We changed our name from IT Central Station: Here's why
Korede Olatunji
Application Manager at Huntington Bancshares Incorporated
Real User
Top 5
Strong IDS solution, easy deployment, coverage across multiple platforms with at-a-glance dashboard and many more...
Pros and Cons
  • "Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
  • "We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."

What is our primary use case?

Being the primary AV/IDS within the enterprise, we have the solution deployed across multiple platforms including workstations, servers and Operating Systems.

The solutions conveniently integrates with other existing on-prem and cloud application will relatively minimum to stand up, using APIs and security best practices.

Most out-of-the-box features are either being utilized or pipelined to be deployed going forward, including MAP, ETHOS, SPERO, Exploit Prevention, SecureX, and Tetra which serves as an offline definition repository for workstation who are unable to pull definition updates using the default Cisco AMP cloud route.

How has it helped my organization?

It has been effective as the primary AV tool.

The visibility, dashboard and the navigations gives pretty decent insights into threats, IOCs and endpoint events to help with proactive monitoring. Deployment and connector upgrades are straightforward with available technical documentation for most scenarios.

AMP simplifies endpoint protection, detection, and response workflows, like security investigation, threat hunting, and incident response. By using the solution, we've been able to divert attention towards of the tasks, saving us significant time and effort. It has also served as a one stop shop for endpoint anomaly detection and proactive protection, thwarting the need to gathering inputs from various applications and having to compile that data into one relevant result. It has obviously minimized security risks to the entire business, most importantly, endpoints, servers and other crown-jewel assets. 

What is most valuable?

Recently, we have engaged the vendor regarding optimization, bug detections and extended features. Identity persistence, a feature request that was recently granted for instance gives virtual and physical devices deployed using gold image the ability specify an Identity Synchronization option. This persistence feature can apply by MAC address across business, by MAC address across policy or by host name across business.  

Speaking of scalability, integrating with other Cisco products, secure email, network, SIEM, API, open source and a number of selected proprietary applications have been encouraging.

Of all valuable features, these are worth mentioning:

- CI/CD pipelining and feature prioritization by actioning on user requests/ identified bugs, releasing connector upgrades, and deploying console upgrades for better usability

- Subscription functionality where console administrators able to Subscribe to receive immediate alerts(digest) on specific or group of monitored workstations

- Identity and access management capability within the console that allow administrators the ability to drill down user visibility on a Role based access control, limiting access to policies, groups, exclusions, and other controls

In terms of operating system compatibility, the coverage is almost in its entirety. Integration and deployment to Windows workstations, Windows servers, Mac, Linux and mobile is seamless

Being a unified AV engine, AMP conveniently delivers both Intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) capabilities with a specialty in cloud-delivered protection, next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR)

What needs improvement?

Like any other security tool, there's always rooms for improvement. Some of the ways the product can be improved are:

- Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario

- Since customers do not have the ability to allow or decline console updates, there have been a number of instances where the console GUI appear buggy and functionalities do not work correctly after an upgrade. This can be improved by informing customers prior to the upgrades.

Other additional features that should be improved in next releases include:

- The dashboard is great for quick visibility prior to deeper dive, however, making the dashboard more customization will improve interaction, grant the ability to filter out irrelevant outputs and encourage personalized drill-downs based on daily requirements

- Integration with enterprise monitoring applications and ticketing systems that differentiates noise, forwards events, generates tickets and have them automatically assigned to application owning group.


For how long have I used the solution?

I have been using Cisco AMP for Endpoints for about three years, this is inclusive of my prior assignments before being the SME for the application within the firm.

What do I think about the stability of the solution?

Stability is below average. There have been several issues with frequency of release, feature release and wait time for overhanging time-bombs. 

From a customer stand-point, these released are aimed at fixing known bugs from last release and introducing new features either in beta or live versions. However, this means that an enterprise  running 50K+ endpoints need to go through the rigors of setting up test/dev/qa/pilot then production for iteration, so as to limit the blast radius. 

This can be tasking if as the frequency increases.

What do I think about the scalability of the solution?

Long story short, Cisco AMP is scalable. Having used the product as a 'demanding' customer, I can attest to the availability of proper technical documentation and seamless integration with existing application, infrastructure and appliances 

How are customer service and technical support?

- Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario. Also escalations can be more flexible, for instance, certain case priorities (P2, P1) require phoning in, which can be fuel to an already burning bush. 

How was the initial setup?

From my understanding, initial setup was tasking with various gray areas. For a new customer trying to set up AMP, there is room for improvement. 

The initial deployment happened prior to me joining the organization, based on my interactions with the application deployment team, the effort took months.

Customers can get better during product's initial setup if vendor provides documentation that suggest important objectives like naming convention, default config and collection of product's best practices

What about the implementation team?

In-house

What was our ROI?

AMP is worth the money. In recent years, we have spent less time/money and require lesser  human resources for task completion. On the higher level, this has saved the firm the need to hire more security engineers to manage the application, reducing overhead cost.

A discrepancy with  the number of assets per license should be reviewed to apply based on preference or number of endpoints versus ranges.

Compared to other competitors, there's a significant price difference, although different applications tend to focus more on different cybersecurity functionality

What other advice do I have?

It's been really interesting working with the application, going from 5.X.X connector versions up until 7.X.X. As previously highlighted, there are numerous ways to improve the products. Working with the engineers in previous cases, there is the zeal to improve and an attitude that embraces change

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SunnyNair
System Architect at COMPASS IT Solutions & Services Pvt.Ltd.
Real User
Top 5
Excellent scalability with good integration capabilities and easy to deploy in Cisco ecosystems
Pros and Cons
  • "The solution's integration capabilities are excellent. It's one of the best features."
  • "I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."

What is our primary use case?

The primary use case is for endpoint protection. For the larger deployments, we use it for our policy enforcement as well. We use AMP on the endpoints for writing automated policies in order to protect the user when they join the network, for example. 

What is most valuable?

The solution's integration capabilities are excellent. It's one of the best features.

Most of my ecosystems are Cisco-based, so AMP is an easy deployment for me and an easy sale as well. There is a lot of technical documentation which is readily available. There's a lot of Cisco-based education which is really helpful in terms of various unique situations that we run into.

What needs improvement?

I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products. 

AMP works very well within the Cisco ecosystem. If it could work along with the third party ecosystem as well, if that integration or even more APIs came into play, I think we could utilize this product a little bit better.

One thing which I would like to see in terms of a major improvement would be AMP supporting the IoT infrastructure, which has been coming up in networks recently. It should also support more factory managed devices, like systems running Linux. Better support is what I'm looking for.

The common endpoints are already covered and we work very well with them. That would be the case if support is extended to new devices as well. I think that would bring real value to the table.

AMP has recently released email security and web security. If there was something like a common dashboard, similar to that of CrowdStrike, it would be useful.

AMP needs to come up with a common dashboard for all of the solutions. That single pane of information would allow us to view everything. 

Instead of installing a plugin, what we need AMP to do is run installs in the background. Then the user doesn't know that AMP is running on the system. That would be a fantastic use case or the recommendation which I would like to make, in they're looking for products and features to develop. Something like that would allow me to have a high-end deployment in place for AMP which would be ideal.

For how long have I used the solution?

I've been using the solution for two or three years now. I have been using AMP since it was acquired as an independent company. That means I have almost five years of experience in AMP and AMP-based products.

What do I think about the scalability of the solution?

Scalability wise, AMP is a sure shot recommendation. I would recommend it for an endpoint protection solution compared to any other product out there in the market. It's number one.

I work with small and medium-sized organizations as primary clients which I have targeted AMP on. The small users or the smaller segment within our clients are from 10 users to 500 users. And when I'm talking about medium deployment, I'm referring to users ranging from 500 to 5000 users.

How are customer service and technical support?

The technical support has always been fantastic.

It has never been a disappointing experience to be very frank. Cisco TAC has been very helpful. I worked in the presales team as well, so there is Partner Plus which has always been favored in terms of providing us with solution-based documents as well as presentations to take to our customers.

In a couple of ways, I think we are doing a very good job in terms of the resources which are being provided as well as the support that has been designed around this product.

How was the initial setup?

The initial setup is very straightforward.

What other advice do I have?

I normally work with Cisco systems, as well as most of the routing and switching companies out there, like Juniper, among others.

We're partners with Cisco. I handle consultation with all Cisco products, which includes all of the safe architecture, security logging, and switching. I'm basically working with the system architecture within Compass. I am a unified, tech grade umbrella for the entire product portfolio.

I'd advise, if users are running a Cisco environment, to definitely adopt AMP as an endpoint-based solution, which makes it a lot easier for them to manage your devices.

I'd also advise that AMP works very well if someone is running a non-Cisco set up (and they're looking at an endpoint solution that works independently). However, there's a little bit of complexity in terms of getting the actual business use case, because there's less documentation surrounding that kind of setup.

In terms of rating the solution overall, I'd rate it an eight out of ten. It has covered most of the feature sets we need. The reason I'm not giving it a full ten out of ten is because there is still room to improve the scope of integration. It doesn't support many of the IoT endpoints as well as the other components on the network, which are not yet compatible but under development. Once that happens, I'd probably give it a proper ten out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
565,689 professionals have used our research since 2012.
Marian Melniciuc
Senior IT System Administrator at ScanPlus GmbH
Real User
Top 5
Great secure threat hunting and threat response with continuous product improvements happening
Pros and Cons
  • "The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
  • "We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."

What is our primary use case?

AMP 4 Endpoints protect our workstation (ca 300), our VDI environment (ca 250), and our servers (ca 50).

The old product was from Trend Micro and was just a simple antivirus solution. It was ok, but it was just an antivirus. We needed something more than just an antivirus that is used by every end-user. We were looking for a tool can we trust, and something that can schedule some things, implement scripts, analyze malware, perform advanced scans, etc. Our company, as an ISP for many customers, has to be protected from vulnerabilities.

How has it helped my organization?

First of all, we performed a PoV (Proof of Value) together with our Cisco partners, and we tested about a few months the efficacy and complexity of this product.

After the evaluation of the cost and security that AMP 4 Endpoints could offer, we decided to replace the old solution with AMP 4 Endpoints. The implementation was performed, with support from Cisco partners, in a few hours. In the following days, AMP 4 Endpoints found many things that the old antivirus solution missed. That was a very huge advantage for us.

What is most valuable?

Since we booked the Premier License, the most valuable features, in my opinion, are

  • Secure Threat Hunting to have a specialized team to support in analyzing complex attacks. That could help us to learn about new technics
  • Threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files. Nobody wants to run a dangerous file in his network, for that Threat Grid is important for us.
  • Threat Response that offers the possibility of help on logs, IPs, domains, etc. to perform investigations into our and global infrastructure. Sometimes we want to see if a malicious file was run in our network, for that Threat Response take this job to search and save us alot of time.

What needs improvement?

Actually, we don't need others features or improvements of this product. It is a complex product and offers us exactly what we need - security and trust.

We chose Cisco because we wanted security and trust. That is what we needed from Cisco, and what our customers expected from us.

We are using many Cisco products, and, with every new product, every new feature, the trust in Cisco security is growing.

We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way.

For how long have I used the solution?

We have been using the AMP 4 Endpoints in the Test Environment since November 2020 and implemented them in the production environment since March 2021.

Which solution did I use previously and why did I switch?

We used Trend Micro and when we tested AMP 4 Endpoints we saw its value immediately.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to book the premier license and to have access to all the features that AMp 4 Endpoints has on offer.

Which other solutions did I evaluate?

There was no other option; we wanted the Cisco solution immediately.

What other advice do I have?

Everything is working fine.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MD.SIHAB TALUKDAR
System Engineer at a non-profit with 10,001+ employees
Real User
Top 5Leaderboard
A stable component of our network infrastructure security
Pros and Cons
  • "The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
  • "I would like to see integration with Cisco Analytics."

What is our primary use case?

We are system integrators and we use this product for DNS security, which is integrated with the DNS service.

How has it helped my organization?

Cisco AMP is the broadest, most integrated security platform that connects the breadth of Cisco's integrated security portfolio and the customer's infrastructure for a consistent experience. It unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications--all without replacing your current security infrastructure or layering on new technology.

What is most valuable?

The entirety of our network infrastructure is Cisco and the most valuable feature is the integration.

What needs improvement?

I would like to see integration with Cisco Analytics.

For how long have I used the solution?

We have been using the total Cisco solutions including AMP for Endpoints, Umbrella, and Firepower for three years.

What do I think about the stability of the solution?

This is a stable product.

What do I think about the scalability of the solution?

This solution is scalable.

How are customer service and technical support?

I have contacted them in the past to raise a case and they were able to resolve it.

Which solution did I use previously and why did I switch?

We use the traditional antivirus, its don't able to protects real time protection don't have firewall integration.

How was the initial setup?

The initial setup involves integration with other products such as Talos. The deployment took us about one day.

Which other solutions did I evaluate?

Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world.These teams are supported by unrivaled telemetry and sophisticated systems to create accurate, rapid and actionable threat intelligence for Cisco customers, products and services.

What other advice do I have?

I began with implementing Cisco AMP for Endpoints and then integrated Umbrella and the other products after that.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Pardeep Sharma
Network security engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
Secure, feature-rich reliable protection, and offers the best technical support
Pros and Cons
  • "The most valuable feature is signature-based malware detection."
  • "The GUI needs improvement, it's not good."

What is our primary use case?

We use this solution for the malware features, to protect our network and our endpoint users. We deployed this solution for security.

What is most valuable?

The most valuable feature is signature-based malware detection. They are updating the signatures for malware from time to time.

With every protection malware, there are issues, because it takes time to detect the malware, but Cisco is very fast in detection compared to other products.

The security is awesome and they have very good features.

What needs improvement?

The GUI needs improvement, it's not good.

There are false positives in emails. At times, the emails are blocked and detected as malware when they are not.

They should work on some of the signatures because of the emails that have been blocked and detected as malware that can never be opened.

For how long have I used the solution?

I have been using Cisco AMP for Endpoints within the last year.

What do I think about the stability of the solution?

Cisco AMP for Endpoints is very reliable.

What do I think about the scalability of the solution?

I am not familiar with scalability. I have never tried to scale it.

We have more than 400 users in our organization.

We have plans to increase our usage.

How are customer service and technical support?

Cisco has the best technical support and marketing.

How was the initial setup?

The initial setup was very complex.

It will take a month to complete the deployment if you want to complete the parameters.

What's my experience with pricing, setup cost, and licensing?

Licensing fees are on a yearly basis and I am happy with the pricing.

What other advice do I have?

If you are looking for deep security and malware for your endpoint users and network then I would recommend Cisco AMP.

I would rate Cisco AMP for Endpoints a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions.