• Cloud-first isn’t the right fit, and the U.S. Navy proved why.
• One smart switch to Symantec Endpoint Protection (SEP) gave the Navy fewer agents, faster endpoints and real, measurable performance gains. 
• With trusted partner Carahsoft, the Navy scaled security and closed critical gaps across air-gapped environments.

As government agencies modernize their cybersecurity stacks, many are discovering go-to, cloud-first security tools don’t always meet the needs of their mission-critical or air-gapped environments. The U.S. Navy recently confronted this reality in their own security stack. 

The Navy’s experience reflects a growing truth across government IT: Modernization doesn’t look the same for everyone, especially in disconnected or high-security environments. Like the Navy, agencies in highly regulated environments must balance innovation and practicality if they hope to keep pace with emerging, sophisticated threats. 

Why the Navy’s endpoint security needed an upgrade

In recent years, the Navy has advanced several new beneficial security initiatives that also brought challenges right along with them. One effort centered on a leading endpoint security provider that performed well in cloud-connected environments but struggled in isolated air-gapped environments—of which the Navy had many. 

At the same time, the growth of AI workloads introduced a new financial variable. AI brought noticeable productivity gains for users, but also drove up cloud costs significantly. With this in mind, all signs pointed to on-prem and air-gapped solutions for budget control. 

To keep workflows airtight, even in air-gapped environments, the Navy chose Symantec solutions via Catalyst Partner Carahsoft and Leidos to modernize its endpoint security and close critical gaps. The results offer insight into what a unified, cost-controlled security strategy can achieve when security is built around mission realities and guided by experienced partners. 

Transforming the SMIT Network 

Modernization efforts first took shape within one of the Navy’s most complex environments: Service Management, Integration, and Transport (SMIT). Supporting approximately 650,000 users, SMIT became the proving ground for a more streamlined approach with Symantec Endpoint Protection (SEP) replacing legacy endpoint agents.

Fewer agents, less complexity

One of the most immediate wins came from consolidation. By replacing a legacy endpoint agent, the Navy unified endpoint protection across Windows, MacOS, and Linux with the single SEP agent. This even removed the need for ePolicy Orchestrator (ePO).

What changed:

• Reduced tool sprawl
• Simplified policy enforcement
• Cleaner endpoint footprint 

Operational efficiency at scale

With a lighter architecture in place, management became significantly easier. The virtualized endpoint infrastructure enabled faster provisioning and easier updates while lowering admin costs. It also led to measurable performance gains like lower CPU and memory usage on endpoints, better performance during heavy-demand events and wider advanced protections across environments. 

Stronger protections built right in

Beyond performance, Symantec also introduced a host of capabilities, including:

• Location awareness
• Host integrity monitoring
• Tamper protection
• Adaptive and predictive protection
• Endpoint deception technologies

Thanks to one seamless transition, devices ran faster and security rose to enterprise-grade protection. Clearly, this was more than a migration. It was a meaningful capability upgrade that users saw measurable benefits from.

Extending protection across legacy

With such promising results, the Navy expanded the approach to other environments that all handle extremely sensitive mission data, including: NAVAIR, Navy Shipyards, and Surface and Undersea Warfare Center. They all benefitted from centralized protection and speedy integration, proving SEP can scale without sacrificing performance or control. 

But performance gains were only part of the story. 

Through a Portfolio Licensing Agreement (PLA), the Navy made the full Symantec suite broadly available without incurring in additional licensing costs. This model helps prevent major future cost surprises, including expensive end-of-life (EOL) OS charges and vendor price hikes—estimated at 300% in some cases. 

For agencies managing large, heterogeneous environments, licensing strategy can be just as important as technical capability. In this case, Symantec delivered both. 

Modern tools for modern threats 

What might’ve seemed like a simple tool swap turned out to be a major cybersecurity strategy shift for the U.S. Navy, as phased implementation won them lightweight centralized management and scalable architecture. With Symantec and Carahsoft providing the foundations and Leidos delivering deployment expertise, the Navy achieved stronger threat response and financial control. 

For agencies navigating their own modernization journey, the Navy’s experience offers a practical blueprint:

• Cloud-first does not mean cloud-only.
• Air-gapped environments still require enterprise-grade protection.
• AI workloads can introduce real cost volatility.
• Agent consolidation can drive measurable performance gains.
• Licensing strategy can unlock major long-term savings. 

Success came not just from selecting the right technology, but from aligning platform strategy, deployment expertise and licencing from the start. Through the Catalyst Partner ecosystem, Carahsoft brings deep expertise and specialized knowledge of the U.S. federal landscape, helping agencies meet mission demands with solutions they know and trust—powered by Broadcom innovation. 

It’s time. Leave legacy security behind, without inviting unpredictable cloud costs. Connect with Carahsoft today to explore how Symantec and Carbon Black can protect government environments and fit budget realities. 

Read the full story in the case study: Transforming Endpoint Security Across U.S. Navy Networks.