Cisco Secure Endpoint Reviews

Name: Cisco Secure Endpoint
Brand: Cisco
Rating: 4.3 (49 reviews)

Vendor: Cisco

4.3 out of 5

49 reviews
96% willing to recommend

286 followers

What is Cisco Secure Endpoint?

Cisco Secure Endpoint is a comprehensive endpoint security solution that natively includes open and extensible extended detection and response (XDR) and advanced endpoint detection and response (EDR) capabilities. Secure Endpoint offers relentless breach protection that enables you to be confident, be bold, and be fearless with one of the industry’s most trusted endpoint security solutions. It protects your hybrid workforce, helps you stay resilient, and secures what’s next with simple, comprehensive endpoint security powered by unique insights from 300,000 security customers and deep visibility from the networking leader.

Get the Cisco Secure Endpoint Buyer's Guide and find out what your peers are saying about Cisco Secure Endpoint, CrowdStrike Falcon, Microsoft Defender for Endpoint and more!

Cisco Secure Endpoint is the #5 ranked solution in top Cisco Security Portfolio solutions, #12 ranked solution in EDR tools, and #13 ranked solution in endpoint security software. PeerSpot users give Cisco Secure Endpoint an average rating of 8.6 out of 10. Cisco Secure Endpoint is most commonly compared to CrowdStrike Falcon: Cisco Secure Endpoint vs CrowdStrike Falcon. Cisco Secure Endpoint is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.

Buyer's Guide

Cisco Secure Endpoint

April 2025

Get the report

Helped 849,686 peers since 2012

Featured Cisco Secure Endpoint reviews

Mark Broughton

Level 2 tech at a tech services company with 11-50 employees

I liked the ability to have a choice between the full scan and the flash scan. There were also a couple of occasions where being able to isolate the machine on the network remotely was very helpful because, at that company, 80 percent of the workforce was remote. Also, the integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful. And in terms of simplifying cybersecurity, being able to have scheduled runs meant we were able to break our endpoints out into different groups. We chose to do different regions and different departments. It was very easy to * set up the groups up * copy the policies from one to the other. Once you understood how to do it, it was really simple to create groups and group them together or apply them to each other. It took a little bit of a learning curve to get up to speed, but once we were up to speed, it was very user-friendly. I also felt that remediating issues using Secure Endpoint was pretty easy. Most of the time, it was a matter of isolating the endpoint that we thought had an issue, running a full scan, confirming that there was no serious issue, and then getting the machine back online. In our case, we were pretty fortunate in that regard, but the remediation appeared to be very simple.

Read full review

Neal Gravatt

Sr Network Engineer at a real estate/law firm with 1-10 employees

I like the central management console where I can see everything that's going on, on all the computers. Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP. One of the things that is most impressive is its ability to give so much insight. That's another of its best features. With the File Trajectory, it shows everything the computer's doing and it can help determine how the virus got onto the computer. You set it and forget it. Once you install it and configure it, it runs the reports, putting everything on the central web console. You're able to subscribe to alerts, so I get an email every time it deletes a virus off of someone's computer. I also get an email if it has a problem, such as if it was unable to delete the entire virus. It will say "Quarantine unsuccessful." It allows as many people as you want to go in and view it. And you set people as administrators or as people that can just view the information. AMP also has several tools you use to link to websites that contain more information about things. They're useful as well. They give you the ability to look at different companies' information; for example, a virus total. You can also connect it to other modules and tools that you have, and it can do things such as quarantine where it will take a computer off the network for you automatically. Those tools are helpful. It provides a concept they call "distance and depth," where you get more than one company's opinion on things. We just started using its Orbital Advanced Search feature. It's relatively new, so we haven't used it a whole lot, but for the little bit that we have used it, it has been a really neat tool. I've only run it on a couple of endpoints so far, but it works pretty well. It just gives you that extra insight to help better understand how the rest of your environment could be affected. Obviously, you're dealing with a computer that has a virus already and this gives you an ability to assess what else could have happened with that virus. It helps provide more information. The Orbital Advanced Search feature also helps to reduce the attack surface and to investigate real-time data on our endpoints. Some of the queries will show you which software packages you have that are vulnerable, like a version of an Office program or an Adobe Reader that has a vulnerability in it. Once you know that information, you can proactively patch the computer or apply updates to it so that it does not become infected. It alerts you to an infection, and then you can say, "Oh, these other computers could be infected by that too." Orbital detects those computers. It reduces the amount of time we spend on that kind of situation by about 20 percent. In terms of the comprehensiveness of the solution, it does Windows great. It works on Macintosh very well. It also does iPhone and Android. It's pretty comprehensive since it covers the majority of operating systems. It also integrates very well with other Cisco products. It has an API interface so you can integrate it with just about any Cisco product. It does have some out-of-the-box stuff and definitely integrates great with all the other Cisco tools. But we use something called Rapid7, it's a vulnerability scanner, and it's able to integrate with it very well to help report data. It works well with some third-party products, but I'm not sure how many.

Read full review

Cole Two-Bears

Systems Architect at a consultancy with 5,001-10,000 employees

There are several valuable features that AMP offers: * Application blacklist * Threat Response * Cognitive Threat Analytics * Threat Grid * Orbital * Endpoint Isolation. We regularly use all these features on a daily basis. E.g., if we have an alert stating exploit prevention was detected on an endpoint, we will look to see what the hash for that executable/application was, then we can add it to a simple blacklist. Then, everyone else in the organization with AMP for Endpoint running that device can prevent it from running. This is really useful in the event that you have some type of malware incident or event where something is trying to propagate. You can squash it then and there. There is also the ability: If you have one device that is running something that's really malicious. You can go ahead and put that in isolation mode to prevent any further spread or damage. I have used Orbital for searching and taking a bit of a deeper dive. It provides detail on assets, users logged in, the IP address, and architecture. It also helps with going through posture assessment, threat hunting, and forensics.

Read full review

Cisco Secure Endpoint video interviews

Watch a video interview with a real Cisco Secure Endpoint user to learn how the Endpoint Protection Platform (EPP) solution helped improve their organization. The video includes info about the challenges and benefits of implementing Cisco Secure Endpoint.

Aug 3, 2023

Does a great job of allowing us to take the individual endpoint assets, do an inventory, and know what the normal state is

Brad Wright

Principal Architect - Cybersecurity at Logicalis

Read review

Cisco Secure Endpoint mindshare

Product category:

As of April 2025, the mindshare of Cisco Secure Endpoint in the Endpoint Protection Platform (EPP) category stands at 1.5%, down from 1.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP)

PeerResearch reports based on Cisco Secure Endpoint reviews

Type	Title	Date
Category	Endpoint Protection Platform (EPP)	Apr 30, 2025	Download
Product	Reviews, tips, and advice from real users	Apr 30, 2025	Download
Comparison	Cisco Secure Endpoint vs Microsoft Defender for Endpoint	Apr 30, 2025	Download
Comparison	Cisco Secure Endpoint vs CrowdStrike Falcon	Apr 30, 2025	Download
Comparison	Cisco Secure Endpoint vs SentinelOne Singularity Complete	Apr 30, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	11.1%	96%	126 interviews Add to research
Microsoft Defender for Endpoint	4.1	10.9%	94%	194 interviews Add to research

Valuable Features

Cisco Secure Endpoint offers significant features like real-time threat prevention, sandboxing, and enhanced integration with Cisco products. Users appreciate the ease of use, scalability, and the ability to track file trajectory. Its cloud-based nature provides extensive protection and centralized management via a user-friendly dashboard. The integration with Talos enhances threat intelligence, while features like Orbital Advanced Search and malware protection add substantial value. Suitable for cloud deployment and multi-platform support, it excels in visibility and analytics.

"Cisco Secure Endpoint is very good in machine learning, which allows it to secure offline contents even if not connected to the internet."
"With Cisco Secure Endpoint, we now have visibility over what is happening on the endpoint side."
"The tool's most valuable feature is its integration with other Cisco products, such as switches and routers. This integration allows comprehensive coverage of security parameters across the customer's entire network. Customers find it easier to manage because they already know Cisco products. The cloud-based management is another valuable feature, enabling customers to manage their security from anywhere with an internet connection."

Room for Improvement

Cisco Secure Endpoint's areas for enhancement include integration with SIEMs, support for IoT, and improved ease of use. Users report challenges with seamless integration, API availability, and analytics depth. The dashboard and reporting features need refinement. Implementation and support complexities can hinder usability, while pricing is perceived as high. Advanced threat detection may lead to performance delays, and the agent installation process is cumbersome. Users seek better multi-platform coverage and removal of agents without admin rights.

"Cisco Secure Endpoint lacks features like DLP which other vendors offer. XDR is new, so integration capabilities with third-party tools need improvement."
"Previously, there were options to uninstall the agent without a password if you had admin access, and this could be improved."
"Cisco Meraki could benefit from AI assistance or intelligent assistance features. Compared to competitors like Juniper, Cisco Meraki currently lacks a digital network assistant, which is an area Cisco is reportedly working on."

ROI

Cisco Secure Endpoint delivers measurable increases in staff productivity with significant reductions in threat detection and response times. It enhances endpoint visibility while reducing the workload on devices. With its cloud-based analysis, it minimizes manual interventions, lowers overhead costs, and integrates with other tools for seamless operation. This leads to effective threat management and substantial financial savings, strengthening operational efficiency and preventing costly disruptions. End users benefit from improved resource utilization and optimized security processes.

Pricing

Cisco Secure Endpoint's pricing is competitive, often cheaper than competitors, though some perceive it as slightly expensive. It offers great value for performance and features. Pricing is flexible, with options for annual subscriptions, MSP models, and Enterprise Agreements. Licensing is on a yearly basis and scales easily, accommodating growth without immediate cost. Customers appreciate the transparency and inclusivity of features without tiered packages, making it appealing for diverse organizational needs.

"The solution's price is about the same as that of Palo Alto solutions."
"It is an expensive solution."
"You must make monthly payments towards the licensing charges attached to the product. There are no extra charges apart from the standard licensing fees associated with the product."

Popular Use Cases

Organizations primarily utilize Cisco Secure Endpoint for endpoint security, email filtering, managing security services, and testing against malicious activity. It integrates with other Cisco tools like Umbrella for comprehensive protection. Users deploy it across various devices, including workstations, servers, and virtual machines, to ensure security against malware. The cloud-based management console provides visibility, control, and integrates with existing Cisco ecosystems for seamless operation across networks, ensuring devices are protected even off the corporate network.

Service and Support

Customers express high satisfaction with Cisco Secure Endpoint's customer service and support. Users appreciate responsive, knowledgeable support personnel. Some note fast response times and effective problem resolution. Tech team availability and support resources are highlighted as beneficial. While a few experienced slower response times, others find Cisco's support structure robust and reliable. Many have successfully avoided needing support, citing comprehensive documentation and user-friendly tools as sufficient for resolving minor issues.

Deployment

Users describe Cisco Secure Endpoint's initial setup as generally straightforward and user-friendly. Some mention the importance of integrating or removing existing security software before installation. Depending on organizational infrastructure, the deployment time varies from minutes to several months. Cloud-based systems are often highlighted for their ease and speed, while larger environments may face logistical challenges. Familiarity with Cisco products and using partners or internal deployment solutions aids the process.

Scalability

Cisco Secure Endpoint is highly scalable, seamlessly supporting environments from a few dozen to tens of thousands of endpoints. Users appreciate its ease of deployment and integration with SecureX. The scalability is consistently rated highly, with many organizations successfully expanding usage across various device types and sizes, including small to large enterprises. The product suits industries like healthcare and manufacturing, ensuring smooth growth without requiring substantial resources.

Stability

Cisco Secure Endpoint demonstrates strong stability, receiving high ratings for dependability and minimal disruptions. Users report it handles workloads efficiently, with minimal performance impact. While some users noted occasional issues, these were swiftly addressed. Cisco Secure Endpoint shows significant improvement over time, with enhancements to features and stability. Despite rare occurrences of instability, most users rate it highly, describing it as reliable, consistent, and well-suited for diverse business environments.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Cisco Secure Endpoint Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

18%

Government

Financial Services Firm

Manufacturing Company

Educational Organization

Healthcare Company

University

Retailer

Comms Service Provider

Insurance Company

Construction Company

Energy/Utilities Company

Real Estate/Law Firm

Non Profit

Media Company

Hospitality Company

Legal Firm

Wholesaler/Distributor

Outsourcing Company

Transportation Company

Performing Arts

Recreational Facilities/Services Company

Logistics Company

Consumer Goods Company

Pharma/Biotech Company

Compare Cisco Secure Endpoint with alternative products

Learn more about Cisco Secure Endpoint

Cisco Secure Endpoint was formerly known as Cisco AMP for Endpoints.

Reviews from Real Users

Cisco Secure Endpoint stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to easily secure their endpoints with one single operation using its management console and its advanced alerting techniques.

Tim C., an IT manager at Van Der Meer Consulting, writes, "The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."

Wouter H., a technical team lead network & security at Missing Piece BV, notes, "Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."

Cisco Secure Endpoint was previously known as Cisco AMP for Endpoints.