Cisco Secure Endpoint Reviews

Cisco Secure Endpoint, often paired with Firepower and Cisco Umbrella, is primarily used for perimeter security and DNS protection.

The tool's most valuable feature is its integration with other Cisco products, such as switches and routers. This integration allows comprehensive coverage of security parameters across the customer's entire network. Customers find it easier to manage because they already know Cisco products. The cloud-based management is another valuable feature, enabling customers to manage their security from anywhere with an internet connection.

Cisco Meraki could benefit from AI assistance or intelligent assistance features. Compared to competitors like Juniper, Cisco Meraki currently lacks a digital network assistant, which is an area Cisco is reportedly working on.

I have been working with the product for three years. 

The solution is very stable. I don't hear complaints from customers about it not working right.

I rate the solution's scalability a nine out of ten. 

Palo Alto has a portfolio similar to that of Cisco. 

Setting up Cisco Secure Endpoint is complex, primarily because it needs to be tailored to each customer's specific needs and network configuration. Factors like whether the customer has a segmented network or uses VLANs affect how the solution is implemented.

While it's straightforward for a customer with ten branches, it becomes more complicated with 30-50  branches - not due to technical issues, but because of logistical challenges. 

One or two people are enough for deployment for complex cases with 20-30 branches. They're network or security specialists with Cisco certifications like CCNP or CCNA. The number depends on how complex the project is, but most times, it's pretty easy to deploy. We also typically need one or two people for maintenance, depending on how many branches there are and how complex the project is. If there are more than 50 branches, it can be complex to manage. Our solution architects often have CCNP certification, which helps manage the customer's network across branches.

The solution's price is about the same as that of Palo Alto solutions.

I recommend Cisco Secure Endpoint to others. It has been around for a long time and knows its stuff. Their Talos intelligence tool allows customers to see and secure their networks. I rate the product a nine out of ten. 

We use this solution to protect our IT environment. We use it to secure our user endpoints.

It gives awareness of our users' security posture.

The console feature gives a centralized management of what's going on, and if something happens, it gives you an alert. That's the most important feature for me.

Compared to other products, Cisco Secure Endpoint has some limitations and issues, it is still catching up with competition. For example, protection for USB is fairly recent and it is still limited to Windows platforms, and there are significant differences in the product packaging and distribution for Windows and MacOS platforms.

Another area of improvement is stability.

I have been using Cisco Secure Endpoint for two years.

We had a couple of deferred releases this year.

I rate the solution’s stability a seven out of ten.

Our deployment is very small. We only have a few dozen endpoints. So I can't really say if it scales well to a large number of endpoints. However, it seems like it could scale well so, the solution could be easy to scale up as needed.

The customer support team solves the problems, but it takes a while to contact them. 

Neutral

The initial setup is straightforward.

Overall, I rate the solution an eight out of ten.

We secure the laptops down, making sure that where we build the policy, every policy is consistent on every laptop.

It has greatly improved my organization from a security standpoint.

The most valuable feature is being able to push a policy. Whenever we update a corporate policy, we update it in one place, push it down, and it updates the policy on every laptop.

Secure Endpoint is good for creating actionable alerts so we can detect and remediate threats. If somebody does get infected, we don't have to wait for them to say, "Oh, I can't use my email." We immediately know about it. We would absolutely know about the problem before the person did. That was our biggest impact.

Secure Endpoint decreased our time to remediation. Where it used to take us a month to find out that something is infected, we now know that same day, as soon it is infected.

Cisco Secure Endpoint has helped improve our cybersecurity resilience. We only have about two IT guys. So it just makes them better at what they do. It saves them time, so they can focus on other things.

It saves them time so they can focus on other tasks.

It does a great job for what it is. The user interface face could be slicker. It does not have to be flashy, but the user interface is dull.

I have been using Cisco Secure Endpoint for two years.

The solution is rock solid.

The solution is really easy to scale.

I have engaged with tech support and I think they're great at what they do, two thumbs up. I recommend them.

We were using Avast and Norton. We felt it was time to switch to something Cisco branded that we could trust because we are a Cisco shop. All of them are proactive, but identity services was a big reason we switched to Secure Endpoint. You cannot really hook Norton into a Cisco ICE. We chose it for the integration abilities.

I rate the product a ten out of ten.

We saw this product with a partner. We installed it and configured it properly along with our antivirus solution. We monitor it almost every day to see what's going on. Up till now, we are very happy with the performance.

We check every day if there are any indicators of compromise, if there are any workstations that need particular attention, or if there are any peculiar or strange events.

The main benefit is that we have visibility on the network. With the combination of Cisco Secure Endpoint and our antivirus, we feel a little bit more secure. We have better monitoring of and overview of what's going on in the network.

It's reliable. It's doing most of the jobs for us, so we don't have to worry. We check it for just 15 minutes per day to be sure that everything is fine.

It doesn't save time, but we feel more confident that everything is okay on the network. It improves our security posture.

It's quite simple, and the advantage I see is that I get the trajectory of what happened inside the network, how a file has been transmitted to the workstation, and which files have got corrupted.

It's able to detect and help remediate threats. So far, my experience is very good. I trust this product. It's quite simple, fast, and reliable. The dashboard and reporting are also quite good.

In terms of features, I don't have any areas for improvement. It has a good interface. Its reporting is also good, and the updates are very frequent. Its price is okay for us, but it can always be better. There's always room for improvement when it comes to pricing.

We have been using this solution for more than a year and a half.

It's reliable. We haven't had any problems so far.

It's easy to scale.

It has been excellent so far. We don't have any problems. I'd rate them a nine out of ten.

Positive

It's the first time we are using this kind of product. We didn't use any other product previously. 

It was quite easy for us. It probably took us three days.

We have a lot of partners, but Netbull is our partner in Greece for Cisco Secure Endpoint.

Its price is fair for us.

We didn't evaluate other products. We had seen this product before. We discussed it with our partners, and we just went for it. Our main thought was to go with a product and brand that we can trust. All our core network is Cisco, so this was the product that came straight into our head.

I'd rate Cisco Secure Endpoint a nine out of ten. It's excellent.

It is used especially to connect with MDM, covering security and monitoring services.

It protects user devices, especially for field services.

Customers need some infrastructure on the cloud, e.g., Amazon and Google. We also need some testing and stage environments to perform tests.

We need to follow many countries' laws about data privacy. This is a requirement that is key for users. Cybersecurity resiliency has been important for us because we need to protect against loss.

The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices.

It could be improved in connection with artificial intelligence and IoT.

I have been using this solution for three years.

The stability is good.

It doesn't require much maintenance, just in a few cases.

It is good.

The technical support is fair. I would rate them as nine out of 10.

Positive

We previously used IBM. We switched because customers made decisions to work natively with the Cisco features, especially on infrastructure and security environments.

In many cases, we can deploy it in a week. In other cases, we have to connect and test with more complex architectures. However, this is not related to the security endpoint services. The testing around another product is important, so it can take two to four months.

We use the agile method for our implementation strategy.

We worked with IBM, Amazon, Google, Microsoft, and a few partners.

It takes three to 10 people to do the deployment, including pre-sales and technical guys, testing guys, and some software architecture.

We get more value out of our portfolio. We have pretty much seen ROI. When the endpoint service is well connected devices, it covers many important key features,

The price is very fair to the customer.

We need to be open as an integrator to figure out other situations and features, especially from Microsoft and IBM. Everything is related to the customer's architecture, which is why we have to be open-minded. 

I really recommend to test and connect it with different devices, especially mobile, tablets, notebooks, and servers. Then, the potential customer can understand the value of naturally integrating all these devices together.

When it comes to data security, it is important to protect the data.

I would rate the solution as nine out of 10.

I'm hoping that this is protecting me from all the harmful issues that are happening, because we know exactly what kind of world we are living in on the internet.

I rely on this system. I am hoping that everything is fine with the system and that it will catch any harmful file or virus or trojan. If any of those things happen on my network, it will hold it or stop them.

It has helped to simplify cybersecurity in my company. I see that there are files that have been blocked. I don't go deep into the reports that I get from the system, but I believe that it's doing its job. I haven't had any serious problems.

I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see.

They could simplify the solution and make it a little bit easier to understand how things are happening or if something serious has happened. They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need.

I would also like it to update itself so that I don't need to click to make that happen. Of course, having to click is not a hard thing to do, but I would like to see things done automatically as much as possible.

I have been using Cisco Secure Endpoint for a long time. I used it in the last company I worked for and, when I opened my own company, I also started using it. I have been using it for around five years at least.

It's very stable.

I have it installed on about 40 clients. To increase the number of endpoints I just need to download the connector and install it.

I have had some difficulties, but I received support from Cisco and, in the end, it was okay. I cannot complain.

It took me some time to understand how to send in a request. It would be very easy if there were a chat on their site or if it could be done via WhatsApp. But I had to look for an email address, where to send and what were the details that they asked from me at the beginning. It wasn't obvious how to reach out to support.

Positive

I did not have a previous solution.

The deployment was straightforward. It's easy to understand the steps. I created a profile, downloaded the agent, and installed it on the clients that I wanted it on. The dashboard is in the cloud, hosted by Cisco.

It is good that you don't have to take care of the system all the time. Once it's installed and stable, you don't need to make adjustments.

I used SecureIT and it was perfect. He's very professional and he knows the system. He gave me an introduction to the system and explained the things that I needed to know.

It's keeping things quiet, so that's a very good return.

Cisco Secure Endpoint is not too expensive and it's not cheap. It's quite fair.

I looked into SentinelOne two months ago. The question is, is the system protecting me enough or not? Sometimes I ask myself, should I put more security on the servers? Doing so is going to make the system work more slowly. I checked SentinelOne because some of my colleagues who have Cisco AMP had an attack that Cisco AMP did not see.

The fact that I've been using it for five years already means that I believe I can trust it. Others can also trust it.

Cisco AMP is an anti-malware and antivirus product. It provides endpoint protection. We use it as our antivirus and anti-malware tool. We put it on all our computers. Our employees have it on their laptops because they leave the network and we can't protect them everywhere. Microsoft Windows comes with a built-in tool but it's not quite as powerful. So we use Cisco AMP and Microsoft System Center Endpoint.

Cisco AMP is our primary solution, but we don't uninstall the free ones that come with Windows.

It runs a little agent on the computer and then you manage it from a website platform. There is an application installed on the computers and they all connect up to the management console, which is hosted in Cisco's cloud.

You can use it for single endpoints. We have 3,000 that we use and then there's the free version of it you can use for home.

The actionable alerts in the security console are very good and very useful. They alert us immediately when something happens so that we can take action faster, instead of having to wait until a user report's something or until we view the logs. It sends you alerts so that you can know about them as soon as they happen and remediate the problem. It's a very nice feature.

The solution also makes it possible to see a threat once and block it everywhere, across all endpoints and your entire security platform. You can identify a threat and then mark it as, "If you ever see this file, delete it." It uses something like crowdsourcing, where, if someone works for another company and has AMP and it detects a malicious file on that person's computer, it then updates so that my AMP knows about the virus at that person's company, and protects my company from their virus.

Cisco AMP simplifies endpoint protection detection and response workflows. I'm the only one who manages it now, so it frees up time for a lot of other people. Once it is deployed and set up, one person can manage and maintain it. That reduces the number of people you have to pay for those responsibilities. The console will show if an AMP agent has checked in and I can use all the search features it has. And it deletes all the viruses so I don't really have to do too much, once it has been installed.

It has also minimized security risks to our business that we were previously unaware of. It points out vulnerabilities in software that is already installed, such as in Microsoft Office. If you don't have the latest version of Office, AMP proactively lets you know that you could potentially be infected. We didn't have that before. It has a more comprehensive database that's made up of all the information it has collected from my company and all the other companies that use it. It takes all that information and protects your environment from anything it's ever seen.

When it comes to time to detection, Cisco AMP has taken it from one day to one hour. And our time to remediate has gone from hours to minutes. It does it itself, so we don't have to do anything. 

I can't think of a case where a computer was infected and AMP did not let us know or missed it. It has never happened to us that the product didn't detect something while another product did detect that problem. So far it has been 100 percent successful.

I like the central management console where I can see everything that's going on, on all the computers. 

Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP.

One of the things that is most impressive is its ability to give so much insight. That's another of its best features. With the File Trajectory, it shows everything the computer's doing and it can help determine how the virus got onto the computer.

You set it and forget it. Once you install it and configure it, it runs the reports, putting everything on the central web console.

You're able to subscribe to alerts, so I get an email every time it deletes a virus off of someone's computer. I also get an email if it has a problem, such as if it was unable to delete the entire virus. It will say "Quarantine unsuccessful."

It allows as many people as you want to go in and view it. And you set people as administrators or as people that can just view the information.

AMP also has several tools you use to link to websites that contain more information about things. They're useful as well. They give you the ability to look at different companies' information; for example, a virus total. You can also connect it to other modules and tools that you have, and it can do things such as quarantine where it will take a computer off the network for you automatically. Those tools are helpful. It provides a concept they call "distance and depth," where you get more than one company's opinion on things.

We just started using its Orbital Advanced Search feature. It's relatively new, so we haven't used it a whole lot, but for the little bit that we have used it, it has been a really neat tool. I've only run it on a couple of endpoints so far, but it works pretty well. It just gives you that extra insight to help better understand how the rest of your environment could be affected. Obviously, you're dealing with a computer that has a virus already and this gives you an ability to assess what else could have happened with that virus. It helps provide more information. 

The Orbital Advanced Search feature also helps to reduce the attack surface and to investigate real-time data on our endpoints. Some of the queries will show you which software packages you have that are vulnerable, like a version of an Office program or an Adobe Reader that has a vulnerability in it. Once you know that information, you can proactively patch the computer or apply updates to it so that it does not become infected. It alerts you to an infection, and then you can say, "Oh, these other computers could be infected by that too." Orbital detects those computers. It reduces the amount of time we spend on that kind of situation by about 20 percent.

In terms of the comprehensiveness of the solution, it does Windows great. It works on Macintosh very well. It also does iPhone and Android. It's pretty comprehensive since it covers the majority of operating systems.

It also integrates very well with other Cisco products. It has an API interface so you can integrate it with just about any Cisco product. It does have some out-of-the-box stuff and definitely integrates great with all the other Cisco tools. But we use something called Rapid7, it's a vulnerability scanner, and it's able to integrate with it very well to help report data. It works well with some third-party products, but I'm not sure how many.

The endpoint agent on a machine doesn't provide much data. 

And the thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself. There are features that are supposed to work that don't that reduce the duplicates.

I've been using Cisco AMP for Endpoints for five years. I started with the company as they were in the process of determining if they wanted to use it and they decided they wanted it. I have been managing it ever since. We're upgrading everybody to 7.1.5. They were on version 6.2 for a year. Before that, it was 5.1.

It's stable. We only had one or two instances, over five years and 3,000 computers, where the agent has stopped working and we had to reinstall it. That's a pretty high percentage of availability, like 99.9 percent of the time there have been no problems.

Their technical support is the best. I've never had technical support better than Cisco's in my 15 years working with different companies. Nothing is better than Cisco TAC. The response time is always within an hour or less.

If you don't get a response in that time, you can have the case put back in the queue. You can easily escalate it. When you open a case, it tells you the engineer who is assigned to it and then gives you a manager's contact information so you don't have to say, "Let me speak to your manager." You already have that information.

There are tons of support people working 24 hours a day, seven days a week. 

Also, there are so many users — Cisco customers — that even searching the information online through their support Knowledge Base is good and easy to do, if you don't feel like talking to somebody. You can find a lot of information online whereas one of Cisco's competitors, Palo Alto, has a tool called Traps. It would be a lot harder to find information about that.

We replaced a Norton product with AMP. Now, we run the default Windows tools that come with it, along with Cisco AMP. The Windows solutions are free but we wanted to buy a more robust one with better ability to search and do forensics. There are similar solutions to Cisco, but it has definitely been an improvement over previous stuff that we've used.

We have a lot of other Cisco products that it integrates with, and that was one of the reasons we chose Cisco AMP. We did a demo and it was good and it answered the questions we had. We wanted to be secure, so we needed to find an antivirus tool that works. It makes it easier for us to monitor all of the computers for viruses.

I helped set up and deploy it. It was pretty straightforward. You go to the web console, tell it to create a package, download it and then install it, and you're done.

With 3,000 computers, we rolled it out at about 1,000 at a time and it took about three months. We could have done it in a week. We just did it very slowly because any changes you make, you're supposed to do a test community of computers. We did the IT people first because they're smart at troubleshooting things. 

There's another tool from Microsoft called SCCM, a deployment tool, and as we upgrade the client it takes two days to push it out to the thousands of computers because some people don't turn on their computers for a day or two. Everybody is going to do their deployment differently.

We have seen return on our investment with this tool. The amount of stuff that it detects and blocks has been very valuable.

The pricing is very good and the licensing is somewhat of an honor system. We have a license for 3,000 users and if we get up to 3,100 users, it doesn't stop working, but on the next renewal date you're supposed to go in there and add that extra 100 licenses. It's really good that they let you grow and expand and then pay for it. Sometimes, with other products, you overuse a license and they just don't work.

Once you pay a license for a client, that's it. Everything else we talked about, the integrations and those kinds of things, is free. There's only one level of licensing too. Some products are set up so that if you pay this much you get these features and if you pay that much you get those features. Here, everything comes with one price.

The main competitor was Palo Alto with Network Traps. The difference was that Traps would detect viruses but it would not delete them or clean them, whereas AMP did, right out-of-the-box. AMP also worked with multiple operating systems, as I mentioned and the Traps solution did not offer that at the time I looked at it.

They keep adding more features to it and there are features you can enable and turn off. One of the best, newer features addresses the fact that it did not work unless you had an internet connection. They put an antivirus engine on there that works when it does not have an internet connection. That was a big deal. It has a lot of capabilities. They keep developing more for it, which makes it a better product.

Be sure to password-protect it so that users can't disable it. It has a feature to add a password to it which prevents the user from uninstalling or even stopping it. Also, enable that offline antivirus engine called Tetra. You want to be sure to enable that so that it works when it doesn't have an internet connection.

Using the product, what I've learned is that you need to keep the client up to date. One of the hardest things is that people have computers that come and go. Someone might have a laptop that breaks and the company will give them a new one. You've got to manually find that broken laptop and delete it. You want to make sure you go in there frequently to ensure that the information is accurate or up to date. If you wait too long and there are hundreds and hundreds of computers you have to search and work. That's way too much.

We did Threat Response and we did a demo of Threat Grid and did not move forward with it. We had it integrated with ISE and Umbrella. Threat Response provides a little bit more information but, honestly, it wasn't that useful. It seemed like it was a repeat of what we could already find through the other tools we had. Threat Response isn't the best add-on to it, but it's free. It provides more information but the response wasn't that good, those times that I used it. Threat Response didn't impress me. It does do more, but it's not that useful.

We rely on it for antivirus. There are probably three levels, and we have the bottom tier, the most basic one.

It is on Cisco's cloud. We have the client installed on all workstations, but we don't have a server.

It just gives me more insights into what threats are out there on the machines, so I can be more proactive.

Actionable alerts in the security console are helpful. With the security console, I immediately get to know about an issue. So, it has sped things up. It also gives you a way to research and see if an issue is spreading, so it has assisted quite a bit.

It definitely gives a starting point for investigating and mitigating threats. It has research tools, and we can run queries. I have used its Orbital Advanced Search feature. I have run quite a few queries to determine what is out on the network or on the devices that could be a threat. It could be something that is misconfigured or something that we don't want to have running. It is able to quickly run these queries.

I usually use the Orbital Advanced Search feature for groups. I use it to look for commonality for a threat thread, and it provides good visibility. I've never used it for just one endpoint.

Orbital Advanced Search helps in reducing the attack surface and investigating real-time data on endpoints. I've only used it a handful of times, and I was mostly looking for whether or not an update has been applied.

Orbital Advanced Search definitely saves time. I assume money goes right along with time. I don't have to go from desktop to desktop. I have 50 desktops, and if I'm looking for something in particular, it would take at least 15 to 20 minutes per desktop.

We use Cisco Umbrella. The integration when you use the SecureX console is really good to go from one to the other. I have pulled the endpoint and Cisco Umbrella into SecureX, so I just have one console. It was easy to integrate. They provided really good instructions. This integration just made things more convenient.

It simplifies endpoint protection, detection, and response workflows, especially for threat hunting. The way it is set up, with the console, I would get to know quickly that we have an issue. It increases operational efficiency because I don't have to go from desktop to desktop. I'm also proactive instead of reactive.

It has minimized security risks to our business. I've had several desktops where they have triggered an alert, and all I had to do was to go and clean that machine out before the problem spread. 

It allows us to focus on the incident instead of investigating the group, so we are more efficient. It has decreased our time to remediate because we're focusing on the machines we need to.

It has decreased our time to detect. I can't quantify the time, but in some of the older antiviruses, the user would say, "Okay, I've got a pop-up, and it has flagged this or that," and then you'd have to go look for it. With this, I know ahead of time, or I know when it happens. 

We use it as an antivirus. The audit logs are valuable. 

It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.

It is quite comprehensive in terms of endpoint protection. I haven't found anything where it was lacking in terms of the protection of our Windows machines.

While I've attended a lot of their training webinars, they were mostly high-level. They just say that these are the feature, and this is how you access them, but I would like to see more scenario-based information. They should provide us examples of how to resolve something when we see something happening. They should give us an example of the flow on how to resolve it.

In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through.

I have been using this solution for about a year. My company had it for about a year and a half before I joined.

II haven't had any issues with it except for a connector issue. They quickly put out a new one and got rid of the problem. So, it seems to be really stable, and they seem to be reactive when there is a problem.

It is good in terms of keeping the machines updated. It is easy to get it installed on the desktop and keep it updated. We have a little over 100 users. They are administrators, project managers, field supervisors, engineers, and sales and support staff, so we have quite a mix.

We have deployed it on all desktops and laptops currently. I am going to start looking at adding it to mobile devices. Currently, we only have Windows machines covered. We are working on getting it set up on the Mac mobile devices. So, eventually, we will have a lot more depth than we have now.

I never had to reach out to them. So far, I have been able to find the documentation that I needed.

I've only been with the company for a year. They had it when I got there, and we haven't changed anything since then.

I've used McAfee and Norton, and it does much better than them.

I wasn't involved in the initial setup. They did that before I joined the company.

Its maintenance is done by me. I'm the only IT person. It is not a large company, so it isn't a bad thing.

It is kind of hard to say what would have happened if you didn't have it. We've got a very stable environment, and it seems to be doing its job. So, I assume we're getting a return on investment.

The pricing was negotiated before I started, so I don't really know.

I would advise others to take a real hard look at it because it is a good solution for companies of our size. I like the fact that it is managed in the cloud. I don't have to maintain a server presence. It is easy to use. It was a bit of a learning curve to start with because I was completely unfamiliar with it. I just dug in there and figured it out. Its documentation is fairly good.

If you go through SecureX, everything is right there in terms of user access and device protection. This integration is nice, but so far, it hasn't really saved me any time. It may in the future.

I believe it makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform, but I never had to do that.

I would rate Cisco Secure Endpoint an eight out of 10.