If you talk about the commercial aspect, this solution is not the Gartner one. We have a challenge because there are other solutions which are Gartner solutions, where we have competition. So we have to justify, explain, show the value propositions and then we sell are able to sell.
We use a lot of Cisco products to integrate into our services for about 160 customers in healthcare, local government, and social housing. We are using tons of Cisco products. Besides all types of firewalls, we are using IronPort for email. We are using a lot of networking products as well, in which security is also embedded. We also use the SecureX platform to leverage our security automation. We have about 160 customers, and each of these customers has its own compliance, set of rules, and governance. So, the use cases might vary, but it's all about keeping them safe on all levels; on a technical level, on a tech framework level, and also on a personal level. We try to prevent our customers from doing things that they didn't intend to do as well. The use cases vary, and we embed them in all our services and also in our security operations center.
We are delivering Cisco solutions and security services to more than 100 customers. We use AMP, which I believe is currently called Cisco Secure Endpoint. We use Umbrella, we use SecureX, we use Meraki, and we, of course, use firewalls. So, it's a very broad range of Cisco products.
I'm working in a wholesale industry company. We are present in around 16 European countries and my company has around 5,000 employees. I have been using Cisco products since 2007, and in this company for around three years now. I am using Cisco Secure Endpoint for around 6,000 endpoints, and I also use Cisco Secure Email, ESA product. It's a cloud-based solution from Cisco. I'm using Cisco Malware Analytics and Sandbox. I use Cisco SecureX to integrate all of these and monitor all these ecosystems from Cisco Secure. Our use cases for using Cisco Secure products are to increase defenses, machine learning, to integrate all these solutions from the backend, do single dashboard threat hunting, do few clicks incident response, have visibility across the entire architecture, and more. We are happily using Cisco and have various different use cases. We have backend integrations, front-end visibility, and then incidence response with a single click.
We saw this product with a partner. We installed it and configured it properly along with our antivirus solution. We monitor it almost every day to see what's going on. Up till now, we are very happy with the performance. We check every day if there are any indicators of compromise, if there are any workstations that need particular attention, or if there are any peculiar or strange events.
We are using it for remote users, and that's our main reason for using it. We have a lot of colleagues who work outside the organization, and they need to connect to the local, on-prem resources for file sharing and other things that we have in our data center. That's it.
It was our primary endpoint protection.
We have a complete Cisco environment; we use Cisco Firepower, Cisco ACI, and many of their other products. We have many of their top solutions from the network to the data center server.
Our primary use case is general antivirus protection. This product was deployed to a number of Windows machines, and we also have a VMware environment.
It is used especially to connect with MDM, covering security and monitoring services. It protects user devices, especially for field services. Customers need some infrastructure on the cloud, e.g., Amazon and Google. We also need some testing and stage environments to perform tests.
I'm hoping that this is protecting me from all the harmful issues that are happening, because we know exactly what kind of world we are living in on the internet.
We rely on it for antivirus. There are probably three levels, and we have the bottom tier, the most basic one. It is on Cisco's cloud. We have the client installed on all workstations, but we don't have a server.
AMP 4 Endpoints protect our workstation (ca 300), our VDI environment (ca 250), and our servers (ca 50). The old product was from Trend Micro and was just a simple antivirus solution. It was ok, but it was just an antivirus. We needed something more than just an antivirus that is used by every end-user. We were looking for a tool can we trust, and something that can schedule some things, implement scripts, analyze malware, perform advanced scans, etc. Our company, as an ISP for many customers, has to be protected from vulnerabilities.
We use this solution for the malware features, to protect our network and our endpoint users. We deployed this solution for security.
Being the primary AV/IDS within the enterprise, we have the solution deployed across multiple platforms including workstations, servers and Operating Systems. The solutions conveniently integrates with other existing on-prem and cloud application will relatively minimum to stand up, using APIs and security best practices. Most out-of-the-box features are either being utilized or pipelined to be deployed going forward, including MAP, ETHOS, SPERO, Exploit Prevention, SecureX, and Tetra which serves as an offline definition repository for workstation who are unable to pull definition updates using the default Cisco AMP cloud route.
We are system integrators and we use this product for DNS security, which is integrated with the DNS service.
We needed an endpoint security product and this was the one that we chose. We also use Cisco Umbrella, which fits in neatly with the endpoint as endpoints are moving, more and more, out of the office now. Traditionally, it's slightly harder to manage that, so we use Cisco AMP and Umbrella on those endpoints to secure them. It's almost entirely on-premise. Although there are some small cloud installations where we use it.
We have it installed on all our workstations and servers. Primarily, we started with it after we were hit with a ransomware attack about five years ago. We looked for something that would give us a bit more visibility as to what was going on the network, where the weak points were, etc. We had an antivirus solution (FireANT) back then, which obviously wasn't good enough on its own. So, we went looking for something that was going to be a little more granular in how it gave us visibility on the network. We have the Cisco AMP for Endpoints Connector on our workstations, which is all done in the cloud. We have Windows Server, Windows 10 workstation environment, and on-premise servers at the moment with some cloud. I guess we would call ourselves a partly hybrid business, with some stuff in the cloud, and all our access points have Cisco AMP on them. This currently includes work-from-home devices, because we have a lot of people still working from home with the coronavirus thing going on, even home users have Cisco AMP as well. Our operating systems, whether they be Linux, Windows, Mac, or Google Android, are well-protected.
AMP for Endpoints has Endpoint Connectors, which are agents on the endpoints, providing security against malware and intrusion detection. It also provides intrusion prevention. We install the Connector on all the endpoints before they're deployed and also on our virtual desktop images. They provide constant monitoring and alerting on any events or potential threats to let us know when there is something going on that we can further investigate. AMP intersects with a bunch of other Cisco tools, such as Threat Grid, Threat Response, and Talos Intelligence to identify threats, then automatically quarantine or remove them. It also gives you the ability to isolate endpoints to prevent further spread of any sort of malware, like a virus that might infect other machines.
Cisco AMP is an anti-malware and antivirus product. It provides endpoint protection. We use it as our antivirus and anti-malware tool. We put it on all our computers. Our employees have it on their laptops because they leave the network and we can't protect them everywhere. Microsoft Windows comes with a built-in tool but it's not quite as powerful. So we use Cisco AMP and Microsoft System Center Endpoint. Cisco AMP is our primary solution, but we don't uninstall the free ones that come with Windows. It runs a little agent on the computer and then you manage it from a website platform. There is an application installed on the computers and they all connect up to the management console, which is hosted in Cisco's cloud. You can use it for single endpoints. We have 3,000 that we use and then there's the free version of it you can use for home.
AMP was purchased for our organization in response to continued threats that we had from malware and malicious activity on our endpoints. We received AMP for Endpoint and also AMP for Networks as part of our Cisco Security ELA. The solution has made a huge impact on the visibility of what has actually been transpiring at the process level on our servers and workstation endpoints as well as being able to look in detail on those processes to see whose executed those processes and what the trajectory was for those processes. AMP for Endpoints is Software as a Service. It's a subscription service. You do download a connector onto the endpoint. Then, there is the option to run it to an air gap mode where you connect to a local server that does back out to the AMP Cloud. However, that's not the deployment we have in our case, we have it connecting back directly to Cisco Cloud Security.
We were looking for a security product, which would not only block known viruses, but give more visibility and control over anti-malware. We offer Desktop as a Service (DAAS) for small and medium businesses, so we have hundreds of laptops, desktops, and virtual machines. Because users click on everything, you need to have a solution in place which will detect if something happens and log it, if there's anything malicious, then it will be blocked and reported. The main reason for going with Cisco AMP is its integration with other Cisco solutions. It can integrate our firewalling, DNS protection, and email security appliance, so if there's a malicious file, and I see it on one of those devices. I can say, "Hey, I want to have this blocked," and it will immediately stop it being emailed in or out our environment. It also can no longer be downloaded from the Internet. Thus, with one click, we have multiple points protected. AMP is a bit of a time machine for our environment. We can see any action being executed, connection being made, or file being written, whether it's malicious or not. Everything is been logged. I can basically go back in time and see, "This user opened this website," or, "This process created this file." If at any point in time, we do get something where, "There has been malicious activity there," we can completely follow it back: * How did it get there? * Did it change other files? * Did it leave a scheduled task somewhere? * Did it connect to other machines? * Did it drop software on another place even before it was know to be malicious? All activity has been logged. If something turns out to be malicious, or if it's a user doing something they shouldn't be doing without using any malicious software but just using system tools, you can still see every command being run from the console. The management console is cloud-based and the deployment goes to the endpoints, which are either in our data center or on the laptops and desktops that users have in their offices.
We're using it in a handful of ways. We initially bought it to provide endpoint protection against malware and the like on our laptops that were mobile and off our network the entire time. We eventually moved it onto all of our desktops, and we have now integrated with Umbrella, so we have a full protection suite for all of our clients across our enterprise.
The primary use case is for endpoint protection. For the larger deployments, we use it for our policy enforcement as well. We use AMP on the endpoints for writing automated policies in order to protect the user when they join the network, for example.
We mainly use this program for our business operations.
We're in the banking sector. We use AMP to protect security endpoints.
I use the public cloud deployment model. I have installed the license, the software, on my VM and it is being managed by Cisco Cloud. My primary use case for this solution is to test it against malicious links and for encryption and decryption.
We use this solution as part of our organization security.
We are trying to provide managed security services. This solution would be part of those managed security services.
The primary use case is email filtering. We are using the latest version.