We performed a comparison between Cisco Secure Endpoint vs Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Secure Endpoint received more favorable ratings in every comparison category.
"The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful."
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"It's quite simple, and the advantage I see is that I get the trajectory of what happened inside the network, how a file has been transmitted to the workstation, and which files have got corrupted."
"The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"It comes included with the Windows license."
"Defender for Endpoint provides good visibility into threats and has favorable threat intelligence."
"The attack surface reduction rules are the most valuable. We're able to have unattended remediation actions when the solution works side by side with a local antivirus like Microsoft Defender or Kaspersky. The attack surface reduction rules help us to proactively block and stop threats."
"This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time."
"The technical support from Microsoft is very good. We are part of the Microsoft Suite, and from being part of this we have consistent news regarding Microsoft Defender for Endpoint."
"Microsoft Defender for Endpoint's most valuable feature is its ease of use."
"Microsoft Defender for Endpoint is a robust platform."
"The solution provides protections and reports about strange behavior and automatically blocks some of it. I love the way that statuses are represented."
"Logging could be better in terms of sending more logs to Cisco Firepower or Cisco ASA. That's an area where it could be made better."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"The GUI needs improvement, it's not good."
"This product has issues with the number of false positives that it reports."
"It could be improved in connection with artificial intelligence and IoT."
"They can improve it on the online protection front since people nowadays are moving online and working from home."
"The solution can be more user-friendly."
"Additional security would be beneficial."
"With the XDR dashboard, when you're doing an investigation and you're drilling down to obtain further details it tends to open many different tabs that take you away from your main tabs. You can end up having 10 tabs open for one investigation. This is another area for improvement because you can end up getting lost in the multiple tabs. Therefore, the central console can be improved so that it does not take you to several different pages for each investigation."
"A concern is ransomware, whether people can penetrate and encrypt my data or steal my credit card/banking information."
"They should bring back the feature of a dedicated proxy device for communication to the cloud. As of now, all the agents are required to send the logs directly to the cloud. There should be a solution where you can put a proxy and all the logs are consolidated, like a forwarder."
"The reporting in Microsoft Defender for Endpoint should improve. The solution has limited features."
"Phishing and Malware detection could be better."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Cisco Secure Endpoint is ranked 6th in EPP (Endpoint Protection for Business) with 13 reviews while Microsoft Defender for Endpoint is ranked 1st in EPP (Endpoint Protection for Business) with 118 reviews. Cisco Secure Endpoint is rated 8.6, while Microsoft Defender for Endpoint is rated 8.2. The top reviewer of Cisco Secure Endpoint writes "Makes it possible to see a threat once and block it across all endpoints and your entire security platform". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Enables ingestion of events directly into your SIEM/SOAR, but requires integration with all Defender products to work optimally". Cisco Secure Endpoint is most compared with Cortex XDR by Palo Alto Networks, CrowdStrike Falcon, SentinelOne Singularity Complete, Carbon Black CB Defense and Symantec Endpoint Security, whereas Microsoft Defender for Endpoint is most compared with Sophos Intercept X, Symantec Endpoint Security, CrowdStrike Falcon, SentinelOne Singularity Complete and Fortinet FortiClient. See our Cisco Secure Endpoint vs. Microsoft Defender for Endpoint report.
See our list of best EPP (Endpoint Protection for Business) vendors and best EDR (Endpoint Detection and Response) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.