"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that."
"The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"The most valuable feature is endpoint protection."
"Kaspersky Endpoint Detection and Response is an effective protection solution."
"Kaspersky Endpoint Detection and Response is a stable solution."
"My impression of the stability of this solution is good. We have not had any issues with stability."
"Kaspersky is easy to use, and it performs well."
"This is a feature-rich product."
"EDR's most valuable feature is its basic protection from malware and viruses."
"It's scalable enough for us."
"One of the features I like in Trend Micro XDR is that you can drill down on the root-cause analysis for anything you find on the solution. I also like that it works for detection purposes. Behavior analytics is also what I like most about Trend Micro XDR. I love that it has features such as behavior detection, program detection, and memory scanning. By default, the solution protects against spyware, apart from the normal virus scan. Smart Scan and DLP are also available in Trend Micro XDR which I like as well."
"The telemetric report is the most valuable feature."
"XDR provided a much more deep view into what is actually happening."
"What I like the most about Trend Micro XDR is that the detection and response domain extends to the network. It goes beyond the endpoint and includes data about the network which lets you pinpoint patient zero as well as the root cause of the attack."
"It has the feature to track an attack back. If there is an incident or an attack occurs, you can get a bird's eye view of that attack. You can see how the attackers came in and how they managed the attack. You can trace an attack. If you are giving a presentation to the management, you can easily show it to them in a live environment how the attackers came, which is amazing."
"Its detection rate is valuable. It is really an easy product to install and manage. It is quite effective at what it does, and if needed, it can also be co-managed, which means 24 hours and seven days a week monitoring through a SOC."
"Trend Micro XDR is stable, scalable, and reasonably priced."
"I like that it is a comprehensive security solution with a lot of features. You can say XDR is an end-to-end security solution with endpoint security. It includes all your servers, networks, and other devices. The endpoint security solution does not cover this. Plus, machine learning and features like that are the main things in XDR solutions."
"I would like to see integration with Cisco Analytics."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"The solution can improve by providing automatic fixing of vulnerabilities and reducing the resources used in the server component and endpoint agent. They are very bulky and use a lot of CPU, memory, and hard drive resources."
"The issue with Kaspersky EDR is the sandbox. I'd like to have the ability to manage it on the cloud as well."
"The prices can go down a little bit."
"Kaspersky Endpoint Detection and Response is very heavy on the system resources. It uses a lot of memory and the system can become slow."
"There is a problem with the solution, it came from Russia and we are looking for a replacement."
"Kaspersky needs to strengthen its standing in the market."
"The main problem with Endpoint is that Kaspersky is a Russian company, and my clients prefer not to use it."
"The technical support team should respond in a more timely manner."
"It would be better if it were more user-friendly. It would also be better if the implementation were more straightforward."
"Results were delayed."
"In new versions I would like to see better implementation of the reporting features, especially in regards to EDR visibility."
"The product needs to have a lot more maturity, and they need to improve the overall technical support framework for getting the value out of XDR."
"A room for improvement in Trend Micro XDR is more visibility into the alerts. We do get alerts from the solution, but when we are away, we need to have more visibility."
"The agent system is very slow, it needs to improve its performance."
"It should integrate with more tools. There are a lot of tools that can do the PTP dump."
"The solution lacks compatibility with other products. It needs to integrate better with other surrounding solutions."
More Kaspersky Endpoint Detection and Response Pricing and Cost Advice →
Kaspersky Endpoint Detection and Response is ranked 11th in EDR (Endpoint Detection and Response) with 12 reviews while Trend Micro XDR is ranked 7th in Extended Detection and Response (XDR) with 9 reviews. Kaspersky Endpoint Detection and Response is rated 8.2, while Trend Micro XDR is rated 7.2. The top reviewer of Kaspersky Endpoint Detection and Response writes "Plenty of features, reliable, and helpful support". On the other hand, the top reviewer of Trend Micro XDR writes "Good dashboards and easy to navigate but needs more flexibility". Kaspersky Endpoint Detection and Response is most compared with Microsoft Defender for Endpoint, Fortinet FortiEDR, Cynet, Bitdefender GravityZone Ultra Plus and Cortex XDR by Palo Alto Networks, whereas Trend Micro XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Microsoft Defender for Cloud and WatchGuard Threat Detection and Response.
We monitor all EDR (Endpoint Detection and Response) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
