Try our new research platform with insights from 80,000+ expert users
Kostas Karidas - PeerSpot reviewer
System Administrator at bluegr Hotels & Resorts
Real User
Top 5
Offers stable functionality and has comprehensive security measures
Pros and Cons
  • "There are several valuable features including strong prevention and exceptional reporting capabilities."
  • "The pricing policy could be more competitive, similar to Cisco's offerings."

What is most valuable?

Emphasizing robust prevention and comprehensive security measures, it offers stable functionality. There are several valuable features including strong prevention and exceptional reporting capabilities.

What needs improvement?

The pricing policy could be more competitive, similar to Cisco's offerings. Cisco recently introduced the SecureX platform, where all the different platforms are consolidated. This means you need a single account to access all the platforms, simplifying the process. However, it can still be a bit frustrating because the access isn't straightforward. There are different links for logging in, and depending on which link you use, you might encounter issues with admin rights, even if you are an admin. It seems there are some access problems during the transition and migration process, which has affected my system as well.

For instance, we had the Cisco Mail gateway, and I used to have specific links to report and configure guardian and spam checks for emails. Now, all of these have also been moved to the SecureX platform, which doesn't always function smoothly when logging in. Sometimes, I still have to log in using my old links. It's a bit inconvenient, but that's how it is.

For how long have I used the solution?

I have been using Cisco Secure Endpoint for the past two years. 

What do I think about the stability of the solution?

I would rate the stability nine out of ten. 

Buyer's Guide
Cisco Secure Endpoint
December 2024
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the scalability of the solution?

It is a scalable product and I would rate it eight out of ten. 

How are customer service and support?

They have separate support departments for different products, and the experience can vary depending on the product. For instance, Cisco Meraki Support is notably excellent and quick. In contrast, the support for some other Cisco products may be slightly less effective or even more outstanding. They tend to be slow when responding to inquiries. Personally, I have had a good experience with Cisco.

How was the initial setup?

Regarding maintenance, we receive the latest updates automatically. I handle tasks such as installing the updates, assigning licenses, and installing the agent. Additionally, I check for insights on the computers where the agent is installed. These insights provide reports on various aspects, such as the computer's Windows update status and whether the antivirus is on the latest version, among other things.

What's my experience with pricing, setup cost, and licensing?

It is a subscription-based product. 

What other advice do I have?

I would overall rate the product an eight out of ten and recommend it to fellow users.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Eros Huso - PeerSpot reviewer
IT auditor at Tirana Bank Sh.A.
Real User
Top 10
A tool for managed endpoint protection that helps to detect possible malware or attacks
Pros and Cons
  • "The most valuable feature of the solution is its technical support."
  • "The initial setup of Cisco Secure Endpoint is complex."

What is our primary use case?

I implemented the solution in my company to use its managed endpoint protection in my company's use cases. Most of the users of Cisco Secure Endpoint in my company are unaware that they use the product. Our company only uses it to isolate possible malware on the endpoints. Our company uses the solution in collaboration with other software protection tools we have so that it helps us to look into cases where possible malware or attacks can happen.

What is most valuable?

The most valuable feature of the solution is its technical support. In most cases, it's very difficult or complicated to incorporate Cisco Secure Endpoint in the IT environment, and most of the messages that appear are not very clear. It is a reliable tool. After the setup phase, I realized that it is a reliable tool.

What needs improvement?

The initial implementation of Cisco Secure Endpoint can be a pain and is an area in the solution that needs improvement. After the initial implementation phase, a person gets support from Cisco, making it a solid tool.

The solution needs to improve in the area of the specific details of the threats it provides to its users.

For how long have I used the solution?

I have been using Cisco Secure Endpoint for three years.

What do I think about the stability of the solution?

After the presence and use of the solution in our company for three years, I rate the solution's stability a nine out of ten.

What do I think about the scalability of the solution?

Since we haven't had any expansion in our company's infrastructure, I won't be able to comment on the solution's scalability feature.

All of the employees in the back-end processes of our company are users of the solution since the product is implemented on all the PCs and servers. From an IT perspective, only two people use the solution in the company. One person looks after the maintenance of the solution, while the other person looks at the messaging part of the solution.

How are customer service and support?

My company has chosen an outsourced option to get technical support of the solution since we don't get any technical support internally. 

How was the initial setup?

The initial setup of Cisco Secure Endpoint is complex.

Speaking about the deployment process, during the initial phase of using Cisco Secure Endpoint, we were getting a lot of false positives in our company, making it pretty hard for us initially since we had to cut endpoints until we could stabilize the solution.

What's my experience with pricing, setup cost, and licensing?

My company does make annual payments towards the licensing costs of the solution. Cisco Secure Endpoint is a little bit expensive. The pricing for licenses is pretty expensive for the moment, but it is a good solution.

Which other solutions did I evaluate?

My company wants to stop using Cisco Secure Endpoint and opt for another solution.

What other advice do I have?

I recommend the solution to those planning to use it.

I rate the overall solution an eight or nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
Buyer's Guide
Cisco Secure Endpoint
December 2024
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Director of Technical Services at a educational organization with 51-200 employees
Real User
Streamlines security policy creation and saves a lot of time in identifying threats
Pros and Cons
  • "It used to take us a month to find out that something is infected, we now know that same day, as soon it is infected."
  • "The user interface is dull."

What is our primary use case?

We secure the laptops down, making sure that where we build the policy, every policy is consistent on every laptop.

How has it helped my organization?

It has greatly improved my organization from a security standpoint.

What is most valuable?

The most valuable feature is being able to push a policy. Whenever we update a corporate policy, we update it in one place, push it down, and it updates the policy on every laptop.

Secure Endpoint is good for creating actionable alerts so we can detect and remediate threats. If somebody does get infected, we don't have to wait for them to say, "Oh, I can't use my email." We immediately know about it. We would absolutely know about the problem before the person did. That was our biggest impact.

Secure Endpoint decreased our time to remediation. Where it used to take us a month to find out that something is infected, we now know that same day, as soon it is infected.

Cisco Secure Endpoint has helped improve our cybersecurity resilience. We only have about two IT guys. So it just makes them better at what they do. It saves them time, so they can focus on other things.

It saves them time so they can focus on other tasks.

What needs improvement?

It does a great job for what it is. The user interface face could be slicker. It does not have to be flashy, but the user interface is dull.

For how long have I used the solution?

I have been using Cisco Secure Endpoint for two years.

What do I think about the stability of the solution?

The solution is rock solid.

What do I think about the scalability of the solution?

The solution is really easy to scale.

How are customer service and support?

I have engaged with tech support and I think they're great at what they do, two thumbs up. I recommend them.

Which solution did I use previously and why did I switch?

We were using Avast and Norton. We felt it was time to switch to something Cisco branded that we could trust because we are a Cisco shop. All of them are proactive, but identity services was a big reason we switched to Secure Endpoint. You cannot really hook Norton into a Cisco ICE. We chose it for the integration abilities.

What other advice do I have?

I rate the product a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Senior IT System Administrator at ScanPlus GmbH
Real User
Great secure threat hunting and threat response with continuous product improvements happening
Pros and Cons
  • "The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
  • "We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."

What is our primary use case?

AMP 4 Endpoints protect our workstation (ca 300), our VDI environment (ca 250), and our servers (ca 50).

The old product was from Trend Micro and was just a simple antivirus solution. It was ok, but it was just an antivirus. We needed something more than just an antivirus that is used by every end-user. We were looking for a tool can we trust, and something that can schedule some things, implement scripts, analyze malware, perform advanced scans, etc. Our company, as an ISP for many customers, has to be protected from vulnerabilities.

How has it helped my organization?

First of all, we performed a PoV (Proof of Value) together with our Cisco partners, and we tested about a few months the efficacy and complexity of this product.

After the evaluation of the cost and security that AMP 4 Endpoints could offer, we decided to replace the old solution with AMP 4 Endpoints. The implementation was performed, with support from Cisco partners, in a few hours. In the following days, AMP 4 Endpoints found many things that the old antivirus solution missed. That was a very huge advantage for us.

What is most valuable?

Since we booked the Premier License, the most valuable features, in my opinion, are

  • Secure Threat Hunting to have a specialized team to support in analyzing complex attacks. That could help us to learn about new technics
  • Threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files. Nobody wants to run a dangerous file in his network, for that Threat Grid is important for us.
  • Threat Response that offers the possibility of help on logs, IPs, domains, etc. to perform investigations into our and global infrastructure. Sometimes we want to see if a malicious file was run in our network, for that Threat Response take this job to search and save us alot of time.

What needs improvement?

Actually, we don't need others features or improvements of this product. It is a complex product and offers us exactly what we need - security and trust.

We chose Cisco because we wanted security and trust. That is what we needed from Cisco, and what our customers expected from us.

We are using many Cisco products, and, with every new product, every new feature, the trust in Cisco security is growing.

We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way.

For how long have I used the solution?

We have been using the AMP 4 Endpoints in the Test Environment since November 2020 and implemented them in the production environment since March 2021.

Which solution did I use previously and why did I switch?

We used Trend Micro and when we tested AMP 4 Endpoints we saw its value immediately.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to book the premier license and to have access to all the features that AMp 4 Endpoints has on offer.

Which other solutions did I evaluate?

There was no other option; we wanted the Cisco solution immediately.

What other advice do I have?

Everything is working fine.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Ahmed-Dawood - PeerSpot reviewer
Director of IT at Oriental Weavers
Real User
Top 5
It is stable, easy to scale and I like the price
Pros and Cons
  • "I am really satisfied with the technical support."
  • "I would like more seamless integration."

What is most valuable?

I like that this program is very light on the computer and very powerful. I also like the price.

What needs improvement?

I would like more seamless integration, because I have a security solution based on Cisco and I'm looking at integration for the old solution. It would be much easier for the security administrator to monitor integration.

For how long have I used the solution?

I have you been using this solution for almost a year now.

What do I think about the scalability of the solution?

I guess it's easy to scale, because I started a project with the requirements and when I needed to move forward to scale it up, it's been so easy. We currently have around 50 users. 

How are customer service and technical support?

I am really satisfied with the technical support.

Which solution did I use previously and why did I switch?

I also use Trend Micro. I use both programs, because they have different security layers. Both programs are very good.

How was the initial setup?

The initial setup was straightforward as we used one of the Cisco partners. The deployment took a couple of days. 

What other advice do I have?

On a scale from one to ten, I will rate this solution an eight. I do recommend it to others.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1150365 - PeerSpot reviewer
Solution Architect / Presales Engineer at a comms service provider with 1,001-5,000 employees
Real User
Offers a good scope and a good ability to shut attacks down then go back and see what happened
Pros and Cons
  • "The simplicity of use is its most valuable feature. You can very clearly see things."
  • "The initial setup is a bit complex because you need to execute existing antiviruses or security software that you have on your device."
  • "In the next release, I would for it to have back up abilities. I would like the ability to go back to a point in time to when my PC was uninfected and to the moment of when the infection happened."

What is our primary use case?

I use the public cloud deployment model. I have installed the license, the software, on my VM and it is being managed by Cisco Cloud.

My primary use case for this solution is to test it against malicious links and for encryption and decryption. 

What is most valuable?

The simplicity of use is its most valuable feature. You can very clearly see things. You have the ability to go back in time and get details, where the malware started, what happened and where it went from the minute it got in. It offers a good scope and a good ability to shut it down then go back and see what happened. 

What needs improvement?

It should be doing backups. Every stage that this malware is going forward, it should snapshot the situation. Then I could go back to the first stage before it got infected. It doesn't have this option, and I know that other manufacturers have it, like Check Point, for example. 

In the next release, I would for it to have back up abilities. I would like the ability to go back to a point in time to when my PC was uninfected and to the moment of when the infection happened.

For how long have I used the solution?

I have been using AMP for Endpoints for three months.

What do I think about the stability of the solution?

The stability is good. 

What do I think about the scalability of the solution?

I haven't needed to scale up yet but from what I see it's supposed to be easy. My organization sells this solution. We provide the service and management of the environment of our clients. 

It only requires one staff member for deployment and maintenance. 

I'm looking to expand the usage. I offer this solution to almost every endpoint SMB client. I'm looking to establish a faster solution and I meet with clients to discuss their network security. 

How are customer service and technical support?

We haven't needed to contact their technical support because we've never had a problem that we couldn't resolve ourselves. 

Which solution did I use previously and why did I switch?

We were previously using Check Point Sandblast Agent. We switched because it wasn't as stable as this one. We had some problems with it and we needed to contact their support and it wasn't so good. I would get tough questions from my clients so eventually I told them that we would look into other solutions.

We also work with Fortinet but I prefer AMP. 

How was the initial setup?

The initial setup is a bit complex because you need to execute existing antiviruses or security software that you have on your device. 

The deployment took around fifteen to twenty minutes. 

What about the implementation team?

I deployed it myself. I am the consultant who does the deployments. 

What's my experience with pricing, setup cost, and licensing?

The costs of 50 licenses of AMP for three years is around $9,360. There are no additional costs. 

What other advice do I have?

Just purchase the license, download it, install it to an active device, the main controller, and send it to everyone. My advice is that you need to delete your existing endpoint security solution because AMP actually contains everything that you need. Those two softwares can attack each other which can be a problem.

I would rate it a nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Engineer at Innovo
Reseller
A security solution to protect the endpoints with centralized management
Pros and Cons
  • "The console feature gives a centralized management of what's going on, and if something happens, it gives you an alert. So, that's the most important feature for me."
  • "It is not very stable because we have new versions four times a year, which fixes bugs. We had some problems with some deployments."

What is our primary use case?

We use this solution to protect our IT environment. We use it to secure our user endpoints.

How has it helped my organization?

It gives awareness of our users' security posture.

What is most valuable?

The console feature gives a centralized management of what's going on, and if something happens, it gives you an alert. That's the most important feature for me.

What needs improvement?

Compared to other products, Cisco Secure Endpoint has some limitations and issues, it is still catching up with competition. For example, protection for USB is fairly recent and it is still limited to Windows platforms, and there are significant differences in the product packaging and distribution for Windows and MacOS platforms.

Another area of improvement is stability.

For how long have I used the solution?

I have been using Cisco Secure Endpoint for two years.

What do I think about the stability of the solution?

We had a couple of deferred releases this year.

I rate the solution’s stability a seven out of ten.

What do I think about the scalability of the solution?

Our deployment is very small. We only have a few dozen endpoints. So I can't really say if it scales well to a large number of endpoints. However, it seems like it could scale well so, the solution could be easy to scale up as needed.

How are customer service and support?

The customer support team solves the problems, but it takes a while to contact them. 

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?


What other advice do I have?

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1384002 - PeerSpot reviewer
Security Officer at a healthcare company with 51-200 employees
Real User
Gives great network visibility by showing how a file interacts with other systems, devices, and files
Pros and Cons
  • "The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
  • "One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
  • "The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."

What is our primary use case?

AMP for Endpoints has Endpoint Connectors, which are agents on the endpoints, providing security against malware and intrusion detection. It also provides intrusion prevention. We install the Connector on all the endpoints before they're deployed and also on our virtual desktop images. They provide constant monitoring and alerting on any events or potential threats to let us know when there is something going on that we can further investigate.

AMP intersects with a bunch of other Cisco tools, such as Threat Grid, Threat Response, and Talos Intelligence to identify threats, then automatically quarantine or remove them. It also gives you the ability to isolate endpoints to prevent further spread of any sort of malware, like a virus that might infect other machines.

How has it helped my organization?

The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it.

The solution’s actionable alerts in the security console are granular. They take you right to whatever the incident was so you can start investigating it. One thing that I have noticed lately, as we have spun up more tools associated with our Enterprise Agreement, is that AMP interfaces with all of them, then takes on some automated actions. One of the things that AMP allows you to do if there's an incident, it gives you an alert. This is because a threat was detected. You can click on the threat that's detected, then it takes you right to it in the timeline. Finally, you can pull/fetch the file and submit it for analysis. However, it will also do that automatically.

Cisco is standing up so much stuff right now. This solution interfaces with Talos Intelligence, Threat Grid, Threat Response, and SecureX. All of these things are integrating together and a lot of stuff is now starting to happen automatically, e.g., if a threat is detected, it is automatically interfacing with Talos Intelligence to figure out what that threat is and the hash value of whatever file that is. If it thinks it's suspicious, it automatically submits it to Threat Grid, which detonates the file in the sandbox, but also in the cloud, and returns a report saying whether the file, or whatever it is, is an actual threat/incident. Then, it remediates and quarantines it, and you find out about it later. It's doing a lot of stuff in the background as the integration with other tools increases.

Cisco Threat Response accelerates security operation functions. It gives you great visibility into your network. You start with a hash value, and you can search for that hash value within your environment by just dropping it into Threat Response. Then, it'll show you how that file has interacted with other files, systems, and devices. It gives you immediate visibility with a chart that shows you where that file has gone and where it's been. If you're looking to contain outbreaks, it's all there.

Cisco AMP simplifies endpoint protection detection and response workflows, such as security instigation. It really shortens the window to respond to an incident. You can do something in five minutes that probably would have taken several days in a big, diverse, ambiguous environment, where you have a lot of people working remotely. It would be tough to run down all this stuff. It is saving not only time, but manpower. Another person plus myself can now fix a problem. Whereas before, I would have to crawl through four or five different people before I got the right guy to get to the right place to do the thing that I needed him to do.

What is most valuable?

I like all the features. They're continually adding features to the product as well. One of the most recent features that they added is Orbital Advanced Search, which gives you great visibility into each individual endpoint. If you need to go look and see what's going on, it gives you that ability very easily.

I've only used Orbital Advanced Search on individual endpoints. Unless what I'm looking for is of great urgency, then I don't want to run very complex queries because they can take a lot of time and use a lot of resources for the endpoint. I'm still getting used to it so I don't know its full capabilities, such as, what it can do without interrupting the use of the endpoint. However, if the endpoint is compromised, it doesn't really matter. If I'm just investigating an incident, I don't want to lock the box up if a user is still trying to use it while I'm trying to figure out what's going on.

The Orbital Advanced Search is a great tool that gives you visibility. Otherwise, you would have to track down the device physically and possibility even do a forensic image of it to figure out what happened, or take it out of the environment just to investigate it. Having the ability to use Orbital to get the information off of a device to determine whether it's legitimately compromised, or if something weird is just going on, shortens the timeline of your response because you have immediate availability and visibility into the device that might be compromised.

Orbital helps reduce attack surface and investigate real-time data on our endpoints. For example, a device alerted in AMP for having a potential browser hijacker. At the same time, the user was also opening a help desk ticket because they were unable to access some online resources necessary for them to be able to work. I was then able to get on the device using Orbital (out of AMP) to locate the device and figure out what was going on, and it was a legitimate infection of a virus: It was a browser hijacker. All that happened in the span of five minutes, and I was able to get one of my guys out there to remove the device from our environment, reimage and replace it with another device.

I was able to figure out what was going on with that device in the span of five to 10 minutes. Then, I was able to have a guy onsite within the next three hours to get the device out of our environment. Previously, that would have taken days to figure out what was going on with the device, remote into the device, and find out where the device was physically, then get somebody to go to where the device was physically and pull the device out of the environment. That used to be a much longer process, and the longer that you have a threat risk in your environment, the riskier it becomes.

One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned.

What needs improvement?

The solution’s endpoint protection, in terms of the operating systems and devices that it protects, is pretty comprehensive. The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on. 

It's a rapidly evolving product. Every time they turn on a new feature, you're going to have glitches. Recently, they put out a bad version of a Connector, but they put out a new version of a Connector every other week it seems, so they pulled that back and put out a new version.

For how long have I used the solution?

About a year.

What do I think about the stability of the solution?

It is very stable. I haven't noticed it being unstable. It is what it is and does what it does.

On a regular basis, we have four or five network security engineers working on its deployment and maintenance.

What do I think about the scalability of the solution?

It is easily scalable. It's a simple deployment. You can push it out through any sort of desktop management system that you have.

Because we're a hospital, some things (like an imaging device) will not be using the solution as it may stop the imaging software from working. As far as endpoints for regular people who are not doctors using nuclear medicine imaging computers, it is pretty much on all those devices, including all of our virtual desktops. We have about 5,000 endpoints.

How are customer service and technical support?

Their technical support is excellent. I often wind up working with the same people who are responsive, knowledgeable, and available to do live troubleshooting and analysis. They also do a great job of teaching you things that you otherwise wouldn't know about the tool.

Which solution did I use previously and why did I switch?

We still do use System Center Endpoint Protection (SCEP). I am in the security group, and there's an infrastructure group who deploys the desktop. As part of their deployment, not only do they include AMP, they also include the Microsoft tools of various types.

Mostly, AMP affords us utility and visibility. Whereas, we had very little control and visibility into other tools because they weren't ours. we didn't have such great access. For endpoints, it's really been great for us as far as having that level of visibility and ability to control what's going on. To not only have the responsibility for security, but the ability to provide security has been the big deal for us. We didn't have such great access. 

When we only had the SCEP solution, we would get alerts but that would be it. We wouldn't have access to the tool to get more information from it. This left us sort of trying to troubleshoot the device in a vacuum without understanding what was going on.

How was the initial setup?

The initial setup was straightforward, easy, and quick. When we first started testing and deploying it, we were installing it on individual machines ourselves. It's just a matter of downloading the Connector or having the URL to the Connector that you just run on the machine. All you need is local admin rights and it takes about five minutes. That's it. 

In our testing environment, deployment was probably a month or two, because we were just testing. Once we felt comfortable with it and started deploying it, we gave it to our desktop engineers because it's an integral part of the image that gets installed on every machine. Therefore, for our entire environment, it probably took a total of four months, since three months were for testing.

Initially, we deployed it to individual desktops for testing. Then, we incorporated it into the standard image deployed on all desktops, laptops, or endpoints.

What was our ROI?

We have absolutely seen ROI. The way that it is starting to integrate and work with all the other Cisco products, as far as the ease of use, visibility, and being able to respond to incidents. We can know if something bad is potentially happening instantaneously and prevent it from happening. We can go to a device and isolate it before it infects other devices. In our environment, that's millions of dollars saved in a matter of seconds.

The solution has made our team more effective and productive.

The solution has decreased our time to detection because we are getting alerts letting us know that something needs to be looked at. Now that it's integrating with all these other tools, it's automatically submitting files for analysis to determine whether they are dangerous. Up until about two months ago, I would get a bunch of alerts about certain files. For example, I used to get alerts about a machine having a file, then I'd have to fetch the file and submit it for analysis. That stuff is happening automatically now. So, I went from about 100 or so odd alerts a week to around five because everything is now happening on its own.

What's my experience with pricing, setup cost, and licensing?

We have an Enterprise Agreement with Cisco for a bunch of tools. This is one of them.

The Enterprise Agreement is like an all-you-can-eat buffet of Cisco products. In that vein, it was very affordable.

Which other solutions did I evaluate?

We looked at a bunch of different things. We looked at Carbon Black along with two or three other of our tools that we didn't really have any control over. 

Cisco AMP came as part of the Enterprise Agreement with Cisco, so it was included. This made it much easier to spin up and use.

What other advice do I have?

You need to look at your exclusions. You need to understand everything you have in your environment that needs to be able to operate. Because one thing AMP does, if doesn't know what a file is, it will go get that file and isolate/quarantine it. That file might be part of another software platform that's needed to function for whatever it is you do. Chances are you won't have any visibility into whatever that platform is until it stops working, because AMP has quarantined one of the central files for it. Knowing what you have in your environment, what the exclusions are, and how to create and apply those exclusions for those other systems is a key piece.

I think that AMP is really effective in isolating and stopping things that it doesn't know. This is probably good because you don't know if a threat is really a threat until you get a chance to look at it. AMP gets out in front of that. This can cause problems if you don't know that you need to have an exclusion, but you're better safe than sorry.

We are using Cisco Email Security, Cisco Firepower, Cisco Talos, Cisco Threat Grid, and SecureX. We have not stood Stealthwatch up yet. We are refreshing our ISE instance. The integrations across the board have really been a multiplier for each tool individually, and certainly through AMP. It's really launched AMP into another level far as automation is concerned. The integration of all these tools is seamless and very effective.

I would rate it an eight (out of 10). It is all still a work in progress; it is all still a new thing. Not only is the tool itself a new thing, but how the tool integrates with all the other tools. It's in development.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions.