Cisco Secure Endpoint Reviews

We were looking for a security product, which would not only block known viruses, but give more visibility and control over anti-malware. We offer Desktop as a Service (DAAS) for small and medium businesses, so we have hundreds of laptops, desktops, and virtual machines. Because users click on everything, you need to have a solution in place which will detect if something happens and log it, if there's anything malicious, then it will be blocked and reported.

The main reason for going with Cisco AMP is its integration with other Cisco solutions. It can integrate our firewalling, DNS protection, and email security appliance, so if there's a malicious file, and I see it on one of those devices. I can say, "Hey, I want to have this blocked," and it will immediately stop it being emailed in or out our environment. It also can no longer be downloaded from the Internet. Thus, with one click, we have multiple points protected.

AMP is a bit of a time machine for our environment. We can see any action being executed, connection being made, or file being written, whether it's malicious or not. Everything is been logged. I can basically go back in time and see, "This user opened this website," or, "This process created this file." If at any point in time, we do get something where, "There has been malicious activity there," we can completely follow it back:

• How did it get there? 
• Did it change other files? 
• Did it leave a scheduled task somewhere? 
• Did it connect to other machines? 
• Did it drop software on another place even before it was know to be malicious? 

All activity has been logged. If something turns out to be malicious, or if it's a user doing something they shouldn't be doing without using any malicious software but just using system tools, you can still see every command being run from the console.

The management console is cloud-based and the deployment goes to the endpoints, which are either in our data center or on the laptops and desktops that users have in their offices.

We worked a lot from home over the past few months. This was our only product that did not need to be changed in configuration when all the laptops did not come into the office for a few weeks. As long as there's an Internet connection, it will get the updates. Anything happening locally will upload to your cloud so you have full mobility on it. You have no need to update your console. You log in one day, and there's a note saying, "We added these new features. Click here for more." It has taken a lot of the hassle out so you don't have to worry about the connectivity or updates. You can just worry about stopping the malware you're investigating and incidents in your environments.

Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us.

With Cisco AMP, or any Cisco security products, you get Cisco Threat Response. Threat Response takes the intelligence from all your different solutions, then combines it with sources, like VirusTotal, and includes general information that Cisco has available on those threats. E.g., if I see a file somewhere, I can with one click go from my AMP console to Cisco Threat Response, and there it will be enriched, saying, "We have already seen this piece of software two months ago in Japan. This is what we thought of it. We did an automatic analysis on it. These are the indicators on this piece of software being either malicious or benign." With Threat Response, it is very easy to go from what's happening on my environment to what's happening in the world.

If there's spam coming from a machine, I can with one click determine, "Has there been any other intrusive events originating from this machine? Has it been sending me just spam or has it also been scanning me, making connections to other machines, or login attempts?" With Threat Response, we get the view from all sides, both inside and outside our network.

Orbital helps us with investigation, especially if there's been an incident on one machine, and I want to know, "Are there other machines in my environment with the same type of modifications." It's just a click away. I don't have to leave the Orbital or AMP to do the incident investigation. Thus, I don't have to pivot to another solution to check the event logs or files on the endpoints, and not having to leave the tool is very efficient. You have the same casebook in which you can keep notes of your investigation, then you can share the notes with your colleagues. 

The solution simplifies endpoint protection, detection, and response workflows, such as security investigation, threat hunting, and incident response. This positively affects our operational efficiency. We don't have to guess anymore if we have everything or need to use different tools. I can query the machines directly from Orbital. It's a complete tool set. You don't need anything else besides the tools you get with Cisco AMP. There are things now possible which we could not do before, and they're easier than before as well.

I find the the integration to be valuable. Cisco Email Security, Threat Response, and firewall are all completely integrated with this solution. It's very easy to connect your firewall or Email Security appliance with AMP to get visibility within Threat Response. On Cisco's end, we have had no trouble integrating. You go to the menu, and say, "I want to integrate this kind of device." Then, it basically shows you which buttons to click to integrate. It has been very easy.

The ability to create groups and policies precisely to your liking is also valuable. You can choose which engines you want to use for specific groups and what type of protection you want for what machines. It's not a single, one-size-fits-all. You can precisely match it to your requirements. E.g., if I have a file server and a laptop, then I want a different type of protection for those machines.

The console is really great. It's web-based. You can give everybody access. It has some great dashboards, which immediately show you what's going on in your environment, what's being blocked, and what needs to be investigated. It also makes collaboration very easy. If I start an investigation, I can open a virtual casebook that will be also stored on the console. I can invite other users to collaborate with me on the same investigation without having to send them notes or have another communication channel open to check things. E.g., I open the casebook and add interesting events to it, then other users are being updated immediately. They can also add to the same casebook, as it is very easy to collaborate from within the console on incident response.

Orbital is a good feature. It's based on SQL query. You can say, "I want to see failed login attempts," to see if there is anything out of the ordinary, then select a random or specific number of endpoints. It can run queries against the machine without you needing to make sessions. You can check if:

• There have been any alterations in the host files.
• Any new applications were installed.
• There have been any events taking place in the event log, without having to leave the AMP environment.

We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment.

At least a year.

The stability is very good. We have had no issues with the console. It has always been available. The connector also runs well.

I have to ensure that the connector is installed on every device, whether it be an iPhone, Android, Linux, or Windows. I don't have to worry about the console, the amount of data, or the back-end, as that is all being handled by the cloud. Therefore, I can scale as much as I want, as long as I have enough licenses.

We currently cover 500 endpoints with Cisco AMP and are looking to scale that up to 3000 this year.

Working on the console: We have seven users. 

Working on machines protected by AMP: We have about 5,000 users.

There have been a few incidents where we used their technical support, which has been very good. The highest level of certification is Cisco Certified Engineer, and these are the first people whom I talk to as I log an incident with Cisco AMP. They are certified at that level. Therefore, I'm talking to somebody who has intimate knowledge about the products. They react quickly and know what they're talking about. They say, "Can we schedule a remote session? I can work with you on the problem." Then, it's always been either the same day or the next day that they say, "I have a solution," or "I'm going to continue to work with you towards that solution."

We previously used Microsoft System Center Endpoint Protection. We switched away from it for two reasons:

1. System Center Endpoint Protection is a classic antivirus product, which will block no malware and only work on Windows. There is nothing advanced about it. It does not have login or the cloud console. It will only give you alerts if the machine is connected to the domain. It was a legacy product looking at the malware and the threat landscape. There was no ransomware protection. There was no sandboxing any threats if there was an unknown file. Now, it will be sent over to Cisco Threat Grids and go right on the VM, then there will be a verdict passed saying, "Good file, bad file, suspicious file." Previous solution didn't have that. 
2. Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection.

We had ransomware before we had Cisco AMP. Basically, the user calls you to say, "Hey, there are some files I cannot access well." You log into the machine and look at the processes, then you see there is a process encrypting all the files. You kill the process, get the files (which have been touched), and then start to restore. However, how can I be certain that the process which was started by the user did not leave a scheduled task saying, "In five hours, we have to start another thing," or did it upload any user data to a different machine? How can I know if was there was data loss involved in this incident?

With our previous solution, you had no way to be sure that you were not missing something, if there were not any files left, passwords/data stolen, connections made to different machines, booby traps or scheduled tasks left, etc. With Cisco AMP, if it manages to execute, I can say, "How did we get this file?" With one click, I can block it from being downloaded from the Internet and being emailed in/out of our environment. I can also see if there were any files created or connections being made. Then, I can be 100 percent sure if there was a data exfiltration, anything left behind, or if we missed anything. AMP is very thorough.

With our previous solution, if it was known malware, we would get an alert. If it was an unknown malware or ransomware, our users were our detectors. Then, it might take hours before they could say, "Hey, something's not working for me." Cisco AMP will get you that same alert within minutes of an incident occurring.

Before we had the Orbital tool and Threat Response, we were just feeling around in the dark if we were doing an investigation. We were never sure, "Did we get everything?" We did positively identify malicious malware, but, "Did we miss anything? Has anything else happened? Is this also happening on different machines?" There were these questions we were not able to get 100 percent satisfying answers on. With Cisco AMP, Threat Response, and Orbital, we are 100 percent certain that we got every trace of malicious software. We're also certain that no other machines have been compromised or will be compromised in the same way.

The initial setup is straightforward. Because the console is cloud-based, you get an email saying, "An account for you has been created. Click here to login." Then, there is the console. There are some basic groups there, and you say, "I want to have these settings." You download an installer, which already has the policy you defined included, and run it. It installs the connector on the endpoint, then the endpoint starts talking with your console. That's all you have to do. 

You log into a website, configure your settings, get an executable that you deploy to your endpoints, and that's it. Any policy or connector updates can trigger from the console, because if you can use a web browser, you can deploy Cisco AMP and update it.

I had the first machines deployed within an hour. After, we started a fine-tuning process, which includes policies, exclusions, and rights. Total deployment was probably two or three weeks before it was part of our default image, where every new machine was being imaged with a connector included.

Time to response is a lot faster. With every incident, at least six to 10 man-hours are saved because the damage has been reduced significantly. Additionally, if I have to work on file restore for six hours, for those six hours, my IT users cannot work on that application. This does not even take into account lost productivity of hundreds of users waiting to get access to the data again who also have to wait for six to 10 hours.

The visibility has increased a lot because all the heavy work is being done in the cloud. Therefore, we see a lower CPU and memory footprint on the endpoints. All the connectors on the endpoints send your information to the cloud where it is being analyzed, then it just gets the information back. There is not a lot of heavy stuff going on with the endpoint compared with the previous solution where you had a lot of work being done on the endpoint. Thus, you're taking away CPU cycles and memory from the applications you wanted to run there.

Our technicians are doing more meaningful tasks. They can just do their threat hunting and incident response without having to find tools that can do the things already built into AMP and Threat Response.

There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization.

Note: You can upgrade or increase the number licenses by just placing a new order.

We did do a product selection, but we did only the proof of value with Cisco AMP. We looked at Trend Micro and a VMware product on paper. However, looking at our integration possibilities, since we were already using Email Security and firewalling from Cisco, there was no other product that offered the same level of integration.

Read the manual. There is a lot of information in there. 

Cisco gives threat hunting workshops globally, which are free. They take about half a day and show you how to use this product for threat hunting. Because we're looking at protection and antivirus, we're looking at a reactive response if there is a nasty file to be blocked. With Cisco AMP, you get the possibility to proactively go hunting for threats and find them before they become a problem. With this workshop, it will really shows you the different tools with real life examples, how to effectively test, and make the most of your investment in Cisco.

The solution’s endpoint protection is very comprehensive in terms of the operating systems and devices it protects, e.g., servers, Windows and Linux, smart devices, tablets, or home PCs. As long as it has an Internet connection, I can deploy an endpoint connector. I can get all the input into Microsoft for that endpoint as well. We haven't had any operating systems or devices in which we could not get visibility with AMP.

Other solutions are just the basic, "There was something wrong." They will give you the location, but will not give you the context, from which user, nor show you how the file got onto the system. With Cisco AMP, I just open a dashboard and it will show me (without doing anything), "We had 60 malware incidents via Chrome. We had five malware incidents via Outlook. We had two malware incidents from USB sticks." Immediately, we have an overview of how we're doing today, also showing where the nasty things are coming from. I don't know if there is anything that I'm not seeing.

With Threat Response, there should be some new integrations announced later this month.

I would rate this solution as a 10 (out of 10). 

We're using it in a handful of ways. We initially bought it to provide endpoint protection against malware and the like on our laptops that were mobile and off our network the entire time. We eventually moved it onto all of our desktops, and we have now integrated with Umbrella, so we have a full protection suite for all of our clients across our enterprise. 

The most valuable thing about the solution is a feature that's not in the actual product set itself. It's peace of mind. We take a look at security holistically, multilayered. We start from the edge and perimeter and work all the way down to the client. I feel we've deployed best-of-breed in each of the slices of the security layer. For the endpoint, Cisco gives us good clarity about what our endpoints are actually doing. So when we get bad actors into the network, we get quick visibility into which devices are compromised.

We've really subscribed to the whole security stack from Cisco. AMP feeds into that whole Threat Grid for us. We're able to see hashes, and the like, all the way down to the client and we get that visibility because of AMP. As AMP reports back into the Threat Grid, we can see the hashes running on the actual endpoint, and whether they are malicious, and what those things have done. If malware has infected a certain laptop, we get all the forensic evidence around that laptop and, if it's jumped, where that bad stuff has jumped to and what it's done. All that visibility is possible because of AMP.

Even as a standalone product, you get peace of mind having AMP running on something. So if you open up an attachment and it's doing things that it's not supposed to, because your endpoint gets security updates it is protected. Whether it's connected to the network or not, whether it's connected to the internet or not, it is protected. It does its job very well.

The fact that the solution offers cloud-delivered endpoint protection simplifies our security operations. We don't have to worry about updates or signature updates. It takes care of itself in the background, so it frees my guys up to do more meaningful work.

The quality of alerts that actually percolate up for us to take action on are on point. There aren't a lot of false positives so my security team is able to spend its time more effectively. They're not on a wild goose chase. They're chasing actionable things to take care of.

In addition, the security stack that we have in place allows us to see a threat once and block it everywhere, across all endpoints and our entire security platform. If one piece of bad malware gets through, the entire network will self-heal. It makes us more efficient. Standardizing on one pane of glass is the dream that you're after. So even though Cisco doesn't have just one management console for its entire security suite, the pieces plug in properly. With help from Cisco and their security experts, having this deployed the right way lightens the load on my team. We become much more effective. I don't have a team of 15 security experts running around our network, facing down bad guys and preventing them from ever touching our core pieces of data or IP assets they would be after. AMP and the rest of the security stack from Cisco give me peace of mind that the network is taking care of itself and that the endpoints are protected. As long as we are not careless with the pieces that we control, we can rest reasonably well at night knowing that Cisco is doing the heavy lifting that keeps the bad guys at bay.

AMP has decreased our time to detection and to remediate, without a doubt. It's gone down by 100 percent. We're able to detect, real-time, bad or malicious software and mitigate it, not quite in real-time but pretty darn close. If you go back to when we first deployed it, there was no time measurement, so I'm comfortable saying it has sped things up considerably. Now, we're only chasing real threats.

It doesn't impact the devices. It is an agent-based solution, and we see no performance knock on cell phones. That was a big thing for us, especially in the mobile world. We don't see battery degradation like you do with other solutions which really drain the battery, as they're constantly doing things. That can shorten the useful life of a device. We're really happy about that. That's why we decided to go full-steam-ahead on that. And of course, on laptops and desktop, there's no performance hit whatsoever. We have Windows, Android, and iOS, and deployment of the agent is very easy, and is done with no user interaction.

The other thing that we really like, from the agent standpoint, is that our end-users are not capable of turning the tool off. That was very critical for us.

The integration of the Cisco Threat Response feature with products such as Cisco Email Security, Cisco FirePOWER, Stealthwatch, Talos, Threat Grid, Umbrella, and third-party solutions means it plugs right in. We use that entire stack, with the exception of email protection. Talos is out there as the guiding force, applying visibility from around the globe, and the insights that it gains, and then feeds back into all the security platforms. Threat Grid lets us see and track hashes with the forensics that we get. It is just out-of-bounds crazy what we're able to do in a very short period of time. That's all dependent on the stack working together. That's where Umbrella and AMP come into play, and having those agents out there running on endpoints and feeding it all the way back up the stack and giving us visibility into all our north-south traffic through the network. That is important.

We use FirePOWER on our firewalls to try to prevent bad guys from getting in. The thing we're really impressed with there is that even if questionable hashes that get through, we're able to say, "Oh, something bad got through," and we're able to track it back and remove it from the network after it's proven to be malicious. We see that on a constant basis. That's a very useful tool. The ability to extract that malicious software automatically is a cross-function of AMP, ISE, and FirePOWER. Using that entire stack, we're able to automate that entire process, with my guys not having to do anything. It just happens.

If it could physically go out and slap the end-user to keep him or her from doing the bad thing initially, that would be great.

But seriously, maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that.

We've been using Cisco AMP for Endpoints for well over five years. Aside from firewalls, it was our first security software product from Cisco that resides on the desktop. It goes on laptops, desktops, the whole shootin' match. Recently we started to deploy it on mobile devices and we're excited about that.

It's rock-solid. I don't think there's more to say there. It's just a rock-solid solution.

We have about 800 endpoints that we protect with it and that number is growing, because around the end of 2019 we started playing around with deploying AMP onto cell phones, both Android and iOS. We kicked that tire for a few months and during [COVID] quarantine, we finally figured out how to make it all successful. We've now started rolling that out and we have close to the same number of smartphones out there as other endpoints. We're rapidly deploying it out to all of our Apple and Samsung devices.

We're a baby user, even at 800 endpoints. We get great value out of 800 endpoints. I've talked to peers of mine who run much larger IT organizations who have it scaled out to tens of thousands of endpoints, with the same ease. It scales very well.

Their tech support, overall, is best-in-class. If you ever have a question, TAC gets the answer for you and helps you work through the solutions. 

One thing that we are working on is trying to integrate AMP with AnyConnect. We have our image or our "build." We install AMP, and then we install Umbrella, and then we install AnyConnect. Now Umbrella and AnyConnect have integrated together, and AMP is coming. We've been working with customer support to build all of it into AnyConnect in one deployment model. They've been fantastic to work with.

I don't think it's quite ready for release, yet. We're on the beta side of things. They asked us to kick the tires to get some feedback from a medium sized enterprise on ease and scale. They're trying to make it as simple as possible so that you can just punch in a little bit of configuration info and away it goes.

We've been an AMP customer for a very long time. We've always had antivirus on the desktops; that's what everybody needed to do. Then, I went to a security conference and Cisco was talking about AMP and about how ineffective antivirus really was and that you needed something more. This was when they were bringing AMP to market. I seized on it immediately and said, "That is well-priced, well-positioned, and exactly the gap that we need to fill."

It definitely helps us minimize security risks. We were probably aware of those risks, but may have just been limited in the tool sets available to us. AMP came to market when there weren't a lot of tool sets out there. Before AMP, we made our best efforts in educating and the like, in the hope that nobody would click on bad things. But then we were able to plug AMP into the environment and know that we had a piece of software so that if somebody did click on something bad, we had tools in place to prevent it from doing anything totally out of bounds, and business-shattering.

Malwarebytes was probably about the closest that we had to a solution that was comparable to AMP, but they are definitely not direct competitors. That was a tool that we used on a one-off basis if we thought a computer was infected with malware. Once we deployed AMP, we no longer had a need for that tool.

The initial setup was straightforward. I've been at Per Mar Security for over 20 years and there are a handful of solutions that just work the way they're supposed to, out-of-the-box. AMP's startup guide was on point. I'm the one that deployed it, and I still do some of the technical stuff, day in, day out. I was able to go through their Quick Start Guide and we were able to deploy it out to over 800 endpoints in a matter of two weeks, and that was mostly due to how we roll software out. We probably could have deployed it all in one day if we really wanted to. But we have 30 offices, so we just went office-by-office. It was easy-peasy.

We've seen ROI, absolutely, in more efficient use of my team's time.

The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost.

This is a mature product for Cisco. They've been in this space for a while. There are a lot of competitors out there and, since we deployed AMP, we've had some of the competitors to AMP take runs at us and say, "Hey, look at our little widget. We think we're better. We catch more things at a higher hit rate." Every once in a while we'll get bored we'll take a look at one of these tools. We'll say, "Hey, pretty cool tool." And then we see the pricing and, after they perform CPR on you and resuscitate you and you get back to living, you're like, "Holy cow, that is way overpriced compared to what I'm paying for AMP." AMP is very well-priced. 

When I look at different solutions, I always go back and compare them to AMP. I'll tell the others, "Hey, here's what we're paying for AMP, per user. You guys can't be any more than that, because here's everything we get from AMP. You guys are only doing one thing or two things, and AMP's doing all these other things for us."

AMP's pricing is the gold standard that I compare all other pricing to, from antivirus to other security tools. That's how well-priced I think AMP is.

Take a holistic view of your security stack. If you can only focus in on the endpoints, I understand, but if you take a longer view on where you want your cyber security posture to be over the course of time and over the course of budget, this is a great building block. I took a step back half a decade ago, evaluated where we were and where we needed to be, and I started taking baby steps. We started with AMP; we quickly added Umbrella. And that was a great little solution to endpoint protection. We knew where our people were going on the internet. We could block them from bad sites. We had the power of Talos protecting us.

Over the course of time, and as budget constraints allowed, we were able to add on more layers. I would rate our cyber security posture as very mature. You're always growing, you're always evolving, as the threat landscape does, but I think that we have the fundamentals in place to be able to adjust rapidly to an evolving threat landscape. 

That didn't happen overnight. We didn't just open up the checkbook and write a $10 million check to say, "Hey, we have cybersecurity." We took a very methodical approach over the course of time, trying to plug in the right pieces as they fit and as our business grew and matured. Our fundamental building block was AMP. We started there and then built out from it. Just recently, this past fall, we finished up building security into the core of the data center. We built from the endpoint up to the perimeter and then into the data center. Now, we have good visibility into our north-south traffic, where AMP plays and, with the recent project that we just finished up, we now have great visibility into east-west traffic out of the data center. AMP plays into that, too.

At the end of the day, AMP will feed both data feeds and give you good visibility into all your traffic, whether it's leaving your network, coming into your network, or going across your network.

We're very confident about the security alerts that pop up on Threat Grid. And we use another tool that's not Cisco-related, another SIEM tool, that will alert us for different things. We cross-correlate the two platforms — it's like a check-and-balance, if you will. It makes sure Cisco's doing everything it's supposed to, and that this other tool is doing everything it's supposed to do.

The primary use case is for endpoint protection. For the larger deployments, we use it for our policy enforcement as well. We use AMP on the endpoints for writing automated policies in order to protect the user when they join the network, for example. 

The solution's integration capabilities are excellent. It's one of the best features.

Most of my ecosystems are Cisco-based, so AMP is an easy deployment for me and an easy sale as well. There is a lot of technical documentation which is readily available. There's a lot of Cisco-based education which is really helpful in terms of various unique situations that we run into.

I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products. 

AMP works very well within the Cisco ecosystem. If it could work along with the third party ecosystem as well, if that integration or even more APIs came into play, I think we could utilize this product a little bit better.

One thing which I would like to see in terms of a major improvement would be AMP supporting the IoT infrastructure, which has been coming up in networks recently. It should also support more factory managed devices, like systems running Linux. Better support is what I'm looking for.

The common endpoints are already covered and we work very well with them. That would be the case if support is extended to new devices as well. I think that would bring real value to the table.

AMP has recently released email security and web security. If there was something like a common dashboard, similar to that of CrowdStrike, it would be useful.

AMP needs to come up with a common dashboard for all of the solutions. That single pane of information would allow us to view everything. 

Instead of installing a plugin, what we need AMP to do is run installs in the background. Then the user doesn't know that AMP is running on the system. That would be a fantastic use case or the recommendation which I would like to make, in they're looking for products and features to develop. Something like that would allow me to have a high-end deployment in place for AMP which would be ideal.

I've been using the solution for two or three years now. I have been using AMP since it was acquired as an independent company. That means I have almost five years of experience in AMP and AMP-based products.

Scalability wise, AMP is a sure shot recommendation. I would recommend it for an endpoint protection solution compared to any other product out there in the market. It's number one.

I work with small and medium-sized organizations as primary clients which I have targeted AMP on. The small users or the smaller segment within our clients are from 10 users to 500 users. And when I'm talking about medium deployment, I'm referring to users ranging from 500 to 5000 users.

The technical support has always been fantastic.

It has never been a disappointing experience to be very frank. Cisco TAC has been very helpful. I worked in the presales team as well, so there is Partner Plus which has always been favored in terms of providing us with solution-based documents as well as presentations to take to our customers.

In a couple of ways, I think we are doing a very good job in terms of the resources which are being provided as well as the support that has been designed around this product.

The initial setup is very straightforward.

I normally work with Cisco systems, as well as most of the routing and switching companies out there, like Juniper, among others.

We're partners with Cisco. I handle consultation with all Cisco products, which includes all of the safe architecture, security logging, and switching. I'm basically working with the system architecture within Compass. I am a unified, tech grade umbrella for the entire product portfolio.

I'd advise, if users are running a Cisco environment, to definitely adopt AMP as an endpoint-based solution, which makes it a lot easier for them to manage your devices.

I'd also advise that AMP works very well if someone is running a non-Cisco set up (and they're looking at an endpoint solution that works independently). However, there's a little bit of complexity in terms of getting the actual business use case, because there's less documentation surrounding that kind of setup.

In terms of rating the solution overall, I'd rate it an eight out of ten. It has covered most of the feature sets we need. The reason I'm not giving it a full ten out of ten is because there is still room to improve the scope of integration. It doesn't support many of the IoT endpoints as well as the other components on the network, which are not yet compatible but under development. Once that happens, I'd probably give it a proper ten out of ten.

We're using it for endpoint security for users and to make sure that no vulnerabilities exist.

Cisco Secure Endpoint has improved our security boundary. It makes our network more secure.

Cisco Secure Endpoint has decreased our time to remediate and time to detect, but I don't have the metrics.

Cisco Secure Endpoint has improved our cybersecurity resilience.

The product itself is pretty reliable. The security features that it has make it reliable.

It's pretty good as it is, but its cost could be improved.

We have been using Cisco Secure Endpoint for three to four years.

It's pretty reliable.

I haven't had to scale it at all, but I would hope it's scalable.

It's great. I never had any problems getting through or contacting tech support. I'd rate them an eight out of ten.

Positive

We used McAfee. We switched because we're more Cisco-reliant, and the product suits us better.

I wasn't involved in its setup.

I personally have not seen an ROI.

I would definitely weigh it with its competitors. The best bang for the buck in the technology is Cisco Secure Endpoint.

I would rate Cisco Secure Endpoint an eight out of ten.

We use this solution for the malware features, to protect our network and our endpoint users. We deployed this solution for security.

The most valuable feature is signature-based malware detection. They are updating the signatures for malware from time to time.

With every protection malware, there are issues, because it takes time to detect the malware, but Cisco is very fast in detection compared to other products.

The security is awesome and they have very good features.

The GUI needs improvement, it's not good.

There are false positives in emails. At times, the emails are blocked and detected as malware when they are not.

They should work on some of the signatures because of the emails that have been blocked and detected as malware that can never be opened.

I have been using Cisco AMP for Endpoints within the last year.

Cisco AMP for Endpoints is very reliable.

I am not familiar with scalability. I have never tried to scale it.

We have more than 400 users in our organization.

We have plans to increase our usage.

Cisco has the best technical support and marketing.

The initial setup was very complex.

It will take a month to complete the deployment if you want to complete the parameters.

Licensing fees are on a yearly basis and I am happy with the pricing.

If you are looking for deep security and malware for your endpoint users and network then I would recommend Cisco AMP.

I would rate Cisco AMP for Endpoints a ten out of ten.

We are system integrators and we use this product for DNS security, which is integrated with the DNS service.

Cisco AMP is the broadest, most integrated security platform that connects the breadth of Cisco's integrated security portfolio and the customer's infrastructure for a consistent experience. It unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications--all without replacing your current security infrastructure or layering on new technology.

The entirety of our network infrastructure is Cisco and the most valuable feature is the integration.

I would like to see integration with Cisco Analytics.

We have been using the total Cisco solutions including AMP for Endpoints, Umbrella, and Firepower for three years.

This is a stable product.

This solution is scalable.

I have contacted them in the past to raise a case and they were able to resolve it.

We use the traditional antivirus, its don't able to protects real time protection don't have firewall integration.

The initial setup involves integration with other products such as Talos. The deployment took us about one day.

Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world.These teams are supported by unrivaled telemetry and sophisticated systems to create accurate, rapid and actionable threat intelligence for Cisco customers, products and services.

I began with implementing Cisco AMP for Endpoints and then integrated Umbrella and the other products after that.

I would rate this solution a nine out of ten.

We mainly use this program for our business operations.

The feature I find most valuable is the sandboxing.

I think there should be better support and I would also like to see an easier implementation of the solution. The support should be cheaper and more available during the implementation stage. It would be great if they could have support teams that involve an AMP team because there's a specific team for AMP.

I have been using Cisco AMP for Endpoints for around three years now.

Cisco AMP for Endpoints has been very stable so far. 

I believe the solution is scalable. We have around 200 end users working on this program, and then we have a team of 15 that is responsible for technical and maintenance issues.

I will rate the technical support a six out of ten because their response time was very slow. Not as fast as they used to be.

We also use Micro, so we use two programs simultaneously. 

I did the initial setup myself and it was really easy and straightforward.

I will recommend this solution to others. I would, however, like to see better features and implementation to cover some points. It would be nice if they could add more protocols to support encrypted files, and be able to inspect an encrypted file, or at least be able to support that. Better and faster technical support is also necessary. 

On a scale from one to 10, I rate this solution a seven.

I like that this program is very light on the computer and very powerful. I also like the price.

I would like more seamless integration, because I have a security solution based on Cisco and I'm looking at integration for the old solution. It would be much easier for the security administrator to monitor integration.

I guess it's easy to scale, because I started a project with the requirements and when I needed to move forward to scale it up, it's been so easy. We currently have around 50 users. 

I am really satisfied with the technical support.

I also use Trend Micro. I use both programs, because they have different security layers. Both programs are very good.

The initial setup was straightforward as we used one of the Cisco partners. The deployment took a couple of days. 

On a scale from one to ten, I will rate this solution an eight. I do recommend it to others.