Cisco Secure Endpoint Reviews

We rely on it for antivirus. There are probably three levels, and we have the bottom tier, the most basic one.

It is on Cisco's cloud. We have the client installed on all workstations, but we don't have a server.

It just gives me more insights into what threats are out there on the machines, so I can be more proactive.

Actionable alerts in the security console are helpful. With the security console, I immediately get to know about an issue. So, it has sped things up. It also gives you a way to research and see if an issue is spreading, so it has assisted quite a bit.

It definitely gives a starting point for investigating and mitigating threats. It has research tools, and we can run queries. I have used its Orbital Advanced Search feature. I have run quite a few queries to determine what is out on the network or on the devices that could be a threat. It could be something that is misconfigured or something that we don't want to have running. It is able to quickly run these queries.

I usually use the Orbital Advanced Search feature for groups. I use it to look for commonality for a threat thread, and it provides good visibility. I've never used it for just one endpoint.

Orbital Advanced Search helps in reducing the attack surface and investigating real-time data on endpoints. I've only used it a handful of times, and I was mostly looking for whether or not an update has been applied.

Orbital Advanced Search definitely saves time. I assume money goes right along with time. I don't have to go from desktop to desktop. I have 50 desktops, and if I'm looking for something in particular, it would take at least 15 to 20 minutes per desktop.

We use Cisco Umbrella. The integration when you use the SecureX console is really good to go from one to the other. I have pulled the endpoint and Cisco Umbrella into SecureX, so I just have one console. It was easy to integrate. They provided really good instructions. This integration just made things more convenient.

It simplifies endpoint protection, detection, and response workflows, especially for threat hunting. The way it is set up, with the console, I would get to know quickly that we have an issue. It increases operational efficiency because I don't have to go from desktop to desktop. I'm also proactive instead of reactive.

It has minimized security risks to our business. I've had several desktops where they have triggered an alert, and all I had to do was to go and clean that machine out before the problem spread. 

It allows us to focus on the incident instead of investigating the group, so we are more efficient. It has decreased our time to remediate because we're focusing on the machines we need to.

It has decreased our time to detect. I can't quantify the time, but in some of the older antiviruses, the user would say, "Okay, I've got a pop-up, and it has flagged this or that," and then you'd have to go look for it. With this, I know ahead of time, or I know when it happens. 

We use it as an antivirus. The audit logs are valuable. 

It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.

It is quite comprehensive in terms of endpoint protection. I haven't found anything where it was lacking in terms of the protection of our Windows machines.

While I've attended a lot of their training webinars, they were mostly high-level. They just say that these are the feature, and this is how you access them, but I would like to see more scenario-based information. They should provide us examples of how to resolve something when we see something happening. They should give us an example of the flow on how to resolve it.

In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through.

I have been using this solution for about a year. My company had it for about a year and a half before I joined.

II haven't had any issues with it except for a connector issue. They quickly put out a new one and got rid of the problem. So, it seems to be really stable, and they seem to be reactive when there is a problem.

It is good in terms of keeping the machines updated. It is easy to get it installed on the desktop and keep it updated. We have a little over 100 users. They are administrators, project managers, field supervisors, engineers, and sales and support staff, so we have quite a mix.

We have deployed it on all desktops and laptops currently. I am going to start looking at adding it to mobile devices. Currently, we only have Windows machines covered. We are working on getting it set up on the Mac mobile devices. So, eventually, we will have a lot more depth than we have now.

I never had to reach out to them. So far, I have been able to find the documentation that I needed.

I've only been with the company for a year. They had it when I got there, and we haven't changed anything since then.

I've used McAfee and Norton, and it does much better than them.

I wasn't involved in the initial setup. They did that before I joined the company.

Its maintenance is done by me. I'm the only IT person. It is not a large company, so it isn't a bad thing.

It is kind of hard to say what would have happened if you didn't have it. We've got a very stable environment, and it seems to be doing its job. So, I assume we're getting a return on investment.

The pricing was negotiated before I started, so I don't really know.

I would advise others to take a real hard look at it because it is a good solution for companies of our size. I like the fact that it is managed in the cloud. I don't have to maintain a server presence. It is easy to use. It was a bit of a learning curve to start with because I was completely unfamiliar with it. I just dug in there and figured it out. Its documentation is fairly good.

If you go through SecureX, everything is right there in terms of user access and device protection. This integration is nice, but so far, it hasn't really saved me any time. It may in the future.

I believe it makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform, but I never had to do that.

I would rate Cisco Secure Endpoint an eight out of 10.

We needed an endpoint security product and this was the one that we chose. We also use Cisco Umbrella, which fits in neatly with the endpoint as endpoints are moving, more and more, out of the office now. Traditionally, it's slightly harder to manage that, so we use Cisco AMP and Umbrella on those endpoints to secure them.

It's almost entirely on-premise. Although there are some small cloud installations where we use it.

The fact that the solution offers cloud-delivered endpoint protection makes it simpler to use. Historically, Cisco's appliances have been relatively expensive and that has been a block to Cisco getting into the SME space, which is our particular focus. Having it cloud-based, where there's no cost, as such, to get the deployment running, has made it easier to sell to small businesses. We've got AMP installations with as few as two users. In the past, with Cisco, we would never have been able to deliver into that size of business without some sort of cloud for delivering it.

It also has a neat web interface that allows us to access it simply and therefore more people are able to manage it, rather than it being a specialist product. We're able to give it to more junior people on the helpdesk and they're able to determine quite quickly and simply what the state of the environment is and, if needed, escalate it to more senior people if they believe there's an issue. That's worked well for us.

We had quite a large client that had a partial AMP installation only covering key assets, and they were hit by ransomware. It was only Cisco AMP that showed where the problems were. The rest of the antivirus that they had across the estate was completely ineffective. AMP was intact and it gave the engineers the vital information they required to remediate the problem. With all attacks what we're interested in is knowing what was "patient zero," where the problem came in, and where it's spread. That can be a challenge sometimes when you've got multiple devices in a network and you're looking across a large number of PCs to work out who was compromised first and, therefore, what the course of action is.

It has decreased our time to remediate. In the scenario of the client that was hit by ransomware, effectively, none of the endpoints were compromised. We were able to detect what the issue was via the AMP client, which discovered and alerted us to what the actual problem was. We then had to do a cleanup process on the remaining. It certainly showed its value to us and the client in that particular incident. It is hard to say how much time it saved us, because in that particular incident they only had a limited deployment. It actually took six man-days to solve the problem, but it didn't affect any of the AMP clients. It arguably could have taken even longer, had they not had AMP deployed on at least some of the assets. It's very simple: If they had had AMP on all of them, they would have probably avoided the problem in the first place. And they certainly wouldn't have needed six days to actually resolve the issue.

Cisco Threat Response accelerates Cisco Umbrella security operation functions. The abilities of Talos are definitely one of the reasons we bought into this as a product. It enables us to react more quickly. We're relying on Cisco providing that updated information in a timely fashion, and that obviously has a knock-on effect on our ability to support our clients if they've been compromised. That ability to push information automatically into Talos and their environment and then prove it's a problem or otherwise, and then update the system automatically, saves us an enormous amount of time. It gives us a lot of confidence in what we do, because Cisco is able to update things and do that part of the function for us, rather than our relying on in-house skills to try to determine what is good and what is bad.

We use it internally, in our business, to secure us, as we are an MSP, which means we are at particular risk. Obviously, we have a duty of care for our clients to ensure that we take the utmost responsibility and steps to secure our businesses and, in turn, secure our clients' businesses. The Cisco suite of security solutions definitely gives us a great deal of comfort that we are doing that. Relying on Cisco for those updates certainly takes a load off my mind, knowing that we've got the backing of Talos across the suite of products. We feel, with all the steps we have taken, that there are very few gaps in our security.

The solution has also made our team more effective by being able to focus on high-value initiatives. We have it integrated into our helpdesk system where it alerts us of things that are of particular concern. That minimizes the amount of time that we're looking at non-threatening situations. A lot of these systems can throw up an awful lot of information and you can end up spending an awful lot of time looking at things that aren't an issue — false positives. If we're able to target things more accurately, it helps us focus that high-cost engineering resource more accurately. It does save time and money.

Cisco AMP has definitely decreased our time to detection, relative to where we were with previous products. Before this type of next-gen solution, we were relying on things like antivirus, which is pretty poor and didn't produce much in the way of protection, certainly around ransomware and other things. We were relying heavily on perimeter protection, like firewalls. That was, of course, completely ineffective when people took their laptops home. The risk was great and we saw more people bringing problems back into the business. The AMP and Umbrella combination has made life a lot more secure and enables us to deliver consistent policy, which is the other important thing. When people are in our building, we've got a reasonably consistent policy because we have greater control. But the minute a person leaves the building and connects via a phone or at an internet cafe, we lose most of the traditional protection we had. The endpoint becomes everything.

The decrease in time to detection has been significant. It's very hard to put a percentage to it because, before it, we were often blissfully unaware that devices had a problem at all. It's given us visibility and we are much more effective. I'm guessing in terms of what it saves time-wise, because it's given us visibility that we otherwise didn't have, but I would say 80 percent, if I had to put a figure on it.

It has a number of valuable features. One of them is its ability to look across the estate. If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that.

It has worked well where there have been compromises of clients and the software has automatically sent a sample to Cisco. Cisco has very quickly turned that around and an update has been issued and therefore, within an hour, all the devices are protected against it. We've been quite impressed with that.

We're a Cisco-centric organization. We use things like Cisco FirePOWER, the Next Gen features, as well as Umbrella portal and AMP. We've got a SIEM solution and we see all the events. It gives us a very good overall view of what's going on, very quickly.

We get all the alerts fed in centrally and it enables the security team to act upon them quickly. The alerts seem to be high-quality. We don't get an awful lot of false positives. With the dashboards it's clear, and you can understand quickly where the issues are, with instant responses.

The tools provided by the solution to help you investigate and mitigate threats are very helpful too. I'm the person who manages the engineers, so I don't use it on a day-to-day basis. I use it to get an overall view of, and a feeling for, where our various clients are in terms of issues: How secure they are, whether the engineers have been acting upon threats, etc. But our engineers like the product very much. The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious.

All our engineers have been very impressed with the features that it delivers and the fact that it has been low impact on the endpoints. It hasn't caused us any problems with performance. Generally, it's a very well-liked product amongst the engineering team.

Some of the dashboards don't always populate with data. Most of them do, but some of them don't. 

Another issue for me, that would be the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal. If I were Cisco, that would be my greatest focus of all because it would be of such great value if I could give one pane of glass to an engineer and he could look across all the Cisco products. 

The other thing I would say to Cisco is they need to move more to a consumption model like Office 365, because I want to be able to sell it and deploy it by just adding things on to a particular client.

For example, you set a client up on the AMP portal, which I'm looking at as I speak. I have X number of clients. If I need to sell or deploy Umbrella, I've got to go through a completely different process and enter exactly the same sort of thing. I've got to create the client somewhere else, I've got to put the information somewhere else, and I've got to run the deployment from somewhere else. Whereas with the Office 365 model, I'm able to upgrade packages and add features and functionality all from the one place. That is an incredibly powerful selling tool.

The other area for improvement is to make billing simpler. The billing process for us is hard where we've got those two users. We've got to create a separate bill for those clients and we have to create a separate report to Cisco to say that we're billing those clients. Anything they could do to make that billing process more seamless would be of great value. If they could almost automate it, so that it is something that links in with accounts packages to make the billing process neater, it would help promote the sale of it and make it more profitable to sell. If someone deploys AMP For Endpoints on a client, at the moment that process is very disjointed. We've got to do a check once a month to see how many deployments there are relative to last month and, if we had to add one, we not only have to bill an extra one but we also have to buy an extra one from Cisco. And all that is manual.

I have been using Cisco AMP for Endpoints for three years, maybe more.

The stability is very good. We've had no issues with performance or things crashing. That aspect has all been very positive. When doing as much as these products are doing, it can create quite an overhead and take a toll on the performance of PCs, but we have had none of that kind of experience.

We are predominantly a Microsoft environment. I'm aware that it supports Mac, but I don't think we have any installations across Mac environments at the moment. From a Windows standpoint, it works very well. It hasn't caused instability. It hasn't affected performance in a negative way. All those things are really positive, given what it's actually doing.

Without any question it's scalable. We've got it on as few as two, and as many as 250 or so clients. We don't have any questions about scalability.

I've not personally used any support around this solution. I don't think we have needed to from an implementation perspective. It's all gone smoothly.

We used Sophos in the past. We're replacing it, so when the renewals come up we replace Sophos with AMP, wherever possible.

The initial setup is quite simple. We needed a method of delivery and that's the hardest part. But the deployment and the actual tuning of it are relatively minimal, so that has been a good experience. We didn't have to mess about with performance tuning, whereas with other products we have to do quite a lot for excluding this, that, and the other directory, to make sure the performance is reasonable.

If it's a small environment, it's quick to set up because we've got closer management. But in bigger environments, we bump into the challenge — and this is not an AMP issue or an installation issue — of people who are away, or people who haven't restarted their machines. Those sorts of little things tend to be the things that are a little bit more of a pain to get the final installation done. But the rollout of AMP, per se, is quite straightforward. The setup time of AMP isn't an issue and it is quite acceptable. These types of problems would exist with whichever product was chosen.

In terms of an implementation strategy for this product, our security team is very comfortable with rolling it out. The sales process is that we define the client's needs, the number of devices that they intend to secure, and that goes to the security team to coordinate and roll out. That's a reasonably templated process now for us.

In our company, the security team is comprised of four people, and they are the people who primarily look after and manage the products. We also have a deployment team, another three or four people, who are the people that would ultimately push the client out to the various devices that need it.

Certainly, from a protection standpoint, we have seen ROI. It's doing what we want it to do and it's protecting us and the clients who have it installed. Neither they nor we have been compromised and that's the greatest testament of all.

We use the MSP model, so we're able to pay as we go. We report usage based on the actual usage, which is very handy. The old model of Cisco doing it was dated and archaic, and that goes for most of their products. The previous way they did it, which was that you bought something upfront for a certain period, was terrible because of the actual process of updating it. It wouldn't scale down and it was very hard to scale up. When you added users to the system, it wasn't easy to then add licenses to that particular agreement. It was really difficult, in fact; difficult to the point where we stopped selling it in that model, because it was just too problematic.

For example, if we had a user with 10 devices and they bought some more devices, so it went to, say, 15, getting an extra five licenses within their agreement was immensely hard. To me, the only way forward is the MSP model.

We looked at a number of different solutions: Carbon Black, Cylance, Sophos Intercept X and we liked the Cisco AMP solution over those products because it fit in neatly with the rest of the Cisco portfolio. We believe that the management of the various security products fit better with one manufacturer, rather than picking various manufacturers to try and manage a security solution.

The integration of Cisco Threat Response with Cisco Umbrella is getting a lot better. What we like, across the board, is that the solutions are backed by Talos, and Talos is the largest, independent, security-research and threat-hunting organization in the world. We like the fact that the protection is spread across the Cisco environment. That's where this set of products wins when compared to other vendors. It's not that other vendors, like Carbon Black and Cylance, aren't delivering good products. They're just not doing the whole suite. They're not providing the firewall, they're not providing the CASB solution like CloudLock. I'm not sure if they're doing DNS filtering yet; a lot of vendors are catching up on that. But effectively, when you get a known issue, Cisco have the ability to roll it out across a suite of products and therefore you get protection very quickly. So if you discover a problem in Cisco Umbrella, they can update that threat, where need be, in AMP. That's quite a unique selling point for Cisco.

It's very simple to deploy, doesn't cause much in the way of management overhead, and does what it suggests. I would have no hesitation in recommending it. We obviously do, as we're selling it and have been using it for a number of years.

AMP for Endpoints has Endpoint Connectors, which are agents on the endpoints, providing security against malware and intrusion detection. It also provides intrusion prevention. We install the Connector on all the endpoints before they're deployed and also on our virtual desktop images. They provide constant monitoring and alerting on any events or potential threats to let us know when there is something going on that we can further investigate.

AMP intersects with a bunch of other Cisco tools, such as Threat Grid, Threat Response, and Talos Intelligence to identify threats, then automatically quarantine or remove them. It also gives you the ability to isolate endpoints to prevent further spread of any sort of malware, like a virus that might infect other machines.

The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it.

The solution’s actionable alerts in the security console are granular. They take you right to whatever the incident was so you can start investigating it. One thing that I have noticed lately, as we have spun up more tools associated with our Enterprise Agreement, is that AMP interfaces with all of them, then takes on some automated actions. One of the things that AMP allows you to do if there's an incident, it gives you an alert. This is because a threat was detected. You can click on the threat that's detected, then it takes you right to it in the timeline. Finally, you can pull/fetch the file and submit it for analysis. However, it will also do that automatically.

Cisco is standing up so much stuff right now. This solution interfaces with Talos Intelligence, Threat Grid, Threat Response, and SecureX. All of these things are integrating together and a lot of stuff is now starting to happen automatically, e.g., if a threat is detected, it is automatically interfacing with Talos Intelligence to figure out what that threat is and the hash value of whatever file that is. If it thinks it's suspicious, it automatically submits it to Threat Grid, which detonates the file in the sandbox, but also in the cloud, and returns a report saying whether the file, or whatever it is, is an actual threat/incident. Then, it remediates and quarantines it, and you find out about it later. It's doing a lot of stuff in the background as the integration with other tools increases.

Cisco Threat Response accelerates security operation functions. It gives you great visibility into your network. You start with a hash value, and you can search for that hash value within your environment by just dropping it into Threat Response. Then, it'll show you how that file has interacted with other files, systems, and devices. It gives you immediate visibility with a chart that shows you where that file has gone and where it's been. If you're looking to contain outbreaks, it's all there.

Cisco AMP simplifies endpoint protection detection and response workflows, such as security instigation. It really shortens the window to respond to an incident. You can do something in five minutes that probably would have taken several days in a big, diverse, ambiguous environment, where you have a lot of people working remotely. It would be tough to run down all this stuff. It is saving not only time, but manpower. Another person plus myself can now fix a problem. Whereas before, I would have to crawl through four or five different people before I got the right guy to get to the right place to do the thing that I needed him to do.

I like all the features. They're continually adding features to the product as well. One of the most recent features that they added is Orbital Advanced Search, which gives you great visibility into each individual endpoint. If you need to go look and see what's going on, it gives you that ability very easily.

I've only used Orbital Advanced Search on individual endpoints. Unless what I'm looking for is of great urgency, then I don't want to run very complex queries because they can take a lot of time and use a lot of resources for the endpoint. I'm still getting used to it so I don't know its full capabilities, such as, what it can do without interrupting the use of the endpoint. However, if the endpoint is compromised, it doesn't really matter. If I'm just investigating an incident, I don't want to lock the box up if a user is still trying to use it while I'm trying to figure out what's going on.

The Orbital Advanced Search is a great tool that gives you visibility. Otherwise, you would have to track down the device physically and possibility even do a forensic image of it to figure out what happened, or take it out of the environment just to investigate it. Having the ability to use Orbital to get the information off of a device to determine whether it's legitimately compromised, or if something weird is just going on, shortens the timeline of your response because you have immediate availability and visibility into the device that might be compromised.

Orbital helps reduce attack surface and investigate real-time data on our endpoints. For example, a device alerted in AMP for having a potential browser hijacker. At the same time, the user was also opening a help desk ticket because they were unable to access some online resources necessary for them to be able to work. I was then able to get on the device using Orbital (out of AMP) to locate the device and figure out what was going on, and it was a legitimate infection of a virus: It was a browser hijacker. All that happened in the span of five minutes, and I was able to get one of my guys out there to remove the device from our environment, reimage and replace it with another device.

I was able to figure out what was going on with that device in the span of five to 10 minutes. Then, I was able to have a guy onsite within the next three hours to get the device out of our environment. Previously, that would have taken days to figure out what was going on with the device, remote into the device, and find out where the device was physically, then get somebody to go to where the device was physically and pull the device out of the environment. That used to be a much longer process, and the longer that you have a threat risk in your environment, the riskier it becomes.

One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned.

The solution’s endpoint protection, in terms of the operating systems and devices that it protects, is pretty comprehensive. The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on. 

It's a rapidly evolving product. Every time they turn on a new feature, you're going to have glitches. Recently, they put out a bad version of a Connector, but they put out a new version of a Connector every other week it seems, so they pulled that back and put out a new version.

About a year.

It is very stable. I haven't noticed it being unstable. It is what it is and does what it does.

On a regular basis, we have four or five network security engineers working on its deployment and maintenance.

It is easily scalable. It's a simple deployment. You can push it out through any sort of desktop management system that you have.

Because we're a hospital, some things (like an imaging device) will not be using the solution as it may stop the imaging software from working. As far as endpoints for regular people who are not doctors using nuclear medicine imaging computers, it is pretty much on all those devices, including all of our virtual desktops. We have about 5,000 endpoints.

Their technical support is excellent. I often wind up working with the same people who are responsive, knowledgeable, and available to do live troubleshooting and analysis. They also do a great job of teaching you things that you otherwise wouldn't know about the tool.

We still do use System Center Endpoint Protection (SCEP). I am in the security group, and there's an infrastructure group who deploys the desktop. As part of their deployment, not only do they include AMP, they also include the Microsoft tools of various types.

Mostly, AMP affords us utility and visibility. Whereas, we had very little control and visibility into other tools because they weren't ours. we didn't have such great access. For endpoints, it's really been great for us as far as having that level of visibility and ability to control what's going on. To not only have the responsibility for security, but the ability to provide security has been the big deal for us. We didn't have such great access. 

When we only had the SCEP solution, we would get alerts but that would be it. We wouldn't have access to the tool to get more information from it. This left us sort of trying to troubleshoot the device in a vacuum without understanding what was going on.

The initial setup was straightforward, easy, and quick. When we first started testing and deploying it, we were installing it on individual machines ourselves. It's just a matter of downloading the Connector or having the URL to the Connector that you just run on the machine. All you need is local admin rights and it takes about five minutes. That's it. 

In our testing environment, deployment was probably a month or two, because we were just testing. Once we felt comfortable with it and started deploying it, we gave it to our desktop engineers because it's an integral part of the image that gets installed on every machine. Therefore, for our entire environment, it probably took a total of four months, since three months were for testing.

Initially, we deployed it to individual desktops for testing. Then, we incorporated it into the standard image deployed on all desktops, laptops, or endpoints.

We have absolutely seen ROI. The way that it is starting to integrate and work with all the other Cisco products, as far as the ease of use, visibility, and being able to respond to incidents. We can know if something bad is potentially happening instantaneously and prevent it from happening. We can go to a device and isolate it before it infects other devices. In our environment, that's millions of dollars saved in a matter of seconds.

The solution has made our team more effective and productive.

The solution has decreased our time to detection because we are getting alerts letting us know that something needs to be looked at. Now that it's integrating with all these other tools, it's automatically submitting files for analysis to determine whether they are dangerous. Up until about two months ago, I would get a bunch of alerts about certain files. For example, I used to get alerts about a machine having a file, then I'd have to fetch the file and submit it for analysis. That stuff is happening automatically now. So, I went from about 100 or so odd alerts a week to around five because everything is now happening on its own.

We have an Enterprise Agreement with Cisco for a bunch of tools. This is one of them.

The Enterprise Agreement is like an all-you-can-eat buffet of Cisco products. In that vein, it was very affordable.

We looked at a bunch of different things. We looked at Carbon Black along with two or three other of our tools that we didn't really have any control over. 

Cisco AMP came as part of the Enterprise Agreement with Cisco, so it was included. This made it much easier to spin up and use.

You need to look at your exclusions. You need to understand everything you have in your environment that needs to be able to operate. Because one thing AMP does, if doesn't know what a file is, it will go get that file and isolate/quarantine it. That file might be part of another software platform that's needed to function for whatever it is you do. Chances are you won't have any visibility into whatever that platform is until it stops working, because AMP has quarantined one of the central files for it. Knowing what you have in your environment, what the exclusions are, and how to create and apply those exclusions for those other systems is a key piece.

I think that AMP is really effective in isolating and stopping things that it doesn't know. This is probably good because you don't know if a threat is really a threat until you get a chance to look at it. AMP gets out in front of that. This can cause problems if you don't know that you need to have an exclusion, but you're better safe than sorry.

We are using Cisco Email Security, Cisco Firepower, Cisco Talos, Cisco Threat Grid, and SecureX. We have not stood Stealthwatch up yet. We are refreshing our ISE instance. The integrations across the board have really been a multiplier for each tool individually, and certainly through AMP. It's really launched AMP into another level far as automation is concerned. The integration of all these tools is seamless and very effective.

I would rate it an eight (out of 10). It is all still a work in progress; it is all still a new thing. Not only is the tool itself a new thing, but how the tool integrates with all the other tools. It's in development.

My company uses Cisco Secure Endpoint for its endpoint security and firewall.

The most valuable feature of the solution is that it protects our endpoint devices, especially the running ones, and it is useful since we have chosen the cloud version of Cisco Secure Endpoint.

Integration and dashboard are areas with certain shortcomings in Cisco Secure Endpoint.

I would like Cisco Secure Endpoint to have a better dashboard and integration with different software solutions in future releases.

I have been using Cisco Secure Endpoint for around four years. I am using the solution's latest version. I am an end user of the product.

Stability-wise, I rate the solution a nine out of ten.

There are no issues or drops in the solution's performance.

Scalability-wise, I rate the solution a seven out of ten.

Around 400 people in my company use the solution, most of whom are security administrators.

The solution's technical support was helpful. We haven't needed any support for four years now. Whenever we contacted support, we used to get a quick response, especially when it was for some issues related to the firewall or the upgrading part of the firmware. I rate the technical support a nine out of ten.

Positive

We use a different product for DNS. I have previously used Fortinet. I use Cisco for our data center, while I use Fortinet since it provides an SD-WAN solution.

The solution is deployed on Cisco Cloud, which is a private cloud.

My company opts for an annual subscription model to pay for the solution's licensing cost. It is a product that is priced reasonably. 

I rate the pricing a five or six on a scale of one to ten, where one is expensive, and ten is cheap.

I chose Cisco Secure Endpoint from a security standard and integration perspective. I believe Cisco is the business leader and is a highly scalable solution.

The vendor from Cisco takes care of the maintenance. We need three people to take care of the tool in case of crashes. From the dashboard, we come to know about everything related to the endpoint. You can take action unless it is not the physical hardware to which something wrong has happened, especially if something wrong happens to the operating system.

I would definitely recommend the solution to those planning to use it.

To provide endpoint protection, I feel the product should be speedy enough to detect malicious programs and trojans. There are a lot of tools that are not acting as signature-based but as behavior-based antivirus. Cisco Secure Endpoint is required, especially if the customers don't have a sandbox.

Overall, I rate the product an eight out of ten.

Being the primary AV/IDS within the enterprise, we have the solution deployed across multiple platforms including workstations, servers and Operating Systems.

The solutions conveniently integrates with other existing on-prem and cloud application will relatively minimum to stand up, using APIs and security best practices.

Most out-of-the-box features are either being utilized or pipelined to be deployed going forward, including MAP, ETHOS, SPERO, Exploit Prevention, SecureX, and Tetra which serves as an offline definition repository for workstation who are unable to pull definition updates using the default Cisco AMP cloud route.

It has been effective as the primary AV tool.

The visibility, dashboard and the navigations gives pretty decent insights into threats, IOCs and endpoint events to help with proactive monitoring. Deployment and connector upgrades are straightforward with available technical documentation for most scenarios.

AMP simplifies endpoint protection, detection, and response workflows, like security investigation, threat hunting, and incident response. By using the solution, we've been able to divert attention towards of the tasks, saving us significant time and effort. It has also served as a one stop shop for endpoint anomaly detection and proactive protection, thwarting the need to gathering inputs from various applications and having to compile that data into one relevant result. It has obviously minimized security risks to the entire business, most importantly, endpoints, servers and other crown-jewel assets. 

Recently, we have engaged the vendor regarding optimization, bug detections and extended features. Identity persistence, a feature request that was recently granted for instance gives virtual and physical devices deployed using gold image the ability specify an Identity Synchronization option. This persistence feature can apply by MAC address across business, by MAC address across policy or by host name across business.  

Speaking of scalability, integrating with other Cisco products, secure email, network, SIEM, API, open source and a number of selected proprietary applications have been encouraging.

Of all valuable features, these are worth mentioning:

- CI/CD pipelining and feature prioritization by actioning on user requests/ identified bugs, releasing connector upgrades, and deploying console upgrades for better usability

- Subscription functionality where console administrators able to Subscribe to receive immediate alerts(digest) on specific or group of monitored workstations

- Identity and access management capability within the console that allow administrators the ability to drill down user visibility on a Role based access control, limiting access to policies, groups, exclusions, and other controls

In terms of operating system compatibility, the coverage is almost in its entirety. Integration and deployment to Windows workstations, Windows servers, Mac, Linux and mobile is seamless

Being a unified AV engine, AMP conveniently delivers both Intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) capabilities with a specialty in cloud-delivered protection, next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR)

Like any other security tool, there's always rooms for improvement. Some of the ways the product can be improved are:

- Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario

- Since customers do not have the ability to allow or decline console updates, there have been a number of instances where the console GUI appear buggy and functionalities do not work correctly after an upgrade. This can be improved by informing customers prior to the upgrades.

Other additional features that should be improved in next releases include:

- The dashboard is great for quick visibility prior to deeper dive, however, making the dashboard more customization will improve interaction, grant the ability to filter out irrelevant outputs and encourage personalized drill-downs based on daily requirements

- Integration with enterprise monitoring applications and ticketing systems that differentiates noise, forwards events, generates tickets and have them automatically assigned to application owning group.

I have been using Cisco AMP for Endpoints for about three years, this is inclusive of my prior assignments before being the SME for the application within the firm.

Stability is below average. There have been several issues with frequency of release, feature release and wait time for overhanging time-bombs. 

From a customer stand-point, these released are aimed at fixing known bugs from last release and introducing new features either in beta or live versions. However, this means that an enterprise  running 50K+ endpoints need to go through the rigors of setting up test/dev/qa/pilot then production for iteration, so as to limit the blast radius. 

This can be tasking if as the frequency increases.

Long story short, Cisco AMP is scalable. Having used the product as a 'demanding' customer, I can attest to the availability of proper technical documentation and seamless integration with existing application, infrastructure and appliances 

- Vendor needs to understand a one-size-fits-all approach will not work with addressing TAC cases and service requests. For "once in a blue moon" cases, most approach still sound like the engineers are acting off of a runbook. In this case the recommended solutions will not totally align with the scenario. Also escalations can be more flexible, for instance, certain case priorities (P2, P1) require phoning in, which can be fuel to an already burning bush. 

Neutral

From my understanding, initial setup was tasking with various gray areas. For a new customer trying to set up AMP, there is room for improvement. 

The initial deployment happened prior to me joining the organization, based on my interactions with the application deployment team, the effort took months.

Customers can get better during product's initial setup if vendor provides documentation that suggest important objectives like naming convention, default config and collection of product's best practices

In-house

AMP is worth the money. In recent years, we have spent less time/money and require lesser  human resources for task completion. On the higher level, this has saved the firm the need to hire more security engineers to manage the application, reducing overhead cost.

A discrepancy with  the number of assets per license should be reviewed to apply based on preference or number of endpoints versus ranges.

Compared to other competitors, there's a significant price difference, although different applications tend to focus more on different cybersecurity functionality

It's been really interesting working with the application, going from 5.X.X connector versions up until 7.X.X. As previously highlighted, there are numerous ways to improve the products. Working with the engineers in previous cases, there is the zeal to improve and an attitude that embraces change

We use Cisco Secure Endpoint as an antivirus on computers. That is one of the important use cases that we have, as an antivirus.

[It has helped our organization] tremendously. First of all, because we are always on-point in terms of our solution. We are proactively looking into the alerts and Cisco Secure Endpoint is already taking care of looking into it, provisioning it, and fixing it. All those three stages are done by the software itself. We are only looking at in terms of what the statistics look like. That really helped us. 

Because the solution is taking care of itself, we get the chance to research more on the other side of it rather than focusing on the problem. The moment a problem is there, Cisco Secure Endpoint is already working toward fixing it. That really helps us. I can go home and have [peace of mind] at home, not thinking about whether the next attack is coming and I have to wake up in the middle of the [night] to figure out what's going on. That really helps in a tremendous way.

It has easily [helped us save] hundreds of hours in a quarter. We are definitely saved because of this solution.

Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world. Cisco Secure Endpoint gets the information from it. We do get knowledge about all the attacks going across the world. Because Secure Endpoint has a connection to it, we get protected by it right then and there. Rather than our looking for it, and finding out the information, the software does it for us without our having to get in between. That is really an easier way of fixing a problem. Before, we would manually have to look into it. That really helps us. It's taken care of in a way.

Because the software is doing such a good job, we barely have any recommendations in terms of what can be changed. [However], at this moment, in terms of integration with other software, that could be helpful. 

And in terms of the user experience, if the UX design could be much simpler [that would improve things]. Because I'm an engineer, I understand what I'm looking at and [for me it's] intuitive in terms of what is there and what is not. But [if] another engineer or someone at the management level or C-level is looking at the portal of the webpage, if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something. If they could improve [on that], that would be great.

I have been using Cisco Secure Endpoint for more than four and a half years. It's been quite some time.

The stability of the solution is definitely a 10 out of 10. I have no problems with that at all. It's consistent across the board and that's perfect.

The scalability of the solution is really good with SecureX, which is an integration platform. All the other tools are coming together, and that really helps us to scale. I don't have to jump through to different windows. I can see everything in one place. That has really helped a lot since SecureX launched a couple of years ago.

Cisco tech support has been really good because they have a chat tool in the portal itself. If there's an issue, we can reach out to them right away. It's pretty quick and easy because the support itself is built in right then and there. I can connect to it whenever I want to, which is really nice.

I can't rate them at 10 out of 10, nothing is perfect. I would say nine for sure. We all can improve.

Positive

In the beginning, we had previous software. It was like the old way of seeing it, looking for the signatures. By the time we faced a problem and were trying to fix it, it was already too old. We were just not on top of it. It was becoming more of a reactive solution, rather than a proactive approach to fixing the problem. That was the main, driving force for us to find a solution that can be more proactive rather than reactive.

The antivirus software we used previously was facing a lot of issues with the signature downloads. Antivirus is looking for the signatures, to see if [there is] the respective problem, and trying to match those signatures. This is such an old way of doing it, which was [being done] for quite some time. 

Secure Endpoint has become a real game-changer in that field because it's a cloud-based approach, and we are already talking about getting signatures, not only for our organization, [but for] attacks [that have] happened to other organizations. We also get that information and we get protected already, without even having to intervene in the process. That really helps in many ways.

Previously, we were using Sophos antivirus and we replaced it with Cisco Secure Endpoint, which was previously called AMP at the time.

I believe we first we did it through our management console, our deployment software that we use to deploy it, for the first stage, to reach our different computers. And once that was done, we are managing the updates to the respective software through the cloud.

The deployment was easy. But the only reason it was easy was because we already had a deployment solution ready for it. If a new company wants to get this product, and they don't have any management solution they can use to deploy this software, that can be a challenge. 

A recommendation [for Cisco would be], if they can come up with some deployment process—I understand that's not the priority of the tool itself—but if that can be done, that will be good. 

But if a company already has a deployment solution that can be used to deploy the software across other computers, then the transition is pretty easy.

Honestly, [the deployment] is a one-man show. That is also a really good point about it because it can be done by one person all the way. It does not take too many people for you to get the ball rolling, which is a great part. And that really helps us because one person can handle the whole process.

I'm a senior network engineer with a security background, so I do know what I needed. But a senior help desk engineer can also get this thing done. You don't have to be a senior network engineer or [have] any higher degree in software to understand the product. That is really good about it. Any new person who is just trying to get into the field can learn about it and get going with this process pretty quickly. It's pretty user-intuitive.

Because we do see the value of what it's bringing, I think they have priced it well. I understand we have to go through a different licensing process to get this solution, but at the end of the day, the headaches [associated with that], if you were to put it into some kind of a number, it's priced completely reasonably and well as a product. You cannot contemplate the amount of time it takes, sometimes, to fix a problem, and that's already too late. I feel the value of the software is reasonable for what it does.

We looked into McAfee back in the day, and Windows Defender, and all different [kinds of] antivirus software, but we end up landing on AMP because of that connectivity with the cloud and instant connection to other resources. That really helped as the driving force to select this as our tool.

We use a lot of Cisco products to integrate into our services for about 160 customers in healthcare, local government, and social housing.

We are using tons of Cisco products. Besides all types of firewalls, we are using IronPort for email. We are using a lot of networking products as well, in which security is also embedded. We also use the SecureX platform to leverage our security automation.

We have about 160 customers, and each of these customers has its own compliance, set of rules, and governance. So, the use cases might vary, but it's all about keeping them safe on all levels; on a technical level, on a tech framework level, and also on a personal level. We try to prevent our customers from doing things that they didn't intend to do as well. The use cases vary, and we embed them in all our services and also in our security operations center.

Most of the customers don't even know that they are more secure. It's like they expect to be secure, but the moment we have a big threat from the outside, they will see and they will know that we are far faster and better able to protect them and react to threats from the outside.

Cisco Secure has saved us time, especially the SecureX platform has helped us to automate certain processes and do analytics. That prevents us from taking each individual part of the logging. They have the intelligence in there to do the first check for us, and that saves a lot of time.

There is a reduction in operating expenditures but not only from the Secure perspective. Our full stack is based on Cisco, so we leverage the full integration part of that. We have our compute, we have our networking, and we have our security, and that makes it easier because you have less interfaces with different products.

From a technical perspective, I would rate it quite high for securing our infrastructure from end to end. From a behavioral perspective, in terms of the end customers leveraging it, there's still a little bit of work to do because we need to help the end customers to be more aware of what they're doing. On the endpoint for a user, they don't exactly see what is happening. From a visual perspective, you also want to have a feeling that you're safe or you get some tips or tricks to be safer, but for the most important part, which is the technical part, I would rate it very high. We really trust Cisco.

The best feature that we found most valuable, is actually the security product for the endpoint, formerly known as AMP. It has behavioral analytics, so you can be more proactive toward zero-day threats. I found that quite good.

I'm also a big fan of Talos, which provides us with a lot of insights to react faster. We also created our own toolset to embed Talos input to the Cisco products, which was not a native function, but it's being enhanced right now in the new Secure and SecureX platform.

On the firewall level, they were lagging a little bit behind, but they are running up again. I have full trust in the new 3000 series of firewalls where we would also be able to look more into the traffic that we're monitoring and get more security layers in our services. That would definitely be a big step.

We have been using Cisco since we started the company in 2002. At the time, it was not branded as such, but security is embedded in every Cisco product.

I'd rate them a nine out of ten because we still had to do things ourselves. After they had done them for us, if it was just one click on a button, then I would've given them a ten. 

Positive

We were using different products before, but we made a strategic choice to use the endpoint protection part. We're very happy with this part because it works on all types of devices and all types of endpoints—not only the user endpoint but also the networking endpoint and a lot of server platform endpoints as well. That was a primary reason, and obviously, the cost or OPEX was a part of the strategic choice to do so, but the most important part was that it had the behavior analytics part in there, so we could be more prepared for zero-day attacks.

I was only indirectly involved in its deployment. As a board, we do look at the choices that we are making, but the real firm choices are made by our chief technology officer, our corporate information security officer, and the people in the operations. However, at the board level, we always look into what are the benefits and what are the costs, so I was involved indirectly, but I was not the one who made the decision.

The deployment of Cisco Secure solutions is a little bit in the midst. Because we had such a big install base, we took a lot of time. It was a program of approximately one and a half years. For us, it was a tough project. Was it tough because of Cisco? I don't think so. It was tough because it was such a big install base.

We handled it as a project. At first, we had to explain to our customers that we are going to use another product and why. We had to do a lot of marketing and communication beforehand. We had to train our people and our resources. We had to fix our automation. We also had our implementation plan per customer because it does impact the performance at first because it has to get to know the infrastructure and it has to get to know the services. After that, it all worked out well, and we are continuing to do so because this is a never-ending project. There are still new releases and new features. It's embedded continuously in our organization now. It's sort of cyclic maintenance.

We do not measure that on a product basis. We have a growth rate with a company that lies between 15% to 30% each year in our services and profits. It definitely adds to that as well. It's year-on-year, so we're doing quite well, and it's partly because of Cisco.

It can always be cheaper.

We only had one real runner-up, and it was Microsoft Defender, which is also a good solution, but it's less integrated with our Cisco infrastructure.

Don't take it to light and implement it with your customer in mind, and don't only implement it as a technical project. It's all about mitigating risks for your customers, and it might not always be technical. 

Be aware that implementing such a new embedded technology might also cause an impact on performance. So, keep informing your customers about the benefits and say that it might be a little difficult at certain times, but when we're finished, they are far safer than they were ever before.

Open Line has a big customer base in healthcare, local government, logistics, and social housing. Societal responsibility is quite huge in the Netherlands. Cisco might also be aware of the impact that they have. They shouldn't just look at us as a managed services company or a partner; just be proud that their social reach in the Netherlands is so high. They're part of that as well. At certain times, I don't think they're aware of that. They can be far prouder than they are right now.

I'd rate Cisco Secure an eight out of ten because we have a high ambition level. Perhaps with the new Cisco 3100 series firewalls, we'll go up a little bit because that will also help us in a risk-based security approach.

We are delivering Cisco solutions and security services to more than 100 customers. We use AMP, which I believe is currently called Cisco Secure Endpoint. We use Umbrella, we use SecureX, we use Meraki, and we, of course, use firewalls. So, it's a very broad range of Cisco products. 

Cisco Secure solutions have improved our company in the sense that we are now moving towards being a managed service provider, which is doing what Cisco is telling about combining your network, your hosting, and your security together in one company so that you can deliver IT services in a carefree way for your customers. So, Cisco is helping us in creating that goal of carefree use of IT.

I'm very glad that for most customers, we have onboarded Cisco Secure Endpoint because it helps us a lot in solving and detecting ransomware. It's being done automatically, so you don't have to worry. It's removing that. Therefore, it is called an EDR solution. It takes care of detection and response, and it's being done automatically. In the case some handling is needed, we have a connection from Cisco Secure Endpoint towards SecureX and ServiceNow. So, we are bringing that very simply to our support engineers. If any handling is needed there, they automatically get a ticket, and they can act.

It has helped a lot in saving time because when you have an automated flow of tickets, a ticket is immediately handled by the support people. They can immediately act in ServiceNow and see what they have to do if something is detected where a manual action is still needed. There are, however, not many cases because AMP already handles a lot of responses automatically. 

We are saving a lot of money on our operational costs because people don't have to enter tickets anymore in the system. Secondly, a lot of response is being done automatically by AMP. That helps us a lot as well in saving costs because, in the past, somebody had to do it manually.

The most valuable feature at this moment is that Cisco AMP or Cisco Secure Endpoint solution is delivering a lot of things, and I always say to a lot of customers that if we didn't have Cisco AMP, we probably would have had ransomware somewhere. So, it's protecting us very well from a lot of hackers, malware, and especially ransomware.

We would like to see the protection from the start of the endpoint till the end. Nowadays, we see that working from home is quite important, so there's a need to protect the whole layer, not only the network of the customer. There is a change towards starting from the process on the endpoint and then protecting that towards the application and the data on the back end. You need to protect that whole layer, which means that you have to have something on your endpoints that can protect. Today, at the Cisco Live event, I heard that there will be an AnyConnect solution from Cisco that will help us in delivering the kinds of security solutions that customers currently want. In some cases, we use AnyConnect, but because SaaS is coming up, many of the solutions or many endpoints are using a browser to make the connection to any place, anytime, and anywhere, so you want to have a secure connection at the start. It should be on every endpoint. I've heard Cisco is developing that right now to have all endpoints, not only laptops, desktops, and tablets, but also mobile devices, connected and secure towards the application and the data at the end. We are using AnyConnect as a VPN solution, but not as a whole set, which is currently being developed by Cisco.

They can combine the platforms and the management tools so that they are a little bit simpler and easy to use.

The integration of the Cisco products for security could be better in the sense that not everything is integrated, and they aren't working together. In addition, not all products are multi-tenant, so you can't separate different customer environments from each other, which makes it a little bit hard for a managed service provider to deliver services to the customers.

The quality of the product should be on top. For instance, when they are being introduced, some firewalls have some bugs, and they are known bugs. So, going to the latest version of the firewall is not always the smartest thing to do. There could be an improvement to help us go to the most modern version.

Cisco's support for their solutions is very good, but it always depends on people. We have a good account manager or service manager from Cisco, and he is helping us a lot in getting the right people from Cisco to talk to, etc. So, it's good. It's a very good arrangement. 

I'd rate them between eight and nine. I don't think that the support organization has to change, but if the tools that you have to use and the management consoles you have to use are simpler, then the support can also be much simpler, and the support department from Cisco can easily support the partners as well.

Positive

I was involved in the implementation of Cisco AMP. When we did a changeover from the traditional antivirus to AMP, I was highly involved. It was an interesting journey, and in the end, we achieved what we wanted to achieve.

It was easy in a certain way, but if you are a managed service provider, you also need to have multi-tenancy. The multi-tenancy support is within Cisco AMP. If you want to implement it, it's not always easy because you cannot do some of the things, such as specifying the policies you want to use, from the top level. You have to do them separately in every tenant, but I've heard that they are going to change it.

We have indeed seen a return on investment for the Cisco Secure solution we have implemented. We've seen the benefits in terms of earning money, but also in terms of extending our services and turnover in many cases.

The pricing and licensing of the security solutions of Cisco are very good in comparison with the competitors, but sometimes, it's difficult to see all the discounts and other kinds of things. So, you have to be careful, but the pricing is good.

I was a part of the evaluation process to go from a traditional antivirus package to a new solution called endpoint detection and response. Of course, there are only two big players, Cisco and Microsoft, in that area. We had to discuss what to do and how to deal with it. Of course, many customers have Microsoft in their workplace, but we are offering Cisco at least for the endpoint service where we have the hosting center. If they want, we can deploy AMP on the endpoints as well. However, there's something to say about the fact that you have two different kinds of EDRs. On your end-user devices, you have Defender, and on your server, you have Cisco, which makes it even more strong.

Traditionally, Cisco comes from the infrastructure. The difference between Cisco and Microsoft security solutions is that Cisco is coming from the infrastructure part, and Microsoft is coming from the data part. What you see is that Microsoft developed its solution from information, from data, and Cisco is coming from the infrastructure. It is deeper in IT. The solutions are deeper, and therefore, they sometimes might be stronger if you are only looking at the top of what's in IT. That makes it a little bit different. So, it's not about who's better or who's stronger. In some cases, they are an addition to each other.

Cisco Secure was the right solution for us. Of course, that was also because of the cost. Because we were already working together with Cisco, we chose Cisco for our hosting center and for all of our services. If the customer wants to have it on their endpoints and user devices, they could use our Cisco solution as well. If they want to have Defender, we support that as well on the endpoints of the user. 

To those evaluating Cisco Secure solution, I'd advise understanding the roadmap and the architecture of Cisco very well and seeing how it can add things. I have to mention Microsoft solutions because there is an added value on top of the Microsoft solutions, and that's what you have to look for. 

Cisco Secure solutions are currently at the level of a seven out of ten, and that's based on the fact that some management consoles are not working together, and in some of the new products, there are still, for instance, some known bugs. That's an issue that could be improved, and they are working on that.