Cisco Secure Endpoint Reviews

We rely on it for antivirus. There are probably three levels, and we have the bottom tier, the most basic one.

It is on Cisco's cloud. We have the client installed on all workstations, but we don't have a server.

It just gives me more insights into what threats are out there on the machines, so I can be more proactive.

Actionable alerts in the security console are helpful. With the security console, I immediately get to know about an issue. So, it has sped things up. It also gives you a way to research and see if an issue is spreading, so it has assisted quite a bit.

It definitely gives a starting point for investigating and mitigating threats. It has research tools, and we can run queries. I have used its Orbital Advanced Search feature. I have run quite a few queries to determine what is out on the network or on the devices that could be a threat. It could be something that is misconfigured or something that we don't want to have running. It is able to quickly run these queries.

I usually use the Orbital Advanced Search feature for groups. I use it to look for commonality for a threat thread, and it provides good visibility. I've never used it for just one endpoint.

Orbital Advanced Search helps in reducing the attack surface and investigating real-time data on endpoints. I've only used it a handful of times, and I was mostly looking for whether or not an update has been applied.

Orbital Advanced Search definitely saves time. I assume money goes right along with time. I don't have to go from desktop to desktop. I have 50 desktops, and if I'm looking for something in particular, it would take at least 15 to 20 minutes per desktop.

We use Cisco Umbrella. The integration when you use the SecureX console is really good to go from one to the other. I have pulled the endpoint and Cisco Umbrella into SecureX, so I just have one console. It was easy to integrate. They provided really good instructions. This integration just made things more convenient.

It simplifies endpoint protection, detection, and response workflows, especially for threat hunting. The way it is set up, with the console, I would get to know quickly that we have an issue. It increases operational efficiency because I don't have to go from desktop to desktop. I'm also proactive instead of reactive.

It has minimized security risks to our business. I've had several desktops where they have triggered an alert, and all I had to do was to go and clean that machine out before the problem spread. 

It allows us to focus on the incident instead of investigating the group, so we are more efficient. It has decreased our time to remediate because we're focusing on the machines we need to.

It has decreased our time to detect. I can't quantify the time, but in some of the older antiviruses, the user would say, "Okay, I've got a pop-up, and it has flagged this or that," and then you'd have to go look for it. With this, I know ahead of time, or I know when it happens. 

We use it as an antivirus. The audit logs are valuable. 

It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.

It is quite comprehensive in terms of endpoint protection. I haven't found anything where it was lacking in terms of the protection of our Windows machines.

While I've attended a lot of their training webinars, they were mostly high-level. They just say that these are the feature, and this is how you access them, but I would like to see more scenario-based information. They should provide us examples of how to resolve something when we see something happening. They should give us an example of the flow on how to resolve it.

In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through.

I have been using this solution for about a year. My company had it for about a year and a half before I joined.

II haven't had any issues with it except for a connector issue. They quickly put out a new one and got rid of the problem. So, it seems to be really stable, and they seem to be reactive when there is a problem.

It is good in terms of keeping the machines updated. It is easy to get it installed on the desktop and keep it updated. We have a little over 100 users. They are administrators, project managers, field supervisors, engineers, and sales and support staff, so we have quite a mix.

We have deployed it on all desktops and laptops currently. I am going to start looking at adding it to mobile devices. Currently, we only have Windows machines covered. We are working on getting it set up on the Mac mobile devices. So, eventually, we will have a lot more depth than we have now.

I never had to reach out to them. So far, I have been able to find the documentation that I needed.

I've only been with the company for a year. They had it when I got there, and we haven't changed anything since then.

I've used McAfee and Norton, and it does much better than them.

I wasn't involved in the initial setup. They did that before I joined the company.

Its maintenance is done by me. I'm the only IT person. It is not a large company, so it isn't a bad thing.

It is kind of hard to say what would have happened if you didn't have it. We've got a very stable environment, and it seems to be doing its job. So, I assume we're getting a return on investment.

The pricing was negotiated before I started, so I don't really know.

I would advise others to take a real hard look at it because it is a good solution for companies of our size. I like the fact that it is managed in the cloud. I don't have to maintain a server presence. It is easy to use. It was a bit of a learning curve to start with because I was completely unfamiliar with it. I just dug in there and figured it out. Its documentation is fairly good.

If you go through SecureX, everything is right there in terms of user access and device protection. This integration is nice, but so far, it hasn't really saved me any time. It may in the future.

I believe it makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform, but I never had to do that.

I would rate Cisco Secure Endpoint an eight out of 10.

The solution is easy to deploy and applies multi-factor authentication. 

The solution can be cheaper. 

I have been using Cisco Secure Endpoint for six years. 

The initial setup is straightforward.

It is an expensive solution. 

I rate the overall solution a nine out of ten. 

We use it to deliver the best endpoint protection and control for our clients. We offer them MSSP services for their products, so they are assured that their product is fully visible and protected.

It offers advanced threat protection by using machine learning to prevent any possible cyber threat, including malware and ransomware. We get complete real-time visibility and control over the system, so it is easy to track any possible data breaches. You can see on the report what kind of tactic was used and at what time. It provides a comprehensive security posture for our company.

It provides real-time visibility and control over endpoints, allowing its users to promptly respond to any security incidents and remediate any vulnerabilities.

Due to the complexity of the technology that is used and its advanced threat detection capabilities, it is possible to encounter many delays in operation. It can impact the business itself, so I would suggest an improvement in that area.

I have used this product for seven months. 

I am highly satisfied with the stability. I would rate it nine out of ten.

It offers good scalability. I would rate it eight out of ten.

They provide good customer service and support. I would rate it eight out of ten. 

Positive

The deployment process is seamless and fast. After the suitable option is selected and downloaded, it only takes a few steps to complete it and deploy it. The efficiency and promptness of the process greatly depend on the performance of the computer. 

It is quite cost-effective. I would rate it ten out of ten.

It is a very good product overall, it provides multi-layered protection, but its promptness is challenged, so that is something that should be worked on. I would rate it eight out of ten.

Our primary use case is general antivirus protection.

This product was deployed to a number of Windows machines, and we also have a VMware environment.

The product gives greater visibility of malware being downloaded by my clientele. In a more general fashion, Cisco Secure Endpoint has helped to prioritize threats. It has allowed us to make more effective use of our security team members.

Another advantage is that it has improved the effectiveness of our security options. We now have better response times when dealing with outbreaks.

We have decreased our time to detection, although it is difficult to say by how much because we weren't detecting all of the malware in the past.

It is reasonably easy to remediate issues using Cisco Secure Endpoint. In part, this is because I don't have to visit the physical machines to remediate them. As such, the time it takes for remediation has been decreased. 

This solution accelerates threat hunting by automatically promoting endpoint incidents to the Cisco SecureX platform, which is something that is fairly important to us.

Our systems are monitored by this product, and if threats are detected then the systems are shut down before problems arise. This is something that is fairly important to our organization.

This product has issues with the number of false positives that it reports. Especially when updates are released for Chrome, many detections report a virus when it really wasn't.

Another problem that I notice is that Outlook 2016 creates cache files of attachments, and when this product detects them as malware, it can't delete them. I assume this is because Outlook still has the file open. This means that I get notices about the issue but I can't do anything about it until later, after Outlook has closed them. This may not be Cisco's fault as much as it is Microsoft's fault.

I have been working with Cisco Secure Endpoint for less than a year.

In my experience, this product is very stable.

This is a fairly scalable solution.

We deployed it to all of our Windows devices. A team consisting of fewer than 10 people receives alerts from the product when there is an issue. The team will follow up on the incidents and any remediation.

At this point, we have no plans to increase our usage.

I have not needed to use Cisco technical support for this product. I am usually happy with their support, so I'm assuming that for this product it will be roughly the same.

Prior to using this product, I did not have other agents in place to handle the same job. We had implemented Microsoft Defender for Endpoint but that doesn't really have any reporting tools.

We switched away from Defender because we needed better visibility. There really wasn't any.

The initial setup was fairly straightforward. It might have been complex for somebody that hasn't been doing this type of thing for as long as I have. For example, not a lot of people understand deploying things via group policies. In my case, however, I have a lot of experience and it wasn't complicated.

The deployment was done in-house, by me. I did not use any external help for the implementation.

We purchased the product through a reseller, CDW, and our experience with them was straightforward. There were fairly easy to deal with.

It does not require regular maintenance or monitoring. I receive alerts when they happen but I don't actively monitor it. When an alert happens, an email is sent to a small team of fewer than 10 people.

The pricing and licensing fees are okay. As a school, we do not have quite as much funding as a private business might. I wish that there were more of a discount available for educational uses.

Before choosing Cisco Secure Endpoint, we didn't thoroughly investigate or evaluate other options. We are a Cisco shop and we generally lean toward using Cisco products.

My advice for anybody who is considering this solution is that all of their security products should come from the same vendor. This way, your dashboard can be set up to monitor all of them. In my case, because we're a Cisco shop, this product makes sense for us.

The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected.

I would rate this solution an eight out of ten.

Cisco Secure Endpoint has improved our speed of response and the level of confidence we have that we are in good shape or are not in good shape.

Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts.

I've been using Cisco Secure Endpoint for three years.

It's very stable.

We haven't had any issues at all with the scalability. We're a global enterprise with between 1,500 and 1,700 users and we use it on servers, Macs, and PCs.

The technical support is good.

We've already got SHI and Cisco reps on top of us, and that's a lot of the reason why everything is so good.

Positive

We were looking to replace Microsoft Defender, which really just wasn't cutting it. Before Defender, we used Kaspersky. We needed to go to an EDR solution and we were already a Cisco-centric company, so it made sense to go into a unified environment.

It was straightforward. We just rolled out the agent to all the endpoints. It took just a couple of people, one security person and one person for the tool that pushed it out to Windows devices.

If I didn't have someone else taking care of the licensing, I would say that the licensing needs to be improved. All the product features we need are there. It's just a matter of the complexity and the different offerings and trying to figure things out.

There are a lot of pieces that roll into the pricing issue. For Cisco Secure Endpoint, with our Cisco EA, the pricing seems reasonable compared to the others. But when we get to solutions like Duo and we think that with our Microsoft agreement their MFA is "free," it's not exactly free. But without our EA, Duo would cost so much more. It feels a little bit like nickel and dime sometimes, but I get it.

We looked at CrowdStrike and Carbon Black. All the solutions had great value, but we went with Cisco because we were with Cisco for networking quite a bit. Also, our overall direction was to look at SASE, and with some of the other things, they all just started coming together. It made a lot of sense to stay in one environment for functionality.

Traditionally you'll see the industry reviews talk about Cisco Secure Endpoint as typically in Cisco environments, but I'd tell the CrowdStrike users and other folks to take a look. It's an interesting solution and it provides a lot of value.

Cyber security resilience has been extremely important for our organization. Cisco Secure Endpoint has stopped a few things. I don't know whether other avenues of defense in depth would have caught them or not, but the resilience of depth and the ability to keep moving, even after an event, keep the rest of our business productive.

The Cisco environment has been perfect. When there is an event in the news that I know my leaders are going to be reading about, in 10 minutes I can check my environment to see if I have any indicators of compromise, and I'm done.

Cisco Secure Endpoint, often paired with Firepower and Cisco Umbrella, is primarily used for perimeter security and DNS protection.

The tool's most valuable feature is its integration with other Cisco products, such as switches and routers. This integration allows comprehensive coverage of security parameters across the customer's entire network. Customers find it easier to manage because they already know Cisco products. The cloud-based management is another valuable feature, enabling customers to manage their security from anywhere with an internet connection.

Cisco Meraki could benefit from AI assistance or intelligent assistance features. Compared to competitors like Juniper, Cisco Meraki currently lacks a digital network assistant, which is an area Cisco is reportedly working on.

I have been working with the product for three years. 

The solution is very stable. I don't hear complaints from customers about it not working right.

I rate the solution's scalability a nine out of ten. 

Palo Alto has a portfolio similar to that of Cisco. 

Setting up Cisco Secure Endpoint is complex, primarily because it needs to be tailored to each customer's specific needs and network configuration. Factors like whether the customer has a segmented network or uses VLANs affect how the solution is implemented.

While it's straightforward for a customer with ten branches, it becomes more complicated with 30-50  branches - not due to technical issues, but because of logistical challenges. 

One or two people are enough for deployment for complex cases with 20-30 branches. They're network or security specialists with Cisco certifications like CCNP or CCNA. The number depends on how complex the project is, but most times, it's pretty easy to deploy. We also typically need one or two people for maintenance, depending on how many branches there are and how complex the project is. If there are more than 50 branches, it can be complex to manage. Our solution architects often have CCNP certification, which helps manage the customer's network across branches.

The solution's price is about the same as that of Palo Alto solutions.

I recommend Cisco Secure Endpoint to others. It has been around for a long time and knows its stuff. Their Talos intelligence tool allows customers to see and secure their networks. I rate the product a nine out of ten. 

Being the primary AV/IDS within the enterprise, we have the solution deployed across multiple platforms including workstations, servers and Operating Systems.

The solutions conveniently integrates with other existing on-prem and cloud application will relatively minimum to stand up, using APIs and security best practices.

Most out-of-the-box features are either being utilized or pipelined to be deployed going forward, including MAP, ETHOS, SPERO, Exploit Prevention, SecureX, and Tetra which serves as an offline definition repository for workstation who are unable to pull definition updates using the default Cisco AMP cloud route.

It has been effective as the primary AV tool.

The visibility, dashboard and the navigations gives pretty decent insights into threats, IOCs and endpoint events to help with proactive monitoring. Deployment and connector upgrades are straightforward with available technical documentation for most scenarios.

AMP simplifies endpoint protection, detection, and response workflows, like security investigation, threat hunting, and incident response. By using the solution, we've been able to divert attention towards of the tasks, saving us significant time and effort. It has also served as a one stop shop for endpoint anomaly detection and proactive protection, thwarting the need to gathering inputs from various applications and having to compile that data into one relevant result. It has obviously minimized security risks to the entire business, most importantly, endpoints, servers and other crown-jewel assets. 

Recently, we have engaged the vendor regarding optimization, bug detections and extended features. Identity persistence, a feature request that was recently granted for instance gives virtual and physical devices deployed using gold image the ability specify an Identity Synchronization option. This persistence feature can apply by MAC address across business, by MAC address across policy or by host name across business.  

Speaking of scalability, integrating with other Cisco products, secure email, network, SIEM, API, open source and a number of selected proprietary applications have been encouraging.

Of all valuable features, these are worth mentioning:

- CI/CD pipelining and feature prioritization by actioning on user requests/ identified bugs, releasing connector upgrades, and deploying console upgrades for better usability

- Subscription functionality where console administrators able to Subscribe to receive immediate alerts(digest) on specific or group of monitored workstations

- Identity and access management capability within the console that allow administrators the ability to drill down user visibility on a Role based access control, limiting access to policies, groups, exclusions, and other controls

In terms of operating system compatibility, the coverage is almost in its entirety. Integration and deployment to Windows workstations, Windows servers, Mac, Linux and mobile is seamless

Being a unified AV engine, AMP conveniently delivers both Intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) capabilities with a specialty in cloud-delivered protection, next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR)

Like any other security tool, there's always rooms for improvement. Some of the ways the product can be improved are:

- Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario

- Since customers do not have the ability to allow or decline console updates, there have been a number of instances where the console GUI appear buggy and functionalities do not work correctly after an upgrade. This can be improved by informing customers prior to the upgrades.

Other additional features that should be improved in next releases include:

- The dashboard is great for quick visibility prior to deeper dive, however, making the dashboard more customization will improve interaction, grant the ability to filter out irrelevant outputs and encourage personalized drill-downs based on daily requirements

- Integration with enterprise monitoring applications and ticketing systems that differentiates noise, forwards events, generates tickets and have them automatically assigned to application owning group.

I have been using Cisco AMP for Endpoints for about three years, this is inclusive of my prior assignments before being the SME for the application within the firm.

Stability is below average. There have been several issues with frequency of release, feature release and wait time for overhanging time-bombs. 

From a customer stand-point, these released are aimed at fixing known bugs from last release and introducing new features either in beta or live versions. However, this means that an enterprise  running 50K+ endpoints need to go through the rigors of setting up test/dev/qa/pilot then production for iteration, so as to limit the blast radius. 

This can be tasking if as the frequency increases.

Long story short, Cisco AMP is scalable. Having used the product as a 'demanding' customer, I can attest to the availability of proper technical documentation and seamless integration with existing application, infrastructure and appliances 

- Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario. Also escalations can be more flexible, for instance, certain case priorities (P2, P1) require phoning in, which can be fuel to an already burning bush. 

Neutral

From my understanding, initial setup was tasking with various gray areas. For a new customer trying to set up AMP, there is room for improvement. 

The initial deployment happened prior to me joining the organization, based on my interactions with the application deployment team, the effort took months.

Customers can get better during product's initial setup if vendor provides documentation that suggest important objectives like naming convention, default config and collection of product's best practices

In-house

AMP is worth the money. In recent years, we have spent less time/money and require lesser  human resources for task completion. On the higher level, this has saved the firm the need to hire more security engineers to manage the application, reducing overhead cost.

A discrepancy with  the number of assets per license should be reviewed to apply based on preference or number of endpoints versus ranges.

Compared to other competitors, there's a significant price difference, although different applications tend to focus more on different cybersecurity functionality

It's been really interesting working with the application, going from 5.X.X connector versions up until 7.X.X. As previously highlighted, there are numerous ways to improve the products. Working with the engineers in previous cases, there is the zeal to improve and an attitude that embraces change

We use this solution to protect our IT environment. We use it to secure our user endpoints.

It gives awareness of our users' security posture.

The console feature gives a centralized management of what's going on, and if something happens, it gives you an alert. That's the most important feature for me.

Compared to other products, Cisco Secure Endpoint has some limitations and issues, it is still catching up with competition. For example, protection for USB is fairly recent and it is still limited to Windows platforms, and there are significant differences in the product packaging and distribution for Windows and MacOS platforms.

Another area of improvement is stability.

I have been using Cisco Secure Endpoint for two years.

We had a couple of deferred releases this year.

I rate the solution’s stability a seven out of ten.

Our deployment is very small. We only have a few dozen endpoints. So I can't really say if it scales well to a large number of endpoints. However, it seems like it could scale well so, the solution could be easy to scale up as needed.

The customer support team solves the problems, but it takes a while to contact them. 

Neutral

The initial setup is straightforward.

Overall, I rate the solution an eight out of ten.