. The categorization and custom categorization features are also excellent. These four elements represent the strongest parts of Symantec Protection Engine.
The seamless integration of Symantec Protection Engine benefits my IT infrastructure, although the Symantec proxy only works with Symantec solutions such as DLP or Content Analyst. Sometimes it works with accounts like Okta or SAML, but third-party solutions usually do not integrate well with Symantec. Only Symantec products work effectively with Symantec.
The high-performance scanning impact on my organization includes improved policies that allow specific redirection to people. The policies are very detailed, enabling me to specify which person receives which policy and how to control company users through these policies. This represents a significant improvement compared to other proxies.
What needs improvement?
Symantec Protection Engine has fewer issues during installations. However, some customers find it confusing to distinguish between the normal proxy and the web proxy because Symantec Protection Engine only controls port 80 and 443, which are HTTP and HTTPS. Because of this limitation, applications or browsers that are not supported sometimes may not work, and certain government sites or other sites may not function. Other national proxies made in Korea and other vendors support all ports.
Complexities can arise when customers use the proxy. The Web UI is good and has many improvements, but there are still some things that need enhancement.
Price is a significant area for improvement. The pricing is quite expensive, and it is particularly high for regular customers. Many customers are considering other vendors because the price is too high.
The Symantec proxy limitation to work only with Symantec products represents another weakness. While it sometimes works with accounts like Okta or SAML, third-party solutions usually do not integrate properly with Symantec. Only Symantec products work with Symantec.
It is difficult to assess whether it remains beneficial to use Symantec Protection Engine in terms of costs because the price is very high. Although the product has benefits, the pricing is extremely high. Symantec Protection Engine works very well for huge companies, but when company size is large, network size is also large, requiring a bigger proxy and significantly higher pricing. The cost multiplies based on scale, making it highly effective for Symantec but at multiple times the standard price.
For how long have I used the solution?
I have been working with Symantec Protection Engine for almost three to four years.
How are customer service and support?
The technical support of Symantec deserves a 10 because they provide extensive support.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment timeframe depends on the size of the implementation, but deployment may require around one hour. I can complete the deployment within one hour since I personally participate in the deployment process. The installation is straightforward, but when the company is large with substantial size and many policies, stabilization may take additional time. However, the deployment itself takes approximately one hour because it is very simple to deploy and install.
What other advice do I have?
I use policy management capabilities with the Visual Policy Manager. The impact of policy management on my security and my customers' security allows me to install policies for specific options, a specific person, or a specific group. The policy layers are very detailed, which I appreciated greatly.
The effectiveness of Symantec Protection Engine's Threat Intelligence Network in protecting against evolving threats is beneficial for the proxy because it has a threat risk level. Symantec officially supports levels 1 through 10, and I would consider levels 8 through 10 acceptable, while levels 5 through 7 are warnings. This system is helpful for customers. In threat protection, the categorization is excellent because Symantec provides strong support for it. Symantec effectively supports categorization, specifying which sites are threat sites, and when I set a suspicious category to deny, it functions effectively.
I do not use the real-time content scanning feature with Symantec Protection Engine; I only use the web proxy structure.
My overall rating for this product is 7.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Abhimanyu Das
Real-time file security has reduced incident tickets and improves threat detection accuracy
Reviewed on Dec 14, 2025
Review from a verified AWS customer
What is our primary use case?
My main use case for Symantec Protection Engine in our organization involves both scanning and protection. We have nearly 200 servers in our environment with the Symantec agent installed. I use Symantec Protection Engine daily as part of our business-as-usual activities, primarily for real-time scanning and protection across SharePoint , web applications, and servers.
Scanning is performed online during file transfers, with optional scheduled scans to catch any missed items. The incident response team at Kyndryl also leverages this tool, integrating it with other platforms to forward logs to our SOC monitoring team.
How has it helped my organization?
Symantec Protection Engine's been a game-changer for us at Kantar—blocks like 80-85% of file-based threats right at the gateway before they hit our 200 servers, cutting down endpoint incidents big time.
The main win is that real-time ICAP scans on NAS and SharePoint uploads quarantine ransomware or phishing docs instantly with ML, so instead of 20+ CrowdStrike remediations a week, we're down to 8-10. SOC shifts save 1-2 hours daily on handovers thanks to the central dashboard and syslog feeds to ServiceNow , freeing us up for phishing deep dives with Trend Micro or CySA+ studying.
Also slashed MTTR by half on server threats 90 mins vs 4 hours by auto-exporting hashes for L3 analysis.
What is most valuable?
The best features of Symantec Protection Engine include machine learning, file reputation, and real-time scanning. It efficiently handles heavy loads through ICAP and cloud-based processing, reducing the burden on endpoints compared to Trend Micro and other endpoint security solutions. Its centralized control is also noteworthy.
Through machine learning, it detects both known and unknown malware and malicious URLs, in addition to performing signature-based scans that assist SOC teams in analysis. The solution is highly effective in leveraging both machine learning and file reputation. Regarding centralized control, it offers a unified management console for policy deployment and provides real-time visibility through dashboards, helping save significant administrative time.
Symantec Protection Engine has had a positive impact on our organization by enhancing our overall security posture. It effectively blocks a high volume of file-based threats across more than 200 servers, saves SOC analysts time in endpoint remediation, and streamlines compliance processes. It further strengthens security through real-time scanning and machine learning-based quarantine, blocking phishing payloads in SharePoint uploads before they reach endpoints, thereby reducing incidents by 30–40% compared to signature-only tools.
What needs improvement?
To improve Symantec Protection Engine, I suggest simplifying its integration with other tools, as it is more complex compared to Trend Micro and CrowdStrike. Making the integration process easier would be highly beneficial.
For how long have I used the solution?
I have used Symantec Protection Engine for approximately two to three years.
What do I think about the stability of the solution?
The reduction has positively impacted our team's workload, decreasing ticket volume by approximately 30 to 40 percent. This means less work for our SOC team, as they now receive fewer tickets. From a cost and resource perspective, this change has been beneficial.
What do I think about the scalability of the solution?
In my experience, Symantec Protection Engine offers efficient scalability, allowing the easy addition of multiple servers. While the on-premises setup depends on the capacity of the installed servers, in AWS we can easily scale from 200 to 500 instances—and sometimes even to thousands daily—through ICAP load-balancing mirroring.
How are customer service and support?
I have interacted with the customer support team for Symantec Protection Engine, and it was excellent to work with them. They provided solutions that were very effective.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have previously worked with multiple tools before using Symantec Protection Engine, including Trend Micro, CrowdStrike, and Microsoft Defender. I used these tools in different projects, alongside Symantec Protection Engine.
How was the initial setup?
Straightforward
What about the implementation team?
consultant
What's my experience with pricing, setup cost, and licensing?
Pricing for Symantec Protection Engine was decent.
Which other solutions did I evaluate?
I didn’t evaluate many other options before choosing Symantec Protection Engine, as it was already part of the project when I joined, so I couldn’t change it. However, I would recommend exploring other tools when the renewal opportunity arises.
What other advice do I have?
Symantec Protection Engine scans incoming content and occasionally raises alerts if it detects anything concerning. It is currently deployed on-premises in our environment. I recommend others consider using Symantec Protection Engine because it is cost-effective.
However, I suggest opting for the cloud version instead of on-premises or hybrid deployments, as the cloud offers better scalability and easier troubleshooting. Overall, I would rate this product 8 out of 10.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Thomas L.
Symantec worked well but I occasionally had issues
Reviewed on Mar 14, 2023
Review provided by G2
What do you like best about the product?
Symantec cloud had a really good mobile app so it was nice to be able to control things from my desktop or from my phone
What do you dislike about the product?
I occasionally had issues with Symantec Cloud Workload Protection. I would be unable to connect and I didn't know why
What problems is the product solving and how is that benefiting you?
Symantec Cloud Workload Protection let me access my company's information when I was remote
Non-Profit Organization Management
Secure system, pop ups are annoying
Reviewed on Nov 16, 2018
Review provided by G2
What do you like best about the product?
I like the security of the system. It is easy to use and access. I would recommend it.
What do you dislike about the product?
There are a lot of pop up boxes that continue to come up. It comes up when I restart my computer. The pop ups can be annoying but are a minor inconvenience for an overall good system.
What problems is the product solving and how is that benefiting you?
The system is secure and that is the primary benefit.
Food & Beverages
Was a reliable software
Reviewed on Sep 29, 2018
Review provided by G2
What do you like best about the product?
Symantec is a user friendly and reliable software that you don’t need to worry about. It’s there and does it’s job so you don’t to think about it which I appreciate.
What do you dislike about the product?
Can’t say I have anything negative to say about it.
What problems is the product solving and how is that benefiting you?
Security status and road mapping issues.