Coming October 25: PeerSpot Awards will be announced! Learn more
2019-03-11T07:21:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 167

What needs improvement with Cisco AMP for Endpoints?

Please share with the community what you think needs improvement with Cisco AMP for Endpoints.

What are its weaknesses? What would you like to see changed in a future version?

20
PeerSpot user
20 Answers
Pardeep Sharma - PeerSpot reviewer
Network security engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
2021-05-14T17:19:12Z
14 May 21

The GUI needs improvement, it's not good. There are false positives in emails. At times, the emails are blocked and detected as malware when they are not. They should work on some of the signatures because of the emails that have been blocked and detected as malware that can never be opened.

User1#2% - PeerSpot reviewer
Application Manager at Financial Corp
Real User
Top 5
2020-10-20T04:19:00Z
20 October 20

Like any other security tool, there's always rooms for improvement. Some of the ways the product can be improved are: - Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario - Since customers do not have the ability to allow or decline console updates, there have been a number of instances where the console GUI appear buggy and functionalities do not work correctly after an upgrade. This can be improved by informing customers prior to the upgrades. Other additional features that should be improved in next releases include: - The dashboard is great for quick visibility prior to deeper dive, however, making the dashboard more customization will improve interaction, grant the ability to filter out irrelevant outputs and encourage personalized drill-downs based on daily requirements - Integration with enterprise monitoring applications and ticketing systems that differentiates noise, forwards events, generates tickets and have them automatically assigned to application owning group.

MD.SIHAB TALUKDAR - PeerSpot reviewer
System Engineer at asa
Real User
Top 5Leaderboard
2020-10-13T07:21:00Z
13 October 20

I would like to see integration with Cisco Analytics.

Mark Bonnamy - PeerSpot reviewer
Technical Director at Ridgewall Ltd
Reseller
2020-07-12T11:48:00Z
12 July 20

Some of the dashboards don't always populate with data. Most of them do, but some of them don't. Another issue for me, that would be the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal. If I were Cisco, that would be my greatest focus of all because it would be of such great value if I could give one pane of glass to an engineer and he could look across all the Cisco products. The other thing I would say to Cisco is they need to move more to a consumption model like Office 365, because I want to be able to sell it and deploy it by just adding things on to a particular client. For example, you set a client up on the AMP portal, which I'm looking at as I speak. I have X number of clients. If I need to sell or deploy Umbrella, I've got to go through a completely different process and enter exactly the same sort of thing. I've got to create the client somewhere else, I've got to put the information somewhere else, and I've got to run the deployment from somewhere else. Whereas with the Office 365 model, I'm able to upgrade packages and add features and functionality all from the one place. That is an incredibly powerful selling tool. The other area for improvement is to make billing simpler. The billing process for us is hard where we've got those two users. We've got to create a separate bill for those clients and we have to create a separate report to Cisco to say that we're billing those clients. Anything they could do to make that billing process more seamless would be of great value. If they could almost automate it, so that it is something that links in with accounts packages to make the billing process neater, it would help promote the sale of it and make it more profitable to sell. If someone deploys AMP For Endpoints on a client, at the moment that process is very disjointed. We've got to do a check once a month to see how many deployments there are relative to last month and, if we had to add one, we not only have to bill an extra one but we also have to buy an extra one from Cisco. And all that is manual.

Tim Crosweller - PeerSpot reviewer
IT Manager at van der Meer Consulting
Real User
2020-07-09T06:27:00Z
09 July 20

The biggest area where I liked seeing improvement is in the interface and its interaction with the customer and portal. Since these things are quite technical, it's important that you can find your way around the console quickly without having to remember where things are. I think the interface has improved quite a lot in the last couple of years, which is good, but also the integrations are starting to be incorporated a lot more too. We can see more value in the product as time goes on. It's a different product to what it was when we first got it in terms of visibility and also its user interface. You need a certain level of technical experience because the console is not the easiest thing to look at. It's very in-depth and there's a lot going on. It does a lot of stuff. I often compare that to our antivirus console, which is pretty self-explanatory, but it is not really doing a lot in terms of its visibility. It will do similar remediation work, but AMP has the visibility. You can see where it's going and what processes are running. Everything that it's tracking can be overwhelming to some people so you need a level of IT and technical experience to understand what it's doing and your way around the console. It's a very high-level product in that respect. Therefore, it might scare a few people off if they're not up to that level. However, if you have someone who can handle it, then it's fine. There are some features with the integrations that I'm not using because I haven't gotten my head around how they integrate and how best to integrate them into what we're doing. It is just a matter of giving me some time to sit down with a Cisco rep and working through it to understand exactly what these things are doing, then implementing them. I am not one to pay for something that we're not going to use. However, from what I can see, everything that comes with the product is worth doing. Obviously, the threats out there now in the internet world are only getting more complex. Therefore, it makes sense that we keep up with all the technology and software that comes with it.

Neal Gravatt - PeerSpot reviewer
Sr Network Engineer at a real estate/law firm with 1-10 employees
Real User
2020-07-08T09:01:00Z
08 July 20

The endpoint agent on a machine doesn't provide much data. And the thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself. There are features that are supposed to work that don't that reduce the duplicates.

Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,325 professionals have used our research since 2012.
HB
Security Officer at a healthcare company with 51-200 employees
Real User
2020-07-08T09:01:00Z
08 July 20

The solution’s endpoint protection, in terms of the operating systems and devices that it protects, is pretty comprehensive. The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on. It's a rapidly evolving product. Every time they turn on a new feature, you're going to have glitches. Recently, they put out a bad version of a Connector, but they put out a new version of a Connector every other week it seems, so they pulled that back and put out a new version.

Cole Two-Bears - PeerSpot reviewer
Systems Architect at a consultancy with 5,001-10,000 employees
Real User
2020-06-10T08:01:00Z
10 June 20

The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications. As far as reducing the attack surface, Orbital really doesn't decrease that surface.

Wouter Hindriks - PeerSpot reviewer
Technical Team Lead Network & Security at Missing Piece BV
Real User
Top 10
2020-06-09T07:46:00Z
09 June 20

We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment.

DanTurner - PeerSpot reviewer
CIO at Per Mar Security Services
Real User
2020-06-03T06:54:00Z
03 June 20

If it could physically go out and slap the end-user to keep him or her from doing the bad thing initially, that would be great. But seriously, maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that.

PeerSpot user
IT Manager at a hospitality company with 201-500 employees
Real User
Top 5Leaderboard
2020-06-02T12:52:23Z
02 June 20

Nice to have URL management, password protection of the app, more details of the machine & user running the app.

SunnyNair - PeerSpot reviewer
System Architect at COMPASS IT Solutions & Services Pvt.Ltd.
Real User
2020-01-29T08:35:00Z
29 January 20

I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products. AMP works very well within the Cisco ecosystem. If it could work along with the third party ecosystem as well, if that integration or even more APIs came into play, I think we could utilize this product a little bit better. One thing which I would like to see in terms of a major improvement would be AMP supporting the IoT infrastructure, which has been coming up in networks recently. It should also support more factory managed devices, like systems running Linux. Better support is what I'm looking for. The common endpoints are already covered and we work very well with them. That would be the case if support is extended to new devices as well. I think that would bring real value to the table. AMP has recently released email security and web security. If there was something like a common dashboard, similar to that of CrowdStrike, it would be useful. AMP needs to come up with a common dashboard for all of the solutions. That single pane of information would allow us to view everything. Instead of installing a plugin, what we need AMP to do is run installs in the background. Then the user doesn't know that AMP is running on the system. That would be a fantastic use case or the recommendation which I would like to make, in they're looking for products and features to develop. Something like that would allow me to have a high-end deployment in place for AMP which would be ideal.

MohamedEladawy - PeerSpot reviewer
Service Security Lead at Salam Technology
Real User
Top 10
2020-01-12T12:03:00Z
12 January 20

I think there should be better support and I would also like to see an easier implementation of the solution. The support should be cheaper and more available during the implementation stage. It would be great if they could have support teams that involve an AMP team because there's a specific team for AMP.

AD
CEO at Oriental Weavers
Real User
2019-11-18T07:22:00Z
18 November 19

I would like more seamless integration, because I have a security solution based on Cisco and I'm looking at integration for the old solution. It would be much easier for the security administrator to monitor integration.

Mohammad Siraj - PeerSpot reviewer
Deputy GM at Oregon Systems
Real User
2019-09-27T04:38:00Z
27 September 19

The reporting and analytics areas of the solution need to be improved.

ZS
Solution Architect / Presales Engineer at a comms service provider with 1,001-5,000 employees
Real User
2019-09-24T05:43:00Z
24 September 19

It should be doing backups. Every stage that this malware is going forward, it should snapshot the situation. Then I could go back to the first stage before it got infected. It doesn't have this option, and I know that other manufacturers have it, like Check Point, for example. In the next release, I would for it to have back up abilities. I would like the ability to go back to a point in time to when my PC was uninfected and to the moment of when the infection happened.

SV
CISO & COO at a tech services company with 1-10 employees
Real User
2019-07-02T06:57:00Z
02 July 19

In the next version of this solution, I would like to see the addition of local authentication.

Mohammad Siraj - PeerSpot reviewer
Deputy GM at Oregon Systems
Real User
2019-06-26T05:26:00Z
26 June 19

When we're talking about anti-malware protection, AMP is a very good solution, but again, the CSO level reports are not generated. There is a dashboard, there is a report, but again, those reports have to be taken to the CSO, because when it comes to security, we always want to have high-level reports. So if we had a system that generated reports from the AMP itself, that would be great for us. Also, the solution needs more in-depth analytics. Right now they have implemented AMP, so, monitoring is happening, but you need to see what exactly is happening, the updates and then the mode of attacks that have happened and have been prevented. An in-depth report could be generated, and it should be on a CSO level. That's the value should be added to AMP solution.

Edvins Logins - PeerSpot reviewer
IT Security Services Owner at Atea Global services
Consultant
2019-03-11T07:21:00Z
11 March 19

We would like to have an API integration with a SIEM solution, because as far as I know, it currently hasn't yet been released. We are looking forward to it because it's important for us to integrate the product with a SIEM solution in order to provide our customers a good, robust solution. It needs major improvement with its ease of integration.

RZ
Chief Information Officer at Sacramento County
Real User
2019-03-11T07:21:00Z
11 March 19

I would like them to add whatever makes filtering more advanced in scanning and blocking for malware in emails. It would just improve the product further. I think they are working on this, the continuous improvement aspect.

Related Questions
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
Aug 10, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 22 answers
SV
CISO & COO at a tech services company with 1-10 employees
02 July 19
We use this solution as part of our organization security.
ZS
Solution Architect / Presales Engineer at a comms service provider with 1,001-5,000 employees
24 September 19
I use the public cloud deployment model. I have installed the license, the software, on my VM and it is being managed by Cisco Cloud. My primary use case for this solution is to test it against malicious links and for encryption and decryption.
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
Jul 26, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 18 answers
Mohammad Siraj - PeerSpot reviewer
Deputy GM at Oregon Systems
26 June 19
If you talk about the commercial aspect, this solution is not the Gartner one. We have a challenge because there are other solutions which are Gartner solutions, where we have competition. So we have to justify, explain, show the value propositions and then we sell are able to sell.
SV
CISO & COO at a tech services company with 1-10 employees
02 July 19
The licensing fees for this solution are paid on a yearly basis.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 09, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Feb 04, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
04 February 22
Thank you, these community Spotlights are very handy!
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Central Station (soon to be PeerSpot)! Questions Share your experience with other peers by ans...
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 09, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
DOWNLOAD NOW
634,325 professionals have used our research since 2012.