Cisco Secure Endpoint Valuable Features

Neal Gravatt - PeerSpot reviewer
Sr Network Engineer at a real estate/law firm with 1-10 employees

I like the central management console where I can see everything that's going on, on all the computers. 

Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP.

One of the things that is most impressive is its ability to give so much insight. That's another of its best features. With the File Trajectory, it shows everything the computer's doing and it can help determine how the virus got onto the computer.

You set it and forget it. Once you install it and configure it, it runs the reports, putting everything on the central web console.

You're able to subscribe to alerts, so I get an email every time it deletes a virus off of someone's computer. I also get an email if it has a problem, such as if it was unable to delete the entire virus. It will say "Quarantine unsuccessful."

It allows as many people as you want to go in and view it. And you set people as administrators or as people that can just view the information.

AMP also has several tools you use to link to websites that contain more information about things. They're useful as well. They give you the ability to look at different companies' information; for example, a virus total. You can also connect it to other modules and tools that you have, and it can do things such as quarantine where it will take a computer off the network for you automatically. Those tools are helpful. It provides a concept they call "distance and depth," where you get more than one company's opinion on things.

We just started using its Orbital Advanced Search feature. It's relatively new, so we haven't used it a whole lot, but for the little bit that we have used it, it has been a really neat tool. I've only run it on a couple of endpoints so far, but it works pretty well. It just gives you that extra insight to help better understand how the rest of your environment could be affected. Obviously, you're dealing with a computer that has a virus already and this gives you an ability to assess what else could have happened with that virus. It helps provide more information. 

The Orbital Advanced Search feature also helps to reduce the attack surface and to investigate real-time data on our endpoints. Some of the queries will show you which software packages you have that are vulnerable, like a version of an Office program or an Adobe Reader that has a vulnerability in it. Once you know that information, you can proactively patch the computer or apply updates to it so that it does not become infected. It alerts you to an infection, and then you can say, "Oh, these other computers could be infected by that too." Orbital detects those computers. It reduces the amount of time we spend on that kind of situation by about 20 percent.

In terms of the comprehensiveness of the solution, it does Windows great. It works on Macintosh very well. It also does iPhone and Android. It's pretty comprehensive since it covers the majority of operating systems.

It also integrates very well with other Cisco products. It has an API interface so you can integrate it with just about any Cisco product. It does have some out-of-the-box stuff and definitely integrates great with all the other Cisco tools. But we use something called Rapid7, it's a vulnerability scanner, and it's able to integrate with it very well to help report data. It works well with some third-party products, but I'm not sure how many.

View full review »
Mark Broughton - PeerSpot reviewer
Level 2 tech at a tech services company with 11-50 employees

I liked the ability to have a choice between the full scan and the flash scan.

There were also a couple of occasions where being able to isolate the machine on the network remotely was very helpful because, at that company, 80 percent of the workforce was remote.

Also, the integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful.

And in terms of simplifying cybersecurity, being able to have scheduled runs meant we were able to break our endpoints out into different groups. We chose to do different regions and different departments. It was very easy to

  1. set up the groups up
  2. copy the policies from one to the other.

Once you understood how to do it, it was really simple to create groups and group them together or apply them to each other. It took a little bit of a learning curve to get up to speed, but once we were up to speed, it was very user-friendly.

I also felt that remediating issues using Secure Endpoint was pretty easy. Most of the time, it was a matter of isolating the endpoint that we thought had an issue, running a full scan, confirming that there was no serious issue, and then getting the machine back online. In our case, we were pretty fortunate in that regard, but the remediation appeared to be very simple.

View full review »
Nicola F. - PeerSpot reviewer
Infrastructure Engineer at TeamSystem

I appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us.

The Cisco Secure Endpoint dashboard gives a clear view of everything occurring across the environment, making it straightforward to track and solve threats. This direct approach to threats simplifies cyber security, a capability we didn't have from other solutions; it's instrumental. The dashboard is clean and user-friendly. 

The solution helps prioritize threats as it presents them as low or high-priority, which informs our approach to dealing with them. We can focus on the more severe threats first and protect the integrity of our system. This avoids the problem of having 40 or 50 alerts and not knowing where to start; threat prioritization gives us a starting point. 

CSE reduced our time to detection, mainly due to the excellent dashboard that gives a clear view of threats developing in real-time. One member of staff monitoring the console can block threats almost immediately and set and customize notification preferences. Once the product is correctly configured, we can stop any threats almost as soon as they arise. This requires some time at first, as the agent deployment isn't easy, so starting in the audit mode for the initial configuration is good. 

View full review »
Buyer's Guide
Cisco Secure Endpoint
December 2022
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,994 professionals have used our research since 2012.
Sagar Ghumare - PeerSpot reviewer
Sr. Network Engineer at a comms service provider with 201-500 employees

Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world. Cisco Secure Endpoint gets the information from it. We do get knowledge about all the attacks going across the world. Because Secure Endpoint has a connection to it, we get protected by it right then and there. Rather than our looking for it, and finding out the information, the software does it for us without our having to get in between. That is really an easier way of fixing a problem. Before, we would manually have to look into it. That really helps us. It's taken care of in a way.

View full review »
ED
System Administrator at a manufacturing company with 201-500 employees

We use it as an antivirus. The audit logs are valuable. 

It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.

It is quite comprehensive in terms of endpoint protection. I haven't found anything where it was lacking in terms of the protection of our Windows machines.

View full review »
User1#2% - PeerSpot reviewer
Application Manager at Financial Corp

Recently, we have engaged the vendor regarding optimization, bug detections and extended features. Identity persistence, a feature request that was recently granted for instance gives virtual and physical devices deployed using gold image the ability specify an Identity Synchronization option. This persistence feature can apply by MAC address across business, by MAC address across policy or by host name across business.  

Speaking of scalability, integrating with other Cisco products, secure email, network, SIEM, API, open source and a number of selected proprietary applications have been encouraging.

Of all valuable features, these are worth mentioning:

- CI/CD pipelining and feature prioritization by actioning on user requests/ identified bugs, releasing connector upgrades, and deploying console upgrades for better usability

- Subscription functionality where console administrators able to Subscribe to receive immediate alerts(digest) on specific or group of monitored workstations

- Identity and access management capability within the console that allow administrators the ability to drill down user visibility on a Role based access control, limiting access to policies, groups, exclusions, and other controls

In terms of operating system compatibility, the coverage is almost in its entirety. Integration and deployment to Windows workstations, Windows servers, Mac, Linux and mobile is seamless

Being a unified AV engine, AMP conveniently delivers both Intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) capabilities with a specialty in cloud-delivered protection, next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR)

View full review »
RM
Director of I.T. Services at a non-tech company with 201-500 employees

This solution accelerates threat hunting by automatically promoting endpoint incidents to the Cisco SecureX platform, which is something that is fairly important to us.

Our systems are monitored by this product, and if threats are detected then the systems are shut down before problems arise. This is something that is fairly important to our organization.

View full review »
Gassan Shalabi - PeerSpot reviewer
Manager at UCloud

I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see.

View full review »
LC
Manager information security at a consumer goods company with 1,001-5,000 employees

Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts.

View full review »
Marian Melniciuc - PeerSpot reviewer
Senior IT System Administrator at ScanPlus GmbH

Since we booked the Premier License, the most valuable features, in my opinion, are

  • Secure Threat Hunting to have a specialized team to support in analyzing complex attacks. That could help us to learn about new technics
  • Threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files. Nobody wants to run a dangerous file in his network, for that Threat Grid is important for us.
  • Threat Response that offers the possibility of help on logs, IPs, domains, etc. to perform investigations into our and global infrastructure. Sometimes we want to see if a malicious file was run in our network, for that Threat Response take this job to search and save us alot of time.
View full review »
Felipe Guimaraes - PeerSpot reviewer
Sales Director at Samsung

The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices.

View full review »
Pardeep Sharma - PeerSpot reviewer
Network security engineer at a tech services company with 1,001-5,000 employees

The most valuable feature is signature-based malware detection. They are updating the signatures for malware from time to time.

With every protection malware, there are issues, because it takes time to detect the malware, but Cisco is very fast in detection compared to other products.

The security is awesome and they have very good features.

View full review »
Buyer's Guide
Cisco Secure Endpoint
December 2022
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,994 professionals have used our research since 2012.