Cisco Secure Endpoint Reviews

We are delivering Cisco solutions and security services to more than 100 customers. We use AMP, which I believe is currently called Cisco Secure Endpoint. We use Umbrella, we use SecureX, we use Meraki, and we, of course, use firewalls. So, it's a very broad range of Cisco products. 

Cisco Secure solutions have improved our company in the sense that we are now moving towards being a managed service provider, which is doing what Cisco is telling about combining your network, your hosting, and your security together in one company so that you can deliver IT services in a carefree way for your customers. So, Cisco is helping us in creating that goal of carefree use of IT.

I'm very glad that for most customers, we have onboarded Cisco Secure Endpoint because it helps us a lot in solving and detecting ransomware. It's being done automatically, so you don't have to worry. It's removing that. Therefore, it is called an EDR solution. It takes care of detection and response, and it's being done automatically. In the case some handling is needed, we have a connection from Cisco Secure Endpoint towards SecureX and ServiceNow. So, we are bringing that very simply to our support engineers. If any handling is needed there, they automatically get a ticket, and they can act.

It has helped a lot in saving time because when you have an automated flow of tickets, a ticket is immediately handled by the support people. They can immediately act in ServiceNow and see what they have to do if something is detected where a manual action is still needed. There are, however, not many cases because AMP already handles a lot of responses automatically. 

We are saving a lot of money on our operational costs because people don't have to enter tickets anymore in the system. Secondly, a lot of response is being done automatically by AMP. That helps us a lot as well in saving costs because, in the past, somebody had to do it manually.

The most valuable feature at this moment is that Cisco AMP or Cisco Secure Endpoint solution is delivering a lot of things, and I always say to a lot of customers that if we didn't have Cisco AMP, we probably would have had ransomware somewhere. So, it's protecting us very well from a lot of hackers, malware, and especially ransomware.

We would like to see the protection from the start of the endpoint till the end. Nowadays, we see that working from home is quite important, so there's a need to protect the whole layer, not only the network of the customer. There is a change towards starting from the process on the endpoint and then protecting that towards the application and the data on the back end. You need to protect that whole layer, which means that you have to have something on your endpoints that can protect. Today, at the Cisco Live event, I heard that there will be an AnyConnect solution from Cisco that will help us in delivering the kinds of security solutions that customers currently want. In some cases, we use AnyConnect, but because SaaS is coming up, many of the solutions or many endpoints are using a browser to make the connection to any place, anytime, and anywhere, so you want to have a secure connection at the start. It should be on every endpoint. I've heard Cisco is developing that right now to have all endpoints, not only laptops, desktops, and tablets, but also mobile devices, connected and secure towards the application and the data at the end. We are using AnyConnect as a VPN solution, but not as a whole set, which is currently being developed by Cisco.

They can combine the platforms and the management tools so that they are a little bit simpler and easy to use.

The integration of the Cisco products for security could be better in the sense that not everything is integrated, and they aren't working together. In addition, not all products are multi-tenant, so you can't separate different customer environments from each other, which makes it a little bit hard for a managed service provider to deliver services to the customers.

The quality of the product should be on top. For instance, when they are being introduced, some firewalls have some bugs, and they are known bugs. So, going to the latest version of the firewall is not always the smartest thing to do. There could be an improvement to help us go to the most modern version.

Cisco's support for their solutions is very good, but it always depends on people. We have a good account manager or service manager from Cisco, and he is helping us a lot in getting the right people from Cisco to talk to, etc. So, it's good. It's a very good arrangement. 

I'd rate them between eight and nine. I don't think that the support organization has to change, but if the tools that you have to use and the management consoles you have to use are simpler, then the support can also be much simpler, and the support department from Cisco can easily support the partners as well.

Positive

I was involved in the implementation of Cisco AMP. When we did a changeover from the traditional antivirus to AMP, I was highly involved. It was an interesting journey, and in the end, we achieved what we wanted to achieve.

It was easy in a certain way, but if you are a managed service provider, you also need to have multi-tenancy. The multi-tenancy support is within Cisco AMP. If you want to implement it, it's not always easy because you cannot do some of the things, such as specifying the policies you want to use, from the top level. You have to do them separately in every tenant, but I've heard that they are going to change it.

We have indeed seen a return on investment for the Cisco Secure solution we have implemented. We've seen the benefits in terms of earning money, but also in terms of extending our services and turnover in many cases.

The pricing and licensing of the security solutions of Cisco are very good in comparison with the competitors, but sometimes, it's difficult to see all the discounts and other kinds of things. So, you have to be careful, but the pricing is good.

I was a part of the evaluation process to go from a traditional antivirus package to a new solution called endpoint detection and response. Of course, there are only two big players, Cisco and Microsoft, in that area. We had to discuss what to do and how to deal with it. Of course, many customers have Microsoft in their workplace, but we are offering Cisco at least for the endpoint service where we have the hosting center. If they want, we can deploy AMP on the endpoints as well. However, there's something to say about the fact that you have two different kinds of EDRs. On your end-user devices, you have Defender, and on your server, you have Cisco, which makes it even more strong.

Traditionally, Cisco comes from the infrastructure. The difference between Cisco and Microsoft security solutions is that Cisco is coming from the infrastructure part, and Microsoft is coming from the data part. What you see is that Microsoft developed its solution from information, from data, and Cisco is coming from the infrastructure. It is deeper in IT. The solutions are deeper, and therefore, they sometimes might be stronger if you are only looking at the top of what's in IT. That makes it a little bit different. So, it's not about who's better or who's stronger. In some cases, they are an addition to each other.

Cisco Secure was the right solution for us. Of course, that was also because of the cost. Because we were already working together with Cisco, we chose Cisco for our hosting center and for all of our services. If the customer wants to have it on their endpoints and user devices, they could use our Cisco solution as well. If they want to have Defender, we support that as well on the endpoints of the user. 

To those evaluating Cisco Secure solution, I'd advise understanding the roadmap and the architecture of Cisco very well and seeing how it can add things. I have to mention Microsoft solutions because there is an added value on top of the Microsoft solutions, and that's what you have to look for. 

Cisco Secure solutions are currently at the level of a seven out of ten, and that's based on the fact that some management consoles are not working together, and in some of the new products, there are still, for instance, some known bugs. That's an issue that could be improved, and they are working on that.

We saw this product with a partner. We installed it and configured it properly along with our antivirus solution. We monitor it almost every day to see what's going on. Up till now, we are very happy with the performance.

We check every day if there are any indicators of compromise, if there are any workstations that need particular attention, or if there are any peculiar or strange events.

The main benefit is that we have visibility on the network. With the combination of Cisco Secure Endpoint and our antivirus, we feel a little bit more secure. We have better monitoring of and overview of what's going on in the network.

It's reliable. It's doing most of the jobs for us, so we don't have to worry. We check it for just 15 minutes per day to be sure that everything is fine.

It doesn't save time, but we feel more confident that everything is okay on the network. It improves our security posture.

It's quite simple, and the advantage I see is that I get the trajectory of what happened inside the network, how a file has been transmitted to the workstation, and which files have got corrupted.

It's able to detect and help remediate threats. So far, my experience is very good. I trust this product. It's quite simple, fast, and reliable. The dashboard and reporting are also quite good.

In terms of features, I don't have any areas for improvement. It has a good interface. Its reporting is also good, and the updates are very frequent. Its price is okay for us, but it can always be better. There's always room for improvement when it comes to pricing.

We have been using this solution for more than a year and a half.

It's reliable. We haven't had any problems so far.

It's easy to scale.

It has been excellent so far. We don't have any problems. I'd rate them a nine out of ten.

Positive

It's the first time we are using this kind of product. We didn't use any other product previously. 

It was quite easy for us. It probably took us three days.

We have a lot of partners, but Netbull is our partner in Greece for Cisco Secure Endpoint.

Its price is fair for us.

We didn't evaluate other products. We had seen this product before. We discussed it with our partners, and we just went for it. Our main thought was to go with a product and brand that we can trust. All our core network is Cisco, so this was the product that came straight into our head.

I'd rate Cisco Secure Endpoint a nine out of ten. It's excellent.

It was our primary endpoint protection. 

The ability to respond rapidly, whether it was doing isolation or threat hunting, helped improve our security. Even when there were a few false positives, it was a good exercise for us to run through and determine what exactly was going on. It was definitely an improvement from what we were using before, which was Trend Micro. That tighter integration definitely helped.

In the time that I was there, we didn't really have any sufficiently major occurrence that did not turn out to be a false positive. But there was useful stuff coming up on the dashboard, where it showed the vulnerable applications. Being aware that those were in our environment, and what threat level they presented on that one to 10 scale, was helpful. It enabled us to say, "Hey, look, Firefox version 71 is still in our environment, and it's a 10. We need to contact that user and get them to upgrade, or remove it if they're using something else." That definitely allowed us to enhance our security posture.

That prioritization of threats, particularly on those vulnerable applications, meant we were able to take action using Microsoft Endpoint Manager. We could deploy applications with supersedence to get that old product off of the machines or upgraded. It definitely improved our situation.

Being able to do pretty immediate research through a simple right-click and threat-detect was very quick and invaluable in making a rapid assessment of what I might be looking at. And with the tighter integration with the Umbrella and Firepower products, when I got in touch with our infrastructure team, they were able to see what I was seeing and more. That was very eye-opening: Wow, look how much information we can get and how quickly we can get that information. We could start evaluating what our status was and what actions we needed to take.

Overall, the impact on our security was that the endpoints were that much safer than they were before, by eliminating those vulnerable applications. And in the event that there was something that appeared to be significant, we had the ability to isolate that device.

Also, Cisco Secure Endpoint, as far as I know, consolidated endpoint, cloud, and remote access agents into a single agent. When we bought the product, it was actually Cisco AMP, and then they went to Cisco Secure Endpoint and everything was managed through the cloud. With that change in the agent, I presume that was all moved to a more cloud-oriented situation.

I would say it improved our time to detection, but that's one of those things that is hard to document. I didn't spend a whole lot of time working with the Trend Micro product, but it seemed to me like it was probably an improvement of at least 30 minutes, which in today's world is forever.

I liked the ability to have a choice between the full scan and the flash scan.

There were also a couple of occasions where being able to isolate the machine on the network remotely was very helpful because, at that company, 80 percent of the workforce was remote.

Also, the integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful.

And in terms of simplifying cybersecurity, being able to have scheduled runs meant we were able to break our endpoints out into different groups. We chose to do different regions and different departments. It was very easy to

1. set up the groups up
2. copy the policies from one to the other.

Once you understood how to do it, it was really simple to create groups and group them together or apply them to each other. It took a little bit of a learning curve to get up to speed, but once we were up to speed, it was very user-friendly.

I also felt that remediating issues using Secure Endpoint was pretty easy. Most of the time, it was a matter of isolating the endpoint that we thought had an issue, running a full scan, confirming that there was no serious issue, and then getting the machine back online. In our case, we were pretty fortunate in that regard, but the remediation appeared to be very simple.

We were using a third-party help desk. One of the ways that they were fixing problems was to delete the client and then add the client back if there was an issue where the client had stopped communicating. Any improvement in the client communicating back to the server would be good, particularly for machines that are offline for a couple of weeks. A lot of our guys were working on a rotation where the machine might be offline for that long. They were also terrible about rebooting their machines, so those network connections didn't necessarily get refreshed. So, anything that could improve that communication would be good.

Also, an easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful. If you could say, "Okay, we've got these two machines. This one says it's not reporting and this one says it's been reporting. Obviously, somebody did a reinstall," it would help. That way you could get a more accurate device count, so you're not having an inflated number. Not that Cisco was going to come down on you and say, "Oh, you're using too many licenses," right away. But to have a much more accurate license usage count by being able to better dedupe the records would be good.

I also sent over a couple of other ideas to our technical rep. A lot of that had to do with the reporting options. It would be really nice to be able to do a lot more in the reporting. You can't really drill down into the reports that are there. The reporting and the need for the documentation to be updated and current would be my two biggest areas of complaint.

Also, there was one section when I was playing with the automation where it was asking for the endpoint type rather than the machine name. If I could have just put in the machine name, that would have been great. So there are some opportunities, when it comes to searching, to have more options. If I wanted to search, for example, by a Mac address because, for some reason, I thought there was a duplication and I didn't have the machine name, how could I pull it up with the Mac address?

When you're getting to that level, you're really starting to get into the ticky tacky. I would definitely put the reporting and documentation way ahead of that.

At the company where I used Cisco Secure Endpoint, I used it for about a year and a half. But I'm no longer there.

It definitely seemed very stable.

It looked like it was very scalable. We only had one Mac in the environment, so I can't really comment too much on the Mac side. But on the Windows side, it seemed good.

There were roughly 800 endpoints and almost all the machines were Dells, whether they were Precisions or Latitudes. There were also Toughbooks because that company was in the oil industry. It was all Windows 10. It was a relatively homogenous environment. There was some variation in which version of the OS people were on, but they were all Windows 10, and probably all 1909 or later.

I only had to use the solution's technical support a couple of times and they were really responsive.

Positive

We had previously used another product and then replaced that because we were very Cisco-centric. The idea was that switching to Secure Endpoint would give us better integration and thereby enhance our security posture.

We just pushed it out from the public cloud through, at that point, the Cisco AMP site. We set up groups and said, "Install these by this date, by this time." It was pretty straightforward.

The bigger portion for us was getting management to make decisions about how they wanted the policies to be done. How often did they want to do a full scan? How often did they want to do a flash scan? What exactly did they want the policies to be? But once they made those decisions, the configuration was super simple.

In terms of maintenance, going back to that issue of the duplication of entries, it did require some maintenance as far as making sure that the count was accurate. As we were onboarding and offboarding, we did not have an in-house CRM since we were using a third-party help desk. That meant we were not able to create an automation for the onboarding and offboarding of users. Removing those machines as they went offline was a manual process for us.

We did it ourselves.

When I got there, we did look at one or two others, but they had pretty much made the decision to go with Cisco by the time I arrived.

We had a very small IT team, so we didn't have a security team, per se, other than being able to rely upon Cisco for assistance if we saw something that we thought was major. We could have them, if need be, engage their team through the active threat detection. But luckily, everything that we ran into that looked like it might have been something major, turned out to be a false positive.

With the few false positives that we had, we were able to mobilize and react very quickly. We were able to involve Cisco pretty much right away, and start the threat-hunting routines and look at the virus total scores to determine if it was really a threat. How it entered the environment, et cetera.

I thought it was very easy to do an investigation to the point that I was involved as the endpoint manager and the administrator of the software. When it came to the real threat hunting, because I didn't have access to Umbrella and Firepower, once I detected something, it got handed off, to a large extent. I would do what I could on my end to isolate the endpoint and get the information over to the infrastructure team, and then they really ran with it.

I didn't notice it necessarily shutting down threats in advance so much as it threw alerts, but that may be because we did not have the automations and workflows configured to do that, by the time I left that company. That was something that we were looking into and playing with and developing.

Overall, I really liked the product. It was well done. If I had to say the few things that were lacking, I really would have liked the ability to drill deeper into the reporting. Also, the documentation available online didn't always seem to fit and could be kind of convoluted, and it was difficult to locate what you were looking for.

We have a complete Cisco environment; we use Cisco Firepower, Cisco ACI, and many of their other products. We have many of their top solutions from the network to the data center server.

The solution improved the effectiveness of our security. Before Cisco Secure Endpoint, we used Trend Micro Deep Security for our virtualized environment, but it didn't allow us to track all the malicious events. We can follow them with Cisco, which is a positive change for us. 

Cisco Secure Endpoint enables us to stop a threat before it spreads across our system. This is a massive improvement for us, as we couldn't follow threats and respond to them as rapidly when we used other solutions. 

I appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us.

The Cisco Secure Endpoint dashboard gives a clear view of everything occurring across the environment, making it straightforward to track and solve threats. This direct approach to threats simplifies cyber security, a capability we didn't have from other solutions; it's instrumental. The dashboard is clean and user-friendly. 

The solution helps prioritize threats as it presents them as low or high-priority, which informs our approach to dealing with them. We can focus on the more severe threats first and protect the integrity of our system. This avoids the problem of having 40 or 50 alerts and not knowing where to start; threat prioritization gives us a starting point. 

CSE reduced our time to detection, mainly due to the excellent dashboard that gives a clear view of threats developing in real-time. One member of staff monitoring the console can block threats almost immediately and set and customize notification preferences. Once the product is correctly configured, we can stop any threats almost as soon as they arise. This requires some time at first, as the agent deployment isn't easy, so starting in the audit mode for the initial configuration is good. 

When we first installed the solution, we faced significant issues, as the server needs to be rebooted when the agent upgrades. This isn't easy in a production environment, and we relayed our concerns about this problem to Cisco.

The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product.

However, Cisco has improved its product, and version 7.1 ended the need to reboot machines for updates. It's also more stable than before, though I still think they have a lot of work to make this a genuinely stable product. Cisco Secure Endpoint is a developing solution, but they need to do more. It doesn't match up to the offerings from CrowdStrike, FireEye, and perhaps Carbon Black.

We have been using the solution for two and a half years. 

For stability, I would rate the product an eight out of ten as there has been significant improvement. If this were a year or two ago, the rating would be five or six. Now it's stable.

I want the ability to deploy the solution without using third-party tools. I'm not too fond of that, so I would rate the solution a seven out of ten for scalability.

Cisco support is excellent, we need to open a support case, and they are very helpful and responsive. Initially, when we had issues during deployment, we opened too many cases, but that was part of our learning process.

Positive

We tried Microsoft ATP and previously used Trend Micro Apex One. We used Trend Micro Deep Security in our VMware environment, which is a hypervisor-level anti-malware. Still, we removed it because it blocked our VM migrations, which significantly impacted our production ecosystem. We had to use DRS to migrate our VMs, and when they don't migrate, that results in an overloaded hypervisor server using all the CPU and RAM. That has a knock-on effect on the other systems and applications, degrading their functions, which is not what we want from an anti-malware solution. Thus, we moved to Cisco Secure Endpoint; we already had a strong connection with Cisco because we use many of their products. It is an affordable offering compared to the competitors, such as Windows Defender ATP.

The initial deployment was more complex because the agent behavior was unstable. There is the potential for the agent to block legitimate files on a production server, so we deployed and spent significant time configuring in audit mode. In our case, the production environment is used by developers, so there can be executables that aren't signed in the environment. I'd say deploying in audit mode first to make these configurations and exemptions specific to requirements is essential before activating the agent and leaving it to work.

We initially deployed the solution manually for testing, and then we used Microsoft SCCM to mass deploy to over 3000 digital machines.

Our deployment is 90% on-premise and 10% in the Azure cloud, and we're looking to move more into the cloud. We have a different internal environment for internal use, the on-premise part, and it's a big environment with over 3000 machines. We don't have a dedicated customer space, which we plan to resolve.

Our deployment was slow initially because we weren't sure about the solution. Our line manager was seriously considering removing it in favor of Microsoft ATP. The reboot to update issue was a significant concern, making us question the tool's viability. Automation like SCCM makes the deployment very fast, but it can take anywhere from two weeks to two months to configure the exclusions, notification settings, and dashboard. Learning the solution, using file analysis, the tracking grid, and all the features and tools takes time. CSE isn't an immediate solution.

A Cisco partner helped us with the system integration, and two members from Cisco's security team followed the deployment to help us get it started. 

I don't have the details, but I would say the solution gives us an ROI.

The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market. 

I would rate this solution an eight out of ten as we are in a Cisco environment. Without that, it would be a seven out of ten.  

Our biggest challenge was the initial deployment, which required using SCCM or other automated tools like Ansible, Puppet, or Chef. We spent a long time in the audit phase, as the configurations we made didn't integrate well into our environment, causing stability issues.

We started using SecureX, but we're at the beginning of understanding and fully implementing its capabilities; we need to learn more. We like the integration of Cisco Secure Endpoint with other Cisco products like Firepower NGFW, ISE, and more. We use a proxy as we have another company acting as our SOC; they receive threat alerts and relay them to us.

I'm satisfied with the solution, and I recommend it to those with other Cisco products. I wouldn't suggest it to those who don't have them.

Cisco Secure Endpoint requires some knowledge of security and malware. An understanding of heuristics, exploits, and living-off-the-land attacks is essential. I would advise any organization to acquire this knowledge if it doesn't exist in their staff pool before implementing and deploying the solution in a production environment. The solution taught me to take things one step at a time.

The solution is easy to deploy and applies multi-factor authentication. 

The solution can be cheaper. 

I have been using Cisco Secure Endpoint for six years. 

The initial setup is straightforward.

It is an expensive solution. 

I rate the overall solution a nine out of ten. 

Emphasizing robust prevention and comprehensive security measures, it offers stable functionality. There are several valuable features including strong prevention and exceptional reporting capabilities.

The pricing policy could be more competitive, similar to Cisco's offerings. Cisco recently introduced the SecureX platform, where all the different platforms are consolidated. This means you need a single account to access all the platforms, simplifying the process. However, it can still be a bit frustrating because the access isn't straightforward. There are different links for logging in, and depending on which link you use, you might encounter issues with admin rights, even if you are an admin. It seems there are some access problems during the transition and migration process, which has affected my system as well.

For instance, we had the Cisco Mail gateway, and I used to have specific links to report and configure guardian and spam checks for emails. Now, all of these have also been moved to the SecureX platform, which doesn't always function smoothly when logging in. Sometimes, I still have to log in using my old links. It's a bit inconvenient, but that's how it is.

I have been using Cisco Secure Endpoint for the past two years. 

I would rate the stability nine out of ten. 

It is a scalable product and I would rate it eight out of ten. 

They have separate support departments for different products, and the experience can vary depending on the product. For instance, Cisco Meraki Support is notably excellent and quick. In contrast, the support for some other Cisco products may be slightly less effective or even more outstanding. They tend to be slow when responding to inquiries. Personally, I have had a good experience with Cisco.

Regarding maintenance, we receive the latest updates automatically. I handle tasks such as installing the updates, assigning licenses, and installing the agent. Additionally, I check for insights on the computers where the agent is installed. These insights provide reports on various aspects, such as the computer's Windows update status and whether the antivirus is on the latest version, among other things.

It is a subscription-based product. 

I would overall rate the product an eight out of ten and recommend it to fellow users.

I implemented the solution in my company to use its managed endpoint protection in my company's use cases. Most of the users of Cisco Secure Endpoint in my company are unaware that they use the product. Our company only uses it to isolate possible malware on the endpoints. Our company uses the solution in collaboration with other software protection tools we have so that it helps us to look into cases where possible malware or attacks can happen.

The most valuable feature of the solution is its technical support. In most cases, it's very difficult or complicated to incorporate Cisco Secure Endpoint in the IT environment, and most of the messages that appear are not very clear. It is a reliable tool. After the setup phase, I realized that it is a reliable tool.

The initial implementation of Cisco Secure Endpoint can be a pain and is an area in the solution that needs improvement. After the initial implementation phase, a person gets support from Cisco, making it a solid tool.

The solution needs to improve in the area of the specific details of the threats it provides to its users.

I have been using Cisco Secure Endpoint for three years.

After the presence and use of the solution in our company for three years, I rate the solution's stability a nine out of ten.

Since we haven't had any expansion in our company's infrastructure, I won't be able to comment on the solution's scalability feature.

All of the employees in the back-end processes of our company are users of the solution since the product is implemented on all the PCs and servers. From an IT perspective, only two people use the solution in the company. One person looks after the maintenance of the solution, while the other person looks at the messaging part of the solution.

My company has chosen an outsourced option to get technical support of the solution since we don't get any technical support internally. 

The initial setup of Cisco Secure Endpoint is complex.

Speaking about the deployment process, during the initial phase of using Cisco Secure Endpoint, we were getting a lot of false positives in our company, making it pretty hard for us initially since we had to cut endpoints until we could stabilize the solution.

My company does make annual payments towards the licensing costs of the solution. Cisco Secure Endpoint is a little bit expensive. The pricing for licenses is pretty expensive for the moment, but it is a good solution.

My company wants to stop using Cisco Secure Endpoint and opt for another solution.

I recommend the solution to those planning to use it.

I rate the overall solution an eight or nine out of ten.

We use Cisco Secure Endpoint as an antivirus on computers. That is one of the important use cases that we have, as an antivirus.

[It has helped our organization] tremendously. First of all, because we are always on-point in terms of our solution. We are proactively looking into the alerts and Cisco Secure Endpoint is already taking care of looking into it, provisioning it, and fixing it. All those three stages are done by the software itself. We are only looking at in terms of what the statistics look like. That really helped us. 

Because the solution is taking care of itself, we get the chance to research more on the other side of it rather than focusing on the problem. The moment a problem is there, Cisco Secure Endpoint is already working toward fixing it. That really helps us. I can go home and have [peace of mind] at home, not thinking about whether the next attack is coming and I have to wake up in the middle of the [night] to figure out what's going on. That really helps in a tremendous way.

It has easily [helped us save] hundreds of hours in a quarter. We are definitely saved because of this solution.

Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world. Cisco Secure Endpoint gets the information from it. We do get knowledge about all the attacks going across the world. Because Secure Endpoint has a connection to it, we get protected by it right then and there. Rather than our looking for it, and finding out the information, the software does it for us without our having to get in between. That is really an easier way of fixing a problem. Before, we would manually have to look into it. That really helps us. It's taken care of in a way.

Because the software is doing such a good job, we barely have any recommendations in terms of what can be changed. [However], at this moment, in terms of integration with other software, that could be helpful. 

And in terms of the user experience, if the UX design could be much simpler [that would improve things]. Because I'm an engineer, I understand what I'm looking at and [for me it's] intuitive in terms of what is there and what is not. But [if] another engineer or someone at the management level or C-level is looking at the portal of the webpage, if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something. If they could improve [on that], that would be great.

I have been using Cisco Secure Endpoint for more than four and a half years. It's been quite some time.

The stability of the solution is definitely a 10 out of 10. I have no problems with that at all. It's consistent across the board and that's perfect.

The scalability of the solution is really good with SecureX, which is an integration platform. All the other tools are coming together, and that really helps us to scale. I don't have to jump through to different windows. I can see everything in one place. That has really helped a lot since SecureX launched a couple of years ago.

Cisco tech support has been really good because they have a chat tool in the portal itself. If there's an issue, we can reach out to them right away. It's pretty quick and easy because the support itself is built in right then and there. I can connect to it whenever I want to, which is really nice.

I can't rate them at 10 out of 10, nothing is perfect. I would say nine for sure. We all can improve.

Positive

In the beginning, we had previous software. It was like the old way of seeing it, looking for the signatures. By the time we faced a problem and were trying to fix it, it was already too old. We were just not on top of it. It was becoming more of a reactive solution, rather than a proactive approach to fixing the problem. That was the main, driving force for us to find a solution that can be more proactive rather than reactive.

The antivirus software we used previously was facing a lot of issues with the signature downloads. Antivirus is looking for the signatures, to see if [there is] the respective problem, and trying to match those signatures. This is such an old way of doing it, which was [being done] for quite some time. 

Secure Endpoint has become a real game-changer in that field because it's a cloud-based approach, and we are already talking about getting signatures, not only for our organization, [but for] attacks [that have] happened to other organizations. We also get that information and we get protected already, without even having to intervene in the process. That really helps in many ways.

Previously, we were using Sophos antivirus and we replaced it with Cisco Secure Endpoint, which was previously called AMP at the time.

I believe we first we did it through our management console, our deployment software that we use to deploy it, for the first stage, to reach our different computers. And once that was done, we are managing the updates to the respective software through the cloud.

The deployment was easy. But the only reason it was easy was because we already had a deployment solution ready for it. If a new company wants to get this product, and they don't have any management solution they can use to deploy this software, that can be a challenge. 

A recommendation [for Cisco would be], if they can come up with some deployment process—I understand that's not the priority of the tool itself—but if that can be done, that will be good. 

But if a company already has a deployment solution that can be used to deploy the software across other computers, then the transition is pretty easy.

Honestly, [the deployment] is a one-man show. That is also a really good point about it because it can be done by one person all the way. It does not take too many people for you to get the ball rolling, which is a great part. And that really helps us because one person can handle the whole process.

I'm a senior network engineer with a security background, so I do know what I needed. But a senior help desk engineer can also get this thing done. You don't have to be a senior network engineer or [have] any higher degree in software to understand the product. That is really good about it. Any new person who is just trying to get into the field can learn about it and get going with this process pretty quickly. It's pretty user-intuitive.

Because we do see the value of what it's bringing, I think they have priced it well. I understand we have to go through a different licensing process to get this solution, but at the end of the day, the headaches [associated with that], if you were to put it into some kind of a number, it's priced completely reasonably and well as a product. You cannot contemplate the amount of time it takes, sometimes, to fix a problem, and that's already too late. I feel the value of the software is reasonable for what it does.

We looked into McAfee back in the day, and Windows Defender, and all different [kinds of] antivirus software, but we end up landing on AMP because of that connectivity with the cloud and instant connection to other resources. That really helped as the driving force to select this as our tool.