"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"It integrates well into the environment."
"They have a new GUI which is just fantastic."
"It is easy to use."
"Provides behavior-based detection which offers many benefits over signature-based detection."
"The initial setup is pretty easy."
"The interface is easy to use and it is more up to date than our previous solution."
"The solution doesn't need a high level of technical training."
"It is very light. It is the only solution that can be installed on a machine that already has an antivirus. It is a pretty complete solution."
"It is excellent endpoint protection for mobiles that does everything it says it will."
"There aren't any features that really stand out — I just want it to keep malware out of my system. To date, I haven't had any malware in my system."
"We've not had any issues with scalability. If an organization needs to expand, they can do so quite easily."
"The initial setup was straightforward. It took five minutes. I installed the solution myself."
"Their policy management, their cloud-based dashboard and user interface are very easy to navigate."
"The solution has many features. It is very easy to define and set the policies based on the user groups, it does not take up a lot of resources in operation, and has provided us with a good track record of protection."
"I like that Webroot is very lightweight. It didn't bog down the machine, and more importantly, it had heuristics artificial intelligence to some degree. It wasn't like full-blown artificial intelligence, but something where you have one endpoint recognizing issues because it maintains a cloud database. If one client recognizes a threat, it would add it to the database, and almost immediately, every agent in the world would also know about that threat. That was very appealing to us. However, now it's becoming commonplace, whereas ventures like Symantec and McAfee were based more on the traditional model of definition and updates, and we were always falling behind. Webroot also has pretty good technical support."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"I would like to see integration with Cisco Analytics."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"I would like to see them include NDR (Network Detection Response)."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"Impact on system performance is horrible, adding a lot of delays for users."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"One of the biggest pain points is that it's not really ransomware-oriented. They will be able to catch some, but that's where Sentinel One is a better player compared to Webroot."
"I did notice that my OS slowed down, but I don't know if that's due to Webroot."
"We need to have a stronger defense against CryptoLock and other attackers."
"It would be nice if it had a feature for automatically generating reports on the client end for device status, security status and backup information."
"There should be a Webroot Business Endpoint Protection mobile app."
"Its detection capability for certain attacks should be improved. It should have better and wider detection for certain malware attacks. It could also have some sort of RMN."
"Technical support is not the best. It's hard to get a hold of them if we need help. It's something that definitely needs improvement."
"The solution could improve by providing better ransomware protection."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More Webroot Business Endpoint Protection Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 5th in Endpoint Protection for Business (EPP) with 35 reviews while Webroot Business Endpoint Protection is ranked 20th in Endpoint Protection for Business (EPP) with 11 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Webroot Business Endpoint Protection is rated 7.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Has a centralized console and does predictive analysis of malware". On the other hand, the top reviewer of Webroot Business Endpoint Protection writes "Keeps mobile devices secure against vulnerabilities or any attacks". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Symantec End-User Endpoint Security and Check Point Harmony Endpoint, whereas Webroot Business Endpoint Protection is most compared with Microsoft Defender for Endpoint, SentinelOne, Sophos Intercept X, Carbon Black CB Defense and Deep Instinct. See our Cortex XDR by Palo Alto Networks vs. Webroot Business Endpoint Protection report.
See our list of best Endpoint Protection for Business (EPP) vendors.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
