Cisco Secure Endpoint OverviewUNIXBusinessApplication

Cisco Secure Endpoint is the #4 ranked solution in EDR tools and #5 ranked solution in endpoint security software. PeerSpot users give Cisco Secure Endpoint an average rating of 8.6 out of 10. Cisco Secure Endpoint is most commonly compared to Microsoft Defender for Endpoint: Cisco Secure Endpoint vs Microsoft Defender for Endpoint. Cisco Secure Endpoint is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Cisco Secure Endpoint Buyer's Guide

Download the Cisco Secure Endpoint Buyer's Guide including reviews and more. Updated: December 2022

What is Cisco Secure Endpoint?

Cisco Secure Endpoint is a cloud-managed endpoint security solution that provides advanced protection against viruses, malware, and other cyber threats by detecting, preventing, and responding to threats. Cisco Secure Endpoint is managed online via a web-based management console and can be deployed on a variety of platforms. It protects endpoints, networks, emails, and web traffic.

In a world of evolving threats, it’s necessary to put security above everything. Cisco Secure Endpoint provides you with the scope, scale, and capabilities to attain effective security with its integrated portfolio and industry-leading threat intelligence. Cisco Secure Endpoint continuously tracks and analyzes files and file activities across your systems - both remote and on premises - and compares these events to other events that occurred before or during past attacks. If a file exhibits malicious behavior, the tool sends an alert which enables you to stop a potential threat from succeeding.

Key Capabilities of Cisco Secure Endpoint

  • Multi-layered protection: Cisco Secure Endpoint combines behavioral analytics, machine learning, and signature-based techniques to prevent threats from compromising your endpoints.

  • Powerful EDR capabilities: Reduce attack surface using advanced endpoint and extended detection and response, threat hunting, and endpoint isolation.

  • Dynamic malware analysis: Identify and block attacks in real time.

  • Simplified investigations: Advanced search capabilities help you get the information you need about your endpoints fast.

Reviews from Real Users

Cisco Secure Endpoint stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to easily secure their endpoints with one single operation using its management console and its advanced alerting techniques.

Tim C., an IT manager at Van Der Meer Consulting, writes, "The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."

Wouter H., a technical team lead network & security at Missing Piece BV, notes, "Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."

Cisco Secure Endpoint was previously known as Cisco AMP for Endpoints.

Cisco Secure Endpoint Customers

Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank

Cisco Secure Endpoint Video

Cisco Secure Endpoint Pricing Advice

What users are saying about Cisco Secure Endpoint pricing:
  • "We have a license for 3,000 users and if we get up to 3,100 users, it doesn't stop working, but on the next renewal date you're supposed to go in there and add that extra 100 licenses. It's really good that they let you grow and expand and then pay for it. Sometimes, with other products, you overuse a license and they just don't work."
  • "The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market."
  • "Because we do see the value of what it's bringing, I think they have priced it well."
  • "The pricing and licensing fees are okay."
  • "Cisco Secure Endpoint is not too expensive and it's not cheap. It's quite fair."
  • Cisco Secure Endpoint Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Neal Gravatt - PeerSpot reviewer
    Sr Network Engineer at a real estate/law firm with 1-10 employees
    Real User
    Makes it possible to see a threat once and block it across all endpoints and your entire security platform
    Pros and Cons
    • "Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
    • "The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."

    What is our primary use case?

    Cisco AMP is an anti-malware and antivirus product. It provides endpoint protection. We use it as our antivirus and anti-malware tool. We put it on all our computers. Our employees have it on their laptops because they leave the network and we can't protect them everywhere. Microsoft Windows comes with a built-in tool but it's not quite as powerful. So we use Cisco AMP and Microsoft System Center Endpoint.

    Cisco AMP is our primary solution, but we don't uninstall the free ones that come with Windows.

    It runs a little agent on the computer and then you manage it from a website platform. There is an application installed on the computers and they all connect up to the management console, which is hosted in Cisco's cloud.

    You can use it for single endpoints. We have 3,000 that we use and then there's the free version of it you can use for home.

    How has it helped my organization?

    The actionable alerts in the security console are very good and very useful. They alert us immediately when something happens so that we can take action faster, instead of having to wait until a user report's something or until we view the logs. It sends you alerts so that you can know about them as soon as they happen and remediate the problem. It's a very nice feature.

    The solution also makes it possible to see a threat once and block it everywhere, across all endpoints and your entire security platform. You can identify a threat and then mark it as, "If you ever see this file, delete it." It uses something like crowdsourcing, where, if someone works for another company and has AMP and it detects a malicious file on that person's computer, it then updates so that my AMP knows about the virus at that person's company, and protects my company from their virus.

    Cisco AMP simplifies endpoint protection detection and response workflows. I'm the only one who manages it now, so it frees up time for a lot of other people. Once it is deployed and set up, one person can manage and maintain it. That reduces the number of people you have to pay for those responsibilities. The console will show if an AMP agent has checked in and I can use all the search features it has. And it deletes all the viruses so I don't really have to do too much, once it has been installed.

    It has also minimized security risks to our business that we were previously unaware of. It points out vulnerabilities in software that is already installed, such as in Microsoft Office. If you don't have the latest version of Office, AMP proactively lets you know that you could potentially be infected. We didn't have that before. It has a more comprehensive database that's made up of all the information it has collected from my company and all the other companies that use it. It takes all that information and protects your environment from anything it's ever seen.

    When it comes to time to detection, Cisco AMP has taken it from one day to one hour. And our time to remediate has gone from hours to minutes. It does it itself, so we don't have to do anything. 

    I can't think of a case where a computer was infected and AMP did not let us know or missed it. It has never happened to us that the product didn't detect something while another product did detect that problem. So far it has been 100 percent successful.

    What is most valuable?

    I like the central management console where I can see everything that's going on, on all the computers. 

    Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP.

    One of the things that is most impressive is its ability to give so much insight. That's another of its best features. With the File Trajectory, it shows everything the computer's doing and it can help determine how the virus got onto the computer.

    You set it and forget it. Once you install it and configure it, it runs the reports, putting everything on the central web console.

    You're able to subscribe to alerts, so I get an email every time it deletes a virus off of someone's computer. I also get an email if it has a problem, such as if it was unable to delete the entire virus. It will say "Quarantine unsuccessful."

    It allows as many people as you want to go in and view it. And you set people as administrators or as people that can just view the information.

    AMP also has several tools you use to link to websites that contain more information about things. They're useful as well. They give you the ability to look at different companies' information; for example, a virus total. You can also connect it to other modules and tools that you have, and it can do things such as quarantine where it will take a computer off the network for you automatically. Those tools are helpful. It provides a concept they call "distance and depth," where you get more than one company's opinion on things.

    We just started using its Orbital Advanced Search feature. It's relatively new, so we haven't used it a whole lot, but for the little bit that we have used it, it has been a really neat tool. I've only run it on a couple of endpoints so far, but it works pretty well. It just gives you that extra insight to help better understand how the rest of your environment could be affected. Obviously, you're dealing with a computer that has a virus already and this gives you an ability to assess what else could have happened with that virus. It helps provide more information. 

    The Orbital Advanced Search feature also helps to reduce the attack surface and to investigate real-time data on our endpoints. Some of the queries will show you which software packages you have that are vulnerable, like a version of an Office program or an Adobe Reader that has a vulnerability in it. Once you know that information, you can proactively patch the computer or apply updates to it so that it does not become infected. It alerts you to an infection, and then you can say, "Oh, these other computers could be infected by that too." Orbital detects those computers. It reduces the amount of time we spend on that kind of situation by about 20 percent.

    In terms of the comprehensiveness of the solution, it does Windows great. It works on Macintosh very well. It also does iPhone and Android. It's pretty comprehensive since it covers the majority of operating systems.

    It also integrates very well with other Cisco products. It has an API interface so you can integrate it with just about any Cisco product. It does have some out-of-the-box stuff and definitely integrates great with all the other Cisco tools. But we use something called Rapid7, it's a vulnerability scanner, and it's able to integrate with it very well to help report data. It works well with some third-party products, but I'm not sure how many.

    What needs improvement?

    The endpoint agent on a machine doesn't provide much data. 

    And the thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself. There are features that are supposed to work that don't that reduce the duplicates.

    Buyer's Guide
    Cisco Secure Endpoint
    December 2022
    Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    657,849 professionals have used our research since 2012.

    For how long have I used the solution?

    I've been using Cisco AMP for Endpoints for five years. I started with the company as they were in the process of determining if they wanted to use it and they decided they wanted it. I have been managing it ever since. We're upgrading everybody to 7.1.5. They were on version 6.2 for a year. Before that, it was 5.1.

    What do I think about the stability of the solution?

    It's stable. We only had one or two instances, over five years and 3,000 computers, where the agent has stopped working and we had to reinstall it. That's a pretty high percentage of availability, like 99.9 percent of the time there have been no problems.

    How are customer service and support?

    Their technical support is the best. I've never had technical support better than Cisco's in my 15 years working with different companies. Nothing is better than Cisco TAC. The response time is always within an hour or less.

    If you don't get a response in that time, you can have the case put back in the queue. You can easily escalate it. When you open a case, it tells you the engineer who is assigned to it and then gives you a manager's contact information so you don't have to say, "Let me speak to your manager." You already have that information.

    There are tons of support people working 24 hours a day, seven days a week. 

    Also, there are so many users — Cisco customers — that even searching the information online through their support Knowledge Base is good and easy to do, if you don't feel like talking to somebody. You can find a lot of information online whereas one of Cisco's competitors, Palo Alto, has a tool called Traps. It would be a lot harder to find information about that.

    Which solution did I use previously and why did I switch?

    We replaced a Norton product with AMP. Now, we run the default Windows tools that come with it, along with Cisco AMP. The Windows solutions are free but we wanted to buy a more robust one with better ability to search and do forensics. There are similar solutions to Cisco, but it has definitely been an improvement over previous stuff that we've used.

    We have a lot of other Cisco products that it integrates with, and that was one of the reasons we chose Cisco AMP. We did a demo and it was good and it answered the questions we had. We wanted to be secure, so we needed to find an antivirus tool that works. It makes it easier for us to monitor all of the computers for viruses.

    How was the initial setup?

    I helped set up and deploy it. It was pretty straightforward. You go to the web console, tell it to create a package, download it and then install it, and you're done.

    With 3,000 computers, we rolled it out at about 1,000 at a time and it took about three months. We could have done it in a week. We just did it very slowly because any changes you make, you're supposed to do a test community of computers. We did the IT people first because they're smart at troubleshooting things. 

    There's another tool from Microsoft called SCCM, a deployment tool, and as we upgrade the client it takes two days to push it out to the thousands of computers because some people don't turn on their computers for a day or two. Everybody is going to do their deployment differently.

    What was our ROI?

    We have seen return on our investment with this tool. The amount of stuff that it detects and blocks has been very valuable.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is very good and the licensing is somewhat of an honor system. We have a license for 3,000 users and if we get up to 3,100 users, it doesn't stop working, but on the next renewal date you're supposed to go in there and add that extra 100 licenses. It's really good that they let you grow and expand and then pay for it. Sometimes, with other products, you overuse a license and they just don't work.

    Once you pay a license for a client, that's it. Everything else we talked about, the integrations and those kinds of things, is free. There's only one level of licensing too. Some products are set up so that if you pay this much you get these features and if you pay that much you get those features. Here, everything comes with one price.

    Which other solutions did I evaluate?

    The main competitor was Palo Alto with Network Traps. The difference was that Traps would detect viruses but it would not delete them or clean them, whereas AMP did, right out-of-the-box. AMP also worked with multiple operating systems, as I mentioned and the Traps solution did not offer that at the time I looked at it.

    What other advice do I have?

    They keep adding more features to it and there are features you can enable and turn off. One of the best, newer features addresses the fact that it did not work unless you had an internet connection. They put an antivirus engine on there that works when it does not have an internet connection. That was a big deal. It has a lot of capabilities. They keep developing more for it, which makes it a better product.

    Be sure to password-protect it so that users can't disable it. It has a feature to add a password to it which prevents the user from uninstalling or even stopping it. Also, enable that offline antivirus engine called Tetra. You want to be sure to enable that so that it works when it doesn't have an internet connection.

    Using the product, what I've learned is that you need to keep the client up to date. One of the hardest things is that people have computers that come and go. Someone might have a laptop that breaks and the company will give them a new one. You've got to manually find that broken laptop and delete it. You want to make sure you go in there frequently to ensure that the information is accurate or up to date. If you wait too long and there are hundreds and hundreds of computers you have to search and work. That's way too much.

    We did Threat Response and we did a demo of Threat Grid and did not move forward with it. We had it integrated with ISE and Umbrella. Threat Response provides a little bit more information but, honestly, it wasn't that useful. It seemed like it was a repeat of what we could already find through the other tools we had. Threat Response isn't the best add-on to it, but it's free. It provides more information but the response wasn't that good, those times that I used it. Threat Response didn't impress me. It does do more, but it's not that useful.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Mark Broughton - PeerSpot reviewer
    Level 2 tech at a tech services company with 11-50 employees
    Real User
    Top 20
    Tighter integration with Umbrella and Firepower gave us eye-opening information
    Pros and Cons
    • "The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful."
    • "An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."

    What is our primary use case?

    It was our primary endpoint protection. 

    How has it helped my organization?

    The ability to respond rapidly, whether it was doing isolation or threat hunting, helped improve our security. Even when there were a few false positives, it was a good exercise for us to run through and determine what exactly was going on. It was definitely an improvement from what we were using before, which was Trend Micro. That tighter integration definitely helped.

    In the time that I was there, we didn't really have any sufficiently major occurrence that did not turn out to be a false positive. But there was useful stuff coming up on the dashboard, where it showed the vulnerable applications. Being aware that those were in our environment, and what threat level they presented on that one to 10 scale, was helpful. It enabled us to say, "Hey, look, Firefox version 71 is still in our environment, and it's a 10. We need to contact that user and get them to upgrade, or remove it if they're using something else." That definitely allowed us to enhance our security posture.

    That prioritization of threats, particularly on those vulnerable applications, meant we were able to take action using Microsoft Endpoint Manager. We could deploy applications with supersedence to get that old product off of the machines or upgraded. It definitely improved our situation.

    Being able to do pretty immediate research through a simple right-click and threat-detect was very quick and invaluable in making a rapid assessment of what I might be looking at. And with the tighter integration with the Umbrella and Firepower products, when I got in touch with our infrastructure team, they were able to see what I was seeing and more. That was very eye-opening: Wow, look how much information we can get and how quickly we can get that information. We could start evaluating what our status was and what actions we needed to take.

    Overall, the impact on our security was that the endpoints were that much safer than they were before, by eliminating those vulnerable applications. And in the event that there was something that appeared to be significant, we had the ability to isolate that device.

    Also, Cisco Secure Endpoint, as far as I know, consolidated endpoint, cloud, and remote access agents into a single agent. When we bought the product, it was actually Cisco AMP, and then they went to Cisco Secure Endpoint and everything was managed through the cloud. With that change in the agent, I presume that was all moved to a more cloud-oriented situation.

    I would say it improved our time to detection, but that's one of those things that is hard to document. I didn't spend a whole lot of time working with the Trend Micro product, but it seemed to me like it was probably an improvement of at least 30 minutes, which in today's world is forever.

    What is most valuable?

    I liked the ability to have a choice between the full scan and the flash scan.

    There were also a couple of occasions where being able to isolate the machine on the network remotely was very helpful because, at that company, 80 percent of the workforce was remote.

    Also, the integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful.

    And in terms of simplifying cybersecurity, being able to have scheduled runs meant we were able to break our endpoints out into different groups. We chose to do different regions and different departments. It was very easy to

    1. set up the groups up
    2. copy the policies from one to the other.

    Once you understood how to do it, it was really simple to create groups and group them together or apply them to each other. It took a little bit of a learning curve to get up to speed, but once we were up to speed, it was very user-friendly.

    I also felt that remediating issues using Secure Endpoint was pretty easy. Most of the time, it was a matter of isolating the endpoint that we thought had an issue, running a full scan, confirming that there was no serious issue, and then getting the machine back online. In our case, we were pretty fortunate in that regard, but the remediation appeared to be very simple.

    What needs improvement?

    We were using a third-party help desk. One of the ways that they were fixing problems was to delete the client and then add the client back if there was an issue where the client had stopped communicating. Any improvement in the client communicating back to the server would be good, particularly for machines that are offline for a couple of weeks. A lot of our guys were working on a rotation where the machine might be offline for that long. They were also terrible about rebooting their machines, so those network connections didn't necessarily get refreshed. So, anything that could improve that communication would be good.

    Also, an easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful. If you could say, "Okay, we've got these two machines. This one says it's not reporting and this one says it's been reporting. Obviously, somebody did a reinstall," it would help. That way you could get a more accurate device count, so you're not having an inflated number. Not that Cisco was going to come down on you and say, "Oh, you're using too many licenses," right away. But to have a much more accurate license usage count by being able to better dedupe the records would be good.

    I also sent over a couple of other ideas to our technical rep. A lot of that had to do with the reporting options. It would be really nice to be able to do a lot more in the reporting. You can't really drill down into the reports that are there. The reporting and the need for the documentation to be updated and current would be my two biggest areas of complaint.

    Also, there was one section when I was playing with the automation where it was asking for the endpoint type rather than the machine name. If I could have just put in the machine name, that would have been great. So there are some opportunities, when it comes to searching, to have more options. If I wanted to search, for example, by a Mac address because, for some reason, I thought there was a duplication and I didn't have the machine name, how could I pull it up with the Mac address?

    When you're getting to that level, you're really starting to get into the ticky tacky. I would definitely put the reporting and documentation way ahead of that.

    For how long have I used the solution?

    At the company where I used Cisco Secure Endpoint, I used it for about a year and a half. But I'm no longer there.

    What do I think about the stability of the solution?

    It definitely seemed very stable.

    What do I think about the scalability of the solution?

    It looked like it was very scalable. We only had one Mac in the environment, so I can't really comment too much on the Mac side. But on the Windows side, it seemed good.

    There were roughly 800 endpoints and almost all the machines were Dells, whether they were Precisions or Latitudes. There were also Toughbooks because that company was in the oil industry. It was all Windows 10. It was a relatively homogenous environment. There was some variation in which version of the OS people were on, but they were all Windows 10, and probably all 1909 or later.

    How are customer service and support?

    I only had to use the solution's technical support a couple of times and they were really responsive.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We had previously used another product and then replaced that because we were very Cisco-centric. The idea was that switching to Secure Endpoint would give us better integration and thereby enhance our security posture.

    How was the initial setup?

    We just pushed it out from the public cloud through, at that point, the Cisco AMP site. We set up groups and said, "Install these by this date, by this time." It was pretty straightforward.

    The bigger portion for us was getting management to make decisions about how they wanted the policies to be done. How often did they want to do a full scan? How often did they want to do a flash scan? What exactly did they want the policies to be? But once they made those decisions, the configuration was super simple.

    In terms of maintenance, going back to that issue of the duplication of entries, it did require some maintenance as far as making sure that the count was accurate. As we were onboarding and offboarding, we did not have an in-house CRM since we were using a third-party help desk. That meant we were not able to create an automation for the onboarding and offboarding of users. Removing those machines as they went offline was a manual process for us.

    What about the implementation team?

    We did it ourselves.

    Which other solutions did I evaluate?

    When I got there, we did look at one or two others, but they had pretty much made the decision to go with Cisco by the time I arrived.

    What other advice do I have?

    We had a very small IT team, so we didn't have a security team, per se, other than being able to rely upon Cisco for assistance if we saw something that we thought was major. We could have them, if need be, engage their team through the active threat detection. But luckily, everything that we ran into that looked like it might have been something major, turned out to be a false positive.

    With the few false positives that we had, we were able to mobilize and react very quickly. We were able to involve Cisco pretty much right away, and start the threat-hunting routines and look at the virus total scores to determine if it was really a threat. How it entered the environment, et cetera.

    I thought it was very easy to do an investigation to the point that I was involved as the endpoint manager and the administrator of the software. When it came to the real threat hunting, because I didn't have access to Umbrella and Firepower, once I detected something, it got handed off, to a large extent. I would do what I could on my end to isolate the endpoint and get the information over to the infrastructure team, and then they really ran with it.

    I didn't notice it necessarily shutting down threats in advance so much as it threw alerts, but that may be because we did not have the automations and workflows configured to do that, by the time I left that company. That was something that we were looking into and playing with and developing.

    Overall, I really liked the product. It was well done. If I had to say the few things that were lacking, I really would have liked the ability to drill deeper into the reporting. Also, the documentation available online didn't always seem to fit and could be kind of convoluted, and it was difficult to locate what you were looking for.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Cisco Secure Endpoint
    December 2022
    Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    657,849 professionals have used our research since 2012.
    Nicola F. - PeerSpot reviewer
    Infrastructure Engineer at TeamSystem
    Real User
    Top 10
    The clean and user-friendly dashboard provides us with a clear threat picture in our environment, and enables rapid response to threats
    Pros and Cons
    • "appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us."
    • "The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."

    What is our primary use case?

    We have a complete Cisco environment; we use Cisco Firepower, Cisco ACI, and many of their other products. We have many of their top solutions from the network to the data center server.

    How has it helped my organization?

    The solution improved the effectiveness of our security. Before Cisco Secure Endpoint, we used Trend Micro Deep Security for our virtualized environment, but it didn't allow us to track all the malicious events. We can follow them with Cisco, which is a positive change for us. 

    Cisco Secure Endpoint enables us to stop a threat before it spreads across our system. This is a massive improvement for us, as we couldn't follow threats and respond to them as rapidly when we used other solutions. 

    What is most valuable?

    I appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us.

    The Cisco Secure Endpoint dashboard gives a clear view of everything occurring across the environment, making it straightforward to track and solve threats. This direct approach to threats simplifies cyber security, a capability we didn't have from other solutions; it's instrumental. The dashboard is clean and user-friendly. 

    The solution helps prioritize threats as it presents them as low or high-priority, which informs our approach to dealing with them. We can focus on the more severe threats first and protect the integrity of our system. This avoids the problem of having 40 or 50 alerts and not knowing where to start; threat prioritization gives us a starting point. 

    CSE reduced our time to detection, mainly due to the excellent dashboard that gives a clear view of threats developing in real-time. One member of staff monitoring the console can block threats almost immediately and set and customize notification preferences. Once the product is correctly configured, we can stop any threats almost as soon as they arise. This requires some time at first, as the agent deployment isn't easy, so starting in the audit mode for the initial configuration is good. 

    What needs improvement?

    When we first installed the solution, we faced significant issues, as the server needs to be rebooted when the agent upgrades. This isn't easy in a production environment, and we relayed our concerns about this problem to Cisco.

    The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product.

    However, Cisco has improved its product, and version 7.1 ended the need to reboot machines for updates. It's also more stable than before, though I still think they have a lot of work to make this a genuinely stable product. Cisco Secure Endpoint is a developing solution, but they need to do more. It doesn't match up to the offerings from CrowdStrike, FireEye, and perhaps Carbon Black.

    For how long have I used the solution?

    We have been using the solution for two and a half years. 

    What do I think about the stability of the solution?

    For stability, I would rate the product an eight out of ten as there has been significant improvement. If this were a year or two ago, the rating would be five or six. Now it's stable.

    What do I think about the scalability of the solution?

    I want the ability to deploy the solution without using third-party tools. I'm not too fond of that, so I would rate the solution a seven out of ten for scalability.

    How are customer service and support?

    Cisco support is excellent, we need to open a support case, and they are very helpful and responsive. Initially, when we had issues during deployment, we opened too many cases, but that was part of our learning process.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We tried Microsoft ATP and previously used Trend Micro Apex One. We used Trend Micro Deep Security in our VMware environment, which is a hypervisor-level anti-malware. Still, we removed it because it blocked our VM migrations, which significantly impacted our production ecosystem. We had to use DRS to migrate our VMs, and when they don't migrate, that results in an overloaded hypervisor server using all the CPU and RAM. That has a knock-on effect on the other systems and applications, degrading their functions, which is not what we want from an anti-malware solution. Thus, we moved to Cisco Secure Endpoint; we already had a strong connection with Cisco because we use many of their products. It is an affordable offering compared to the competitors, such as Windows Defender ATP.

    How was the initial setup?

    The initial deployment was more complex because the agent behavior was unstable. There is the potential for the agent to block legitimate files on a production server, so we deployed and spent significant time configuring in audit mode. In our case, the production environment is used by developers, so there can be executables that aren't signed in the environment. I'd say deploying in audit mode first to make these configurations and exemptions specific to requirements is essential before activating the agent and leaving it to work.

    We initially deployed the solution manually for testing, and then we used Microsoft SCCM to mass deploy to over 3000 digital machines.

    Our deployment is 90% on-premise and 10% in the Azure cloud, and we're looking to move more into the cloud. We have a different internal environment for internal use, the on-premise part, and it's a big environment with over 3000 machines. We don't have a dedicated customer space, which we plan to resolve.

    Our deployment was slow initially because we weren't sure about the solution. Our line manager was seriously considering removing it in favor of Microsoft ATP. The reboot to update issue was a significant concern, making us question the tool's viability. Automation like SCCM makes the deployment very fast, but it can take anywhere from two weeks to two months to configure the exclusions, notification settings, and dashboard. Learning the solution, using file analysis, the tracking grid, and all the features and tools takes time. CSE isn't an immediate solution.

    What about the implementation team?

    A Cisco partner helped us with the system integration, and two members from Cisco's security team followed the deployment to help us get it started. 

    What was our ROI?

    I don't have the details, but I would say the solution gives us an ROI.

    What's my experience with pricing, setup cost, and licensing?

    The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market. 

    What other advice do I have?

    I would rate this solution an eight out of ten as we are in a Cisco environment. Without that, it would be a seven out of ten.  

    Our biggest challenge was the initial deployment, which required using SCCM or other automated tools like Ansible, Puppet, or Chef. We spent a long time in the audit phase, as the configurations we made didn't integrate well into our environment, causing stability issues.

    We started using SecureX, but we're at the beginning of understanding and fully implementing its capabilities; we need to learn more. We like the integration of Cisco Secure Endpoint with other Cisco products like Firepower NGFW, ISE, and more. We use a proxy as we have another company acting as our SOC; they receive threat alerts and relay them to us.

    I'm satisfied with the solution, and I recommend it to those with other Cisco products. I wouldn't suggest it to those who don't have them.

    Cisco Secure Endpoint requires some knowledge of security and malware. An understanding of heuristics, exploits, and living-off-the-land attacks is essential. I would advise any organization to acquire this knowledge if it doesn't exist in their staff pool before implementing and deploying the solution in a production environment. The solution taught me to take things one step at a time.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Sagar Ghumare - PeerSpot reviewer
    Sr. Network Engineer at a comms service provider with 201-500 employees
    Video Review
    Real User
    Connection to Talos proactively protects us from attacks that happen around the world
    Pros and Cons
    • "Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
    • "In terms of the user experience, if the UX design could be much simpler [that would improve things]... if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something."

    What is our primary use case?

    We use Cisco Secure Endpoint as an antivirus on computers. That is one of the important use cases that we have, as an antivirus.

    How has it helped my organization?

    [It has helped our organization] tremendously. First of all, because we are always on-point in terms of our solution. We are proactively looking into the alerts and Cisco Secure Endpoint is already taking care of looking into it, provisioning it, and fixing it. All those three stages are done by the software itself. We are only looking at in terms of what the statistics look like. That really helped us. 

    Because the solution is taking care of itself, we get the chance to research more on the other side of it rather than focusing on the problem. The moment a problem is there, Cisco Secure Endpoint is already working toward fixing it. That really helps us. I can go home and have [peace of mind] at home, not thinking about whether the next attack is coming and I have to wake up in the middle of the [night] to figure out what's going on. That really helps in a tremendous way.

    It has easily [helped us save] hundreds of hours in a quarter. We are definitely saved because of this solution.

    What is most valuable?

    Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world. Cisco Secure Endpoint gets the information from it. We do get knowledge about all the attacks going across the world. Because Secure Endpoint has a connection to it, we get protected by it right then and there. Rather than our looking for it, and finding out the information, the software does it for us without our having to get in between. That is really an easier way of fixing a problem. Before, we would manually have to look into it. That really helps us. It's taken care of in a way.

    What needs improvement?

    Because the software is doing such a good job, we barely have any recommendations in terms of what can be changed. [However], at this moment, in terms of integration with other software, that could be helpful. 

    And in terms of the user experience, if the UX design could be much simpler [that would improve things]. Because I'm an engineer, I understand what I'm looking at and [for me it's] intuitive in terms of what is there and what is not. But [if] another engineer or someone at the management level or C-level is looking at the portal of the webpage, if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something. If they could improve [on that], that would be great.

    For how long have I used the solution?

    I have been using Cisco Secure Endpoint for more than four and a half years. It's been quite some time.

    What do I think about the stability of the solution?

    The stability of the solution is definitely a 10 out of 10. I have no problems with that at all. It's consistent across the board and that's perfect.

    What do I think about the scalability of the solution?

    The scalability of the solution is really good with SecureX, which is an integration platform. All the other tools are coming together, and that really helps us to scale. I don't have to jump through to different windows. I can see everything in one place. That has really helped a lot since SecureX launched a couple of years ago.

    How are customer service and support?

    Cisco tech support has been really good because they have a chat tool in the portal itself. If there's an issue, we can reach out to them right away. It's pretty quick and easy because the support itself is built in right then and there. I can connect to it whenever I want to, which is really nice.

    I can't rate them at 10 out of 10, nothing is perfect. I would say nine for sure. We all can improve.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    In the beginning, we had previous software. It was like the old way of seeing it, looking for the signatures. By the time we faced a problem and were trying to fix it, it was already too old. We were just not on top of it. It was becoming more of a reactive solution, rather than a proactive approach to fixing the problem. That was the main, driving force for us to find a solution that can be more proactive rather than reactive.

    The antivirus software we used previously was facing a lot of issues with the signature downloads. Antivirus is looking for the signatures, to see if [there is] the respective problem, and trying to match those signatures. This is such an old way of doing it, which was [being done] for quite some time. 

    Secure Endpoint has become a real game-changer in that field because it's a cloud-based approach, and we are already talking about getting signatures, not only for our organization, [but for] attacks [that have] happened to other organizations. We also get that information and we get protected already, without even having to intervene in the process. That really helps in many ways.

    Previously, we were using Sophos antivirus and we replaced it with Cisco Secure Endpoint, which was previously called AMP at the time.

    How was the initial setup?

    I believe we first we did it through our management console, our deployment software that we use to deploy it, for the first stage, to reach our different computers. And once that was done, we are managing the updates to the respective software through the cloud.

    The deployment was easy. But the only reason it was easy was because we already had a deployment solution ready for it. If a new company wants to get this product, and they don't have any management solution they can use to deploy this software, that can be a challenge. 

    A recommendation [for Cisco would be], if they can come up with some deployment process—I understand that's not the priority of the tool itself—but if that can be done, that will be good. 

    But if a company already has a deployment solution that can be used to deploy the software across other computers, then the transition is pretty easy.

    Honestly, [the deployment] is a one-man show. That is also a really good point about it because it can be done by one person all the way. It does not take too many people for you to get the ball rolling, which is a great part. And that really helps us because one person can handle the whole process.

    I'm a senior network engineer with a security background, so I do know what I needed. But a senior help desk engineer can also get this thing done. You don't have to be a senior network engineer or [have] any higher degree in software to understand the product. That is really good about it. Any new person who is just trying to get into the field can learn about it and get going with this process pretty quickly. It's pretty user-intuitive.

    What's my experience with pricing, setup cost, and licensing?

    Because we do see the value of what it's bringing, I think they have priced it well. I understand we have to go through a different licensing process to get this solution, but at the end of the day, the headaches [associated with that], if you were to put it into some kind of a number, it's priced completely reasonably and well as a product. You cannot contemplate the amount of time it takes, sometimes, to fix a problem, and that's already too late. I feel the value of the software is reasonable for what it does.

    Which other solutions did I evaluate?

    We looked into McAfee back in the day, and Windows Defender, and all different [kinds of] antivirus software, but we end up landing on AMP because of that connectivity with the cloud and instant connection to other resources. That really helped as the driving force to select this as our tool.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    System Administrator at a manufacturing company with 201-500 employees
    Real User
    Top 20
    Increases operational efficiency and provides insights into threats out there so that I can be more proactive
    Pros and Cons
    • "It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
    • "In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."

    What is our primary use case?

    We rely on it for antivirus. There are probably three levels, and we have the bottom tier, the most basic one.

    It is on Cisco's cloud. We have the client installed on all workstations, but we don't have a server.

    How has it helped my organization?

    It just gives me more insights into what threats are out there on the machines, so I can be more proactive.

    Actionable alerts in the security console are helpful. With the security console, I immediately get to know about an issue. So, it has sped things up. It also gives you a way to research and see if an issue is spreading, so it has assisted quite a bit.

    It definitely gives a starting point for investigating and mitigating threats. It has research tools, and we can run queries. I have used its Orbital Advanced Search feature. I have run quite a few queries to determine what is out on the network or on the devices that could be a threat. It could be something that is misconfigured or something that we don't want to have running. It is able to quickly run these queries.

    I usually use the Orbital Advanced Search feature for groups. I use it to look for commonality for a threat thread, and it provides good visibility. I've never used it for just one endpoint.

    Orbital Advanced Search helps in reducing the attack surface and investigating real-time data on endpoints. I've only used it a handful of times, and I was mostly looking for whether or not an update has been applied.

    Orbital Advanced Search definitely saves time. I assume money goes right along with time. I don't have to go from desktop to desktop. I have 50 desktops, and if I'm looking for something in particular, it would take at least 15 to 20 minutes per desktop.

    We use Cisco Umbrella. The integration when you use the SecureX console is really good to go from one to the other. I have pulled the endpoint and Cisco Umbrella into SecureX, so I just have one console. It was easy to integrate. They provided really good instructions. This integration just made things more convenient.

    It simplifies endpoint protection, detection, and response workflows, especially for threat hunting. The way it is set up, with the console, I would get to know quickly that we have an issue. It increases operational efficiency because I don't have to go from desktop to desktop. I'm also proactive instead of reactive.

    It has minimized security risks to our business. I've had several desktops where they have triggered an alert, and all I had to do was to go and clean that machine out before the problem spread. 

    It allows us to focus on the incident instead of investigating the group, so we are more efficient. It has decreased our time to remediate because we're focusing on the machines we need to.

    It has decreased our time to detect. I can't quantify the time, but in some of the older antiviruses, the user would say, "Okay, I've got a pop-up, and it has flagged this or that," and then you'd have to go look for it. With this, I know ahead of time, or I know when it happens. 

    What is most valuable?

    We use it as an antivirus. The audit logs are valuable. 

    It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.

    It is quite comprehensive in terms of endpoint protection. I haven't found anything where it was lacking in terms of the protection of our Windows machines.

    What needs improvement?

    While I've attended a lot of their training webinars, they were mostly high-level. They just say that these are the feature, and this is how you access them, but I would like to see more scenario-based information. They should provide us examples of how to resolve something when we see something happening. They should give us an example of the flow on how to resolve it.

    In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through.

    For how long have I used the solution?

    I have been using this solution for about a year. My company had it for about a year and a half before I joined.

    What do I think about the stability of the solution?

    II haven't had any issues with it except for a connector issue. They quickly put out a new one and got rid of the problem. So, it seems to be really stable, and they seem to be reactive when there is a problem.

    What do I think about the scalability of the solution?

    It is good in terms of keeping the machines updated. It is easy to get it installed on the desktop and keep it updated. We have a little over 100 users. They are administrators, project managers, field supervisors, engineers, and sales and support staff, so we have quite a mix.

    We have deployed it on all desktops and laptops currently. I am going to start looking at adding it to mobile devices. Currently, we only have Windows machines covered. We are working on getting it set up on the Mac mobile devices. So, eventually, we will have a lot more depth than we have now.

    How are customer service and support?

    I never had to reach out to them. So far, I have been able to find the documentation that I needed.

    Which solution did I use previously and why did I switch?

    I've only been with the company for a year. They had it when I got there, and we haven't changed anything since then.

    I've used McAfee and Norton, and it does much better than them.

    How was the initial setup?

    I wasn't involved in the initial setup. They did that before I joined the company.

    Its maintenance is done by me. I'm the only IT person. It is not a large company, so it isn't a bad thing.

    What was our ROI?

    It is kind of hard to say what would have happened if you didn't have it. We've got a very stable environment, and it seems to be doing its job. So, I assume we're getting a return on investment.

    What's my experience with pricing, setup cost, and licensing?

    The pricing was negotiated before I started, so I don't really know.

    What other advice do I have?

    I would advise others to take a real hard look at it because it is a good solution for companies of our size. I like the fact that it is managed in the cloud. I don't have to maintain a server presence. It is easy to use. It was a bit of a learning curve to start with because I was completely unfamiliar with it. I just dug in there and figured it out. Its documentation is fairly good.

    If you go through SecureX, everything is right there in terms of user access and device protection. This integration is nice, but so far, it hasn't really saved me any time. It may in the future.

    I believe it makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform, but I never had to do that.

    I would rate Cisco Secure Endpoint an eight out of 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    User1#2% - PeerSpot reviewer
    Application Manager at Huntington National Bank
    Real User
    Top 10
    Strong IDS solution, easy deployment, coverage across multiple platforms with at-a-glance dashboard and many more...
    Pros and Cons
    • "Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
    • "We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."

    What is our primary use case?

    Being the primary AV/IDS within the enterprise, we have the solution deployed across multiple platforms including workstations, servers and Operating Systems.

    The solutions conveniently integrates with other existing on-prem and cloud application will relatively minimum to stand up, using APIs and security best practices.

    Most out-of-the-box features are either being utilized or pipelined to be deployed going forward, including MAP, ETHOS, SPERO, Exploit Prevention, SecureX, and Tetra which serves as an offline definition repository for workstation who are unable to pull definition updates using the default Cisco AMP cloud route.

    How has it helped my organization?

    It has been effective as the primary AV tool.

    The visibility, dashboard and the navigations gives pretty decent insights into threats, IOCs and endpoint events to help with proactive monitoring. Deployment and connector upgrades are straightforward with available technical documentation for most scenarios.

    AMP simplifies endpoint protection, detection, and response workflows, like security investigation, threat hunting, and incident response. By using the solution, we've been able to divert attention towards of the tasks, saving us significant time and effort. It has also served as a one stop shop for endpoint anomaly detection and proactive protection, thwarting the need to gathering inputs from various applications and having to compile that data into one relevant result. It has obviously minimized security risks to the entire business, most importantly, endpoints, servers and other crown-jewel assets. 

    What is most valuable?

    Recently, we have engaged the vendor regarding optimization, bug detections and extended features. Identity persistence, a feature request that was recently granted for instance gives virtual and physical devices deployed using gold image the ability specify an Identity Synchronization option. This persistence feature can apply by MAC address across business, by MAC address across policy or by host name across business.  

    Speaking of scalability, integrating with other Cisco products, secure email, network, SIEM, API, open source and a number of selected proprietary applications have been encouraging.

    Of all valuable features, these are worth mentioning:

    - CI/CD pipelining and feature prioritization by actioning on user requests/ identified bugs, releasing connector upgrades, and deploying console upgrades for better usability

    - Subscription functionality where console administrators able to Subscribe to receive immediate alerts(digest) on specific or group of monitored workstations

    - Identity and access management capability within the console that allow administrators the ability to drill down user visibility on a Role based access control, limiting access to policies, groups, exclusions, and other controls

    In terms of operating system compatibility, the coverage is almost in its entirety. Integration and deployment to Windows workstations, Windows servers, Mac, Linux and mobile is seamless

    Being a unified AV engine, AMP conveniently delivers both Intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) capabilities with a specialty in cloud-delivered protection, next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR)

    What needs improvement?

    Like any other security tool, there's always rooms for improvement. Some of the ways the product can be improved are:

    - Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario

    - Since customers do not have the ability to allow or decline console updates, there have been a number of instances where the console GUI appear buggy and functionalities do not work correctly after an upgrade. This can be improved by informing customers prior to the upgrades.

    Other additional features that should be improved in next releases include:

    - The dashboard is great for quick visibility prior to deeper dive, however, making the dashboard more customization will improve interaction, grant the ability to filter out irrelevant outputs and encourage personalized drill-downs based on daily requirements

    - Integration with enterprise monitoring applications and ticketing systems that differentiates noise, forwards events, generates tickets and have them automatically assigned to application owning group.


    For how long have I used the solution?

    I have been using Cisco AMP for Endpoints for about three years, this is inclusive of my prior assignments before being the SME for the application within the firm.

    What do I think about the stability of the solution?

    Stability is below average. There have been several issues with frequency of release, feature release and wait time for overhanging time-bombs. 

    From a customer stand-point, these released are aimed at fixing known bugs from last release and introducing new features either in beta or live versions. However, this means that an enterprise  running 50K+ endpoints need to go through the rigors of setting up test/dev/qa/pilot then production for iteration, so as to limit the blast radius. 

    This can be tasking if as the frequency increases.

    What do I think about the scalability of the solution?

    Long story short, Cisco AMP is scalable. Having used the product as a 'demanding' customer, I can attest to the availability of proper technical documentation and seamless integration with existing application, infrastructure and appliances 

    How are customer service and technical support?

    - Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario. Also escalations can be more flexible, for instance, certain case priorities (P2, P1) require phoning in, which can be fuel to an already burning bush. 

    How was the initial setup?

    From my understanding, initial setup was tasking with various gray areas. For a new customer trying to set up AMP, there is room for improvement. 

    The initial deployment happened prior to me joining the organization, based on my interactions with the application deployment team, the effort took months.

    Customers can get better during product's initial setup if vendor provides documentation that suggest important objectives like naming convention, default config and collection of product's best practices

    What about the implementation team?

    In-house

    What was our ROI?

    AMP is worth the money. In recent years, we have spent less time/money and require lesser  human resources for task completion. On the higher level, this has saved the firm the need to hire more security engineers to manage the application, reducing overhead cost.

    A discrepancy with  the number of assets per license should be reviewed to apply based on preference or number of endpoints versus ranges.

    Compared to other competitors, there's a significant price difference, although different applications tend to focus more on different cybersecurity functionality

    What other advice do I have?

    It's been really interesting working with the application, going from 5.X.X connector versions up until 7.X.X. As previously highlighted, there are numerous ways to improve the products. Working with the engineers in previous cases, there is the zeal to improve and an attitude that embraces change

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Director of I.T. Services at a non-tech company with 201-500 employees
    Real User
    Top 20
    Straightforward to set up and it provides good visibility into malware being downloaded
    Pros and Cons
    • "The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected."
    • "This product has issues with the number of false positives that it reports."

    What is our primary use case?

    Our primary use case is general antivirus protection.

    This product was deployed to a number of Windows machines, and we also have a VMware environment.

    How has it helped my organization?

    The product gives greater visibility of malware being downloaded by my clientele. In a more general fashion, Cisco Secure Endpoint has helped to prioritize threats. It has allowed us to make more effective use of our security team members.

    Another advantage is that it has improved the effectiveness of our security options. We now have better response times when dealing with outbreaks.

    We have decreased our time to detection, although it is difficult to say by how much because we weren't detecting all of the malware in the past.

    It is reasonably easy to remediate issues using Cisco Secure Endpoint. In part, this is because I don't have to visit the physical machines to remediate them. As such, the time it takes for remediation has been decreased. 

    What is most valuable?

    This solution accelerates threat hunting by automatically promoting endpoint incidents to the Cisco SecureX platform, which is something that is fairly important to us.

    Our systems are monitored by this product, and if threats are detected then the systems are shut down before problems arise. This is something that is fairly important to our organization.

    What needs improvement?

    This product has issues with the number of false positives that it reports. Especially when updates are released for Chrome, many detections report a virus when it really wasn't.

    Another problem that I notice is that Outlook 2016 creates cache files of attachments, and when this product detects them as malware, it can't delete them. I assume this is because Outlook still has the file open. This means that I get notices about the issue but I can't do anything about it until later, after Outlook has closed them. This may not be Cisco's fault as much as it is Microsoft's fault.

    For how long have I used the solution?

    I have been working with Cisco Secure Endpoint for less than a year.

    What do I think about the stability of the solution?

    In my experience, this product is very stable.

    What do I think about the scalability of the solution?

    This is a fairly scalable solution.

    We deployed it to all of our Windows devices. A team consisting of fewer than 10 people receives alerts from the product when there is an issue. The team will follow up on the incidents and any remediation.

    At this point, we have no plans to increase our usage.

    How are customer service and support?

    I have not needed to use Cisco technical support for this product. I am usually happy with their support, so I'm assuming that for this product it will be roughly the same.

    Which solution did I use previously and why did I switch?

    Prior to using this product, I did not have other agents in place to handle the same job. We had implemented Microsoft Defender for Endpoint but that doesn't really have any reporting tools.

    We switched away from Defender because we needed better visibility. There really wasn't any.

    How was the initial setup?

    The initial setup was fairly straightforward. It might have been complex for somebody that hasn't been doing this type of thing for as long as I have. For example, not a lot of people understand deploying things via group policies. In my case, however, I have a lot of experience and it wasn't complicated.

    What about the implementation team?

    The deployment was done in-house, by me. I did not use any external help for the implementation.

    We purchased the product through a reseller, CDW, and our experience with them was straightforward. There were fairly easy to deal with.

    It does not require regular maintenance or monitoring. I receive alerts when they happen but I don't actively monitor it. When an alert happens, an email is sent to a small team of fewer than 10 people.

    What's my experience with pricing, setup cost, and licensing?

    The pricing and licensing fees are okay. As a school, we do not have quite as much funding as a private business might. I wish that there were more of a discount available for educational uses.

    Which other solutions did I evaluate?

    Before choosing Cisco Secure Endpoint, we didn't thoroughly investigate or evaluate other options. We are a Cisco shop and we generally lean toward using Cisco products.

    What other advice do I have?

    My advice for anybody who is considering this solution is that all of their security products should come from the same vendor. This way, your dashboard can be set up to monitor all of them. In my case, because we're a Cisco shop, this product makes sense for us.

    The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected.

    I would rate this solution an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Gassan Shalabi - PeerSpot reviewer
    Manager at UCloud
    Real User
    Top 10
    Catches and blocks harmful files, viruses, and trojans
    Pros and Cons
    • "I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see."
    • "They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."

    What is our primary use case?

    I'm hoping that this is protecting me from all the harmful issues that are happening, because we know exactly what kind of world we are living in on the internet.

    How has it helped my organization?

    I rely on this system. I am hoping that everything is fine with the system and that it will catch any harmful file or virus or trojan. If any of those things happen on my network, it will hold it or stop them.

    It has helped to simplify cybersecurity in my company. I see that there are files that have been blocked. I don't go deep into the reports that I get from the system, but I believe that it's doing its job. I haven't had any serious problems.

    What is most valuable?

    I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see.

    What needs improvement?

    They could simplify the solution and make it a little bit easier to understand how things are happening or if something serious has happened. They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need.

    I would also like it to update itself so that I don't need to click to make that happen. Of course, having to click is not a hard thing to do, but I would like to see things done automatically as much as possible.

    For how long have I used the solution?

    I have been using Cisco Secure Endpoint for a long time. I used it in the last company I worked for and, when I opened my own company, I also started using it. I have been using it for around five years at least.

    What do I think about the stability of the solution?

    It's very stable.

    What do I think about the scalability of the solution?

    I have it installed on about 40 clients. To increase the number of endpoints I just need to download the connector and install it.

    How are customer service and support?

    I have had some difficulties, but I received support from Cisco and, in the end, it was okay. I cannot complain.

    It took me some time to understand how to send in a request. It would be very easy if there were a chat on their site or if it could be done via WhatsApp. But I had to look for an email address, where to send and what were the details that they asked from me at the beginning. It wasn't obvious how to reach out to support.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I did not have a previous solution.

    How was the initial setup?

    The deployment was straightforward. It's easy to understand the steps. I created a profile, downloaded the agent, and installed it on the clients that I wanted it on. The dashboard is in the cloud, hosted by Cisco.

    It is good that you don't have to take care of the system all the time. Once it's installed and stable, you don't need to make adjustments.

    What about the implementation team?

    I used SecureIT and it was perfect. He's very professional and he knows the system. He gave me an introduction to the system and explained the things that I needed to know.

    What was our ROI?

    It's keeping things quiet, so that's a very good return.

    What's my experience with pricing, setup cost, and licensing?

    Cisco Secure Endpoint is not too expensive and it's not cheap. It's quite fair.

    Which other solutions did I evaluate?

    I looked into SentinelOne two months ago. The question is, is the system protecting me enough or not? Sometimes I ask myself, should I put more security on the servers? Doing so is going to make the system work more slowly. I checked SentinelOne because some of my colleagues who have Cisco AMP had an attack that Cisco AMP did not see.

    What other advice do I have?

    The fact that I've been using it for five years already means that I believe I can trust it. Others can also trust it.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2022
    Buyer's Guide
    Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions.