Try our new research platform with insights from 80,000+ expert users
IT Security Services Owner at Atea AS
Consultant
Its most valuable features are its scalability and advanced threat protection for customers
Pros and Cons
  • "Its most valuable features are its scalability and advanced threat protection for customers."
  • "We would like to have an API integration with a SIEM solution, because as far as I know, it currently hasn't yet been released."

What is our primary use case?

We are trying to provide managed security services. This solution would be part of those managed security services.

How has it helped my organization?

We are on proof of concept phase and will see how it works.

I hope it will help decrease mean time to detect and respond, because it provides scalability, and we could make an efficient, effective service providing it for customers.

What is most valuable?

  • Scalability
  • Ability to integrate with SIEM.
  • Advanced threat protection for customers.

What needs improvement?

We would like to have an API integration with a SIEM solution, because as far as I know, it currently hasn't yet been released. We are looking forward to it because it's important for us to integrate the product with a SIEM solution in order to provide our customers a good, robust solution.

It needs major improvement with its ease of integration.

Buyer's Guide
Cisco Secure Endpoint
November 2024
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

For how long have I used the solution?

Trial/evaluations only.

What do I think about the stability of the solution?

So far, so good.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and support?

We have not had any technical cases.

Which solution did I use previously and why did I switch?

We are providing our customers multiple solutions depending on their needs. So, it's more like what our customer needs. We could go with Cisco or maybe we could with another vendor (we will see). Right now, we are quite satisfied with Cisco.

How was the initial setup?

For what we have already set up, the process has been straightforward.

What was our ROI?

We are estimating 5 to 10 percent staff productivity increases.

What's my experience with pricing, setup cost, and licensing?

Our partner in Norway does the price negotiation.

Which other solutions did I evaluate?

We are looking for cost-effective, efficient solutions for our customers, and Cisco happens to be one of the vendors who fits into that scope.

Microsoft is another vendor who offers a similar licensing model for this type of solution. There is also McAfee and Trend Micro. It depends on the customer's requirements.

What other advice do I have?

We have some mature security services, like anti-malware. We are looking to broaden our service portfolio and are on the first steps to climb further. 

You should always assess your customers' needs. Once you get that information, you just look for respective vendors. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
reviewer2212620 - PeerSpot reviewer
Technical Advisor at a government with 10,001+ employees
Real User
Top 20
Great support, reliable, and makes our network more secure
Pros and Cons
  • "The product itself is pretty reliable. The security features that it has make it reliable."
  • "It's pretty good as it is, but its cost could be improved."

What is our primary use case?

We're using it for endpoint security for users and to make sure that no vulnerabilities exist.

How has it helped my organization?

Cisco Secure Endpoint has improved our security boundary. It makes our network more secure.

Cisco Secure Endpoint has decreased our time to remediate and time to detect, but I don't have the metrics.

Cisco Secure Endpoint has improved our cybersecurity resilience.

What is most valuable?

The product itself is pretty reliable. The security features that it has make it reliable.

What needs improvement?

It's pretty good as it is, but its cost could be improved.

For how long have I used the solution?

We have been using Cisco Secure Endpoint for three to four years.

What do I think about the stability of the solution?

It's pretty reliable.

What do I think about the scalability of the solution?

I haven't had to scale it at all, but I would hope it's scalable.

How are customer service and support?

It's great. I never had any problems getting through or contacting tech support. I'd rate them an eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used McAfee. We switched because we're more Cisco-reliant, and the product suits us better.

How was the initial setup?

I wasn't involved in its setup.

What was our ROI?

I personally have not seen an ROI.

What other advice do I have?

I would definitely weigh it with its competitors. The best bang for the buck in the technology is Cisco Secure Endpoint.

I would rate Cisco Secure Endpoint an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cisco Secure Endpoint
November 2024
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Technical Team Lead Network & Security at Missing Piece BV
Real User
Its dashboards immediately show you what's going on in your environment, what's being blocked, and what needs to be investigated
Pros and Cons
  • "Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
  • "We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment."

What is our primary use case?

We were looking for a security product, which would not only block known viruses, but give more visibility and control over anti-malware. We offer Desktop as a Service (DAAS) for small and medium businesses, so we have hundreds of laptops, desktops, and virtual machines. Because users click on everything, you need to have a solution in place which will detect if something happens and log it, if there's anything malicious, then it will be blocked and reported.

The main reason for going with Cisco AMP is its integration with other Cisco solutions. It can integrate our firewalling, DNS protection, and email security appliance, so if there's a malicious file, and I see it on one of those devices. I can say, "Hey, I want to have this blocked," and it will immediately stop it being emailed in or out our environment. It also can no longer be downloaded from the Internet. Thus, with one click, we have multiple points protected.

AMP is a bit of a time machine for our environment. We can see any action being executed, connection being made, or file being written, whether it's malicious or not. Everything is been logged. I can basically go back in time and see, "This user opened this website," or, "This process created this file." If at any point in time, we do get something where, "There has been malicious activity there," we can completely follow it back:

  • How did it get there? 
  • Did it change other files? 
  • Did it leave a scheduled task somewhere? 
  • Did it connect to other machines? 
  • Did it drop software on another place even before it was know to be malicious? 

All activity has been logged. If something turns out to be malicious, or if it's a user doing something they shouldn't be doing without using any malicious software but just using system tools, you can still see every command being run from the console.

The management console is cloud-based and the deployment goes to the endpoints, which are either in our data center or on the laptops and desktops that users have in their offices.

How has it helped my organization?

We worked a lot from home over the past few months. This was our only product that did not need to be changed in configuration when all the laptops did not come into the office for a few weeks. As long as there's an Internet connection, it will get the updates. Anything happening locally will upload to your cloud so you have full mobility on it. You have no need to update your console. You log in one day, and there's a note saying, "We added these new features. Click here for more." It has taken a lot of the hassle out so you don't have to worry about the connectivity or updates. You can just worry about stopping the malware you're investigating and incidents in your environments.

Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us.

With Cisco AMP, or any Cisco security products, you get Cisco Threat Response. Threat Response takes the intelligence from all your different solutions, then combines it with sources, like VirusTotal, and includes general information that Cisco has available on those threats. E.g., if I see a file somewhere, I can with one click go from my AMP console to Cisco Threat Response, and there it will be enriched, saying, "We have already seen this piece of software two months ago in Japan. This is what we thought of it. We did an automatic analysis on it. These are the indicators on this piece of software being either malicious or benign." With Threat Response, it is very easy to go from what's happening on my environment to what's happening in the world.

If there's spam coming from a machine, I can with one click determine, "Has there been any other intrusive events originating from this machine? Has it been sending me just spam or has it also been scanning me, making connections to other machines, or login attempts?" With Threat Response, we get the view from all sides, both inside and outside our network.

Orbital helps us with investigation, especially if there's been an incident on one machine, and I want to know, "Are there other machines in my environment with the same type of modifications." It's just a click away. I don't have to leave the Orbital or AMP to do the incident investigation. Thus, I don't have to pivot to another solution to check the event logs or files on the endpoints, and not having to leave the tool is very efficient. You have the same casebook in which you can keep notes of your investigation, then you can share the notes with your colleagues. 

The solution simplifies endpoint protection, detection, and response workflows, such as security investigation, threat hunting, and incident response. This positively affects our operational efficiency. We don't have to guess anymore if we have everything or need to use different tools. I can query the machines directly from Orbital. It's a complete tool set. You don't need anything else besides the tools you get with Cisco AMP. There are things now possible which we could not do before, and they're easier than before as well.

What is most valuable?

I find the the integration to be valuable. Cisco Email Security, Threat Response, and firewall are all completely integrated with this solution. It's very easy to connect your firewall or Email Security appliance with AMP to get visibility within Threat Response. On Cisco's end, we have had no trouble integrating. You go to the menu, and say, "I want to integrate this kind of device." Then, it basically shows you which buttons to click to integrate. It has been very easy.

The ability to create groups and policies precisely to your liking is also valuable. You can choose which engines you want to use for specific groups and what type of protection you want for what machines. It's not a single, one-size-fits-all. You can precisely match it to your requirements. E.g., if I have a file server and a laptop, then I want a different type of protection for those machines.

The console is really great. It's web-based. You can give everybody access. It has some great dashboards, which immediately show you what's going on in your environment, what's being blocked, and what needs to be investigated. It also makes collaboration very easy. If I start an investigation, I can open a virtual casebook that will be also stored on the console. I can invite other users to collaborate with me on the same investigation without having to send them notes or have another communication channel open to check things. E.g., I open the casebook and add interesting events to it, then other users are being updated immediately. They can also add to the same casebook, as it is very easy to collaborate from within the console on incident response.

Orbital is a good feature. It's based on SQL query. You can say, "I want to see failed login attempts," to see if there is anything out of the ordinary, then select a random or specific number of endpoints. It can run queries against the machine without you needing to make sessions. You can check if:

  • There have been any alterations in the host files.
  • Any new applications were installed.
  • There have been any events taking place in the event log, without having to leave the AMP environment.

What needs improvement?

We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment.

For how long have I used the solution?

At least a year.

What do I think about the stability of the solution?

The stability is very good. We have had no issues with the console. It has always been available. The connector also runs well.

What do I think about the scalability of the solution?

I have to ensure that the connector is installed on every device, whether it be an iPhone, Android, Linux, or Windows. I don't have to worry about the console, the amount of data, or the back-end, as that is all being handled by the cloud. Therefore, I can scale as much as I want, as long as I have enough licenses.

We currently cover 500 endpoints with Cisco AMP and are looking to scale that up to 3000 this year.

Working on the console: We have seven users. 

Working on machines protected by AMP: We have about 5,000 users.

How are customer service and technical support?

There have been a few incidents where we used their technical support, which has been very good. The highest level of certification is Cisco Certified Engineer, and these are the first people whom I talk to as I log an incident with Cisco AMP. They are certified at that level. Therefore, I'm talking to somebody who has intimate knowledge about the products. They react quickly and know what they're talking about. They say, "Can we schedule a remote session? I can work with you on the problem." Then, it's always been either the same day or the next day that they say, "I have a solution," or "I'm going to continue to work with you towards that solution."

Which solution did I use previously and why did I switch?

We previously used Microsoft System Center Endpoint Protection. We switched away from it for two reasons:

  1. System Center Endpoint Protection is a classic antivirus product, which will block no malware and only work on Windows. There is nothing advanced about it. It does not have login or the cloud console. It will only give you alerts if the machine is connected to the domain. It was a legacy product looking at the malware and the threat landscape. There was no ransomware protection. There was no sandboxing any threats if there was an unknown file. Now, it will be sent over to Cisco Threat Grids and go right on the VM, then there will be a verdict passed saying, "Good file, bad file, suspicious file." Previous solution didn't have that. 
  2. Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection.

We had ransomware before we had Cisco AMP. Basically, the user calls you to say, "Hey, there are some files I cannot access well." You log into the machine and look at the processes, then you see there is a process encrypting all the files. You kill the process, get the files (which have been touched), and then start to restore. However, how can I be certain that the process which was started by the user did not leave a scheduled task saying, "In five hours, we have to start another thing," or did it upload any user data to a different machine? How can I know if was there was data loss involved in this incident?

With our previous solution, you had no way to be sure that you were not missing something, if there were not any files left, passwords/data stolen, connections made to different machines, booby traps or scheduled tasks left, etc. With Cisco AMP, if it manages to execute, I can say, "How did we get this file?" With one click, I can block it from being downloaded from the Internet and being emailed in/out of our environment. I can also see if there were any files created or connections being made. Then, I can be 100 percent sure if there was a data exfiltration, anything left behind, or if we missed anything. AMP is very thorough.

With our previous solution, if it was known malware, we would get an alert. If it was an unknown malware or ransomware, our users were our detectors. Then, it might take hours before they could say, "Hey, something's not working for me." Cisco AMP will get you that same alert within minutes of an incident occurring.

Before we had the Orbital tool and Threat Response, we were just feeling around in the dark if we were doing an investigation. We were never sure, "Did we get everything?" We did positively identify malicious malware, but, "Did we miss anything? Has anything else happened? Is this also happening on different machines?" There were these questions we were not able to get 100 percent satisfying answers on. With Cisco AMP, Threat Response, and Orbital, we are 100 percent certain that we got every trace of malicious software. We're also certain that no other machines have been compromised or will be compromised in the same way.

How was the initial setup?

The initial setup is straightforward. Because the console is cloud-based, you get an email saying, "An account for you has been created. Click here to login." Then, there is the console. There are some basic groups there, and you say, "I want to have these settings." You download an installer, which already has the policy you defined included, and run it. It installs the connector on the endpoint, then the endpoint starts talking with your console. That's all you have to do. 

You log into a website, configure your settings, get an executable that you deploy to your endpoints, and that's it. Any policy or connector updates can trigger from the console, because if you can use a web browser, you can deploy Cisco AMP and update it.

I had the first machines deployed within an hour. After, we started a fine-tuning process, which includes policies, exclusions, and rights. Total deployment was probably two or three weeks before it was part of our default image, where every new machine was being imaged with a connector included.

What was our ROI?

Time to response is a lot faster. With every incident, at least six to 10 man-hours are saved because the damage has been reduced significantly. Additionally, if I have to work on file restore for six hours, for those six hours, my IT users cannot work on that application. This does not even take into account lost productivity of hundreds of users waiting to get access to the data again who also have to wait for six to 10 hours.

The visibility has increased a lot because all the heavy work is being done in the cloud. Therefore, we see a lower CPU and memory footprint on the endpoints. All the connectors on the endpoints send your information to the cloud where it is being analyzed, then it just gets the information back. There is not a lot of heavy stuff going on with the endpoint compared with the previous solution where you had a lot of work being done on the endpoint. Thus, you're taking away CPU cycles and memory from the applications you wanted to run there.

Our technicians are doing more meaningful tasks. They can just do their threat hunting and incident response without having to find tools that can do the things already built into AMP and Threat Response.

What's my experience with pricing, setup cost, and licensing?

There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization.

Note: You can upgrade or increase the number licenses by just placing a new order.

Which other solutions did I evaluate?

We did do a product selection, but we did only the proof of value with Cisco AMP. We looked at Trend Micro and a VMware product on paper. However, looking at our integration possibilities, since we were already using Email Security and firewalling from Cisco, there was no other product that offered the same level of integration.

What other advice do I have?

Read the manual. There is a lot of information in there. 

Cisco gives threat hunting workshops globally, which are free. They take about half a day and show you how to use this product for threat hunting. Because we're looking at protection and antivirus, we're looking at a reactive response if there is a nasty file to be blocked. With Cisco AMP, you get the possibility to proactively go hunting for threats and find them before they become a problem. With this workshop, it will really shows you the different tools with real life examples, how to effectively test, and make the most of your investment in Cisco.

The solution’s endpoint protection is very comprehensive in terms of the operating systems and devices it protects, e.g., servers, Windows and Linux, smart devices, tablets, or home PCs. As long as it has an Internet connection, I can deploy an endpoint connector. I can get all the input into Microsoft for that endpoint as well. We haven't had any operating systems or devices in which we could not get visibility with AMP.

Other solutions are just the basic, "There was something wrong." They will give you the location, but will not give you the context, from which user, nor show you how the file got onto the system. With Cisco AMP, I just open a dashboard and it will show me (without doing anything), "We had 60 malware incidents via Chrome. We had five malware incidents via Outlook. We had two malware incidents from USB sticks." Immediately, we have an overview of how we're doing today, also showing where the nasty things are coming from. I don't know if there is anything that I'm not seeing.

With Threat Response, there should be some new integrations announced later this month.

I would rate this solution as a 10 (out of 10). 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Ivan Cantu - PeerSpot reviewer
AE at a tech services company with 1-10 employees
Real User
Top 10
Has cloud-based management feature that helps customers to manage their security from anywhere with an internet connection
Pros and Cons
  • "The tool's most valuable feature is its integration with other Cisco products, such as switches and routers. This integration allows comprehensive coverage of security parameters across the customer's entire network. Customers find it easier to manage because they already know Cisco products. The cloud-based management is another valuable feature, enabling customers to manage their security from anywhere with an internet connection."
  • "Cisco Meraki could benefit from AI assistance or intelligent assistance features. Compared to competitors like Juniper, Cisco Meraki currently lacks a digital network assistant, which is an area Cisco is reportedly working on."

What is our primary use case?

Cisco Secure Endpoint, often paired with Firepower and Cisco Umbrella, is primarily used for perimeter security and DNS protection.

What is most valuable?

The tool's most valuable feature is its integration with other Cisco products, such as switches and routers. This integration allows comprehensive coverage of security parameters across the customer's entire network. Customers find it easier to manage because they already know Cisco products. The cloud-based management is another valuable feature, enabling customers to manage their security from anywhere with an internet connection.

What needs improvement?

Cisco Meraki could benefit from AI assistance or intelligent assistance features. Compared to competitors like Juniper, Cisco Meraki currently lacks a digital network assistant, which is an area Cisco is reportedly working on.

For how long have I used the solution?

I have been working with the product for three years. 

What do I think about the stability of the solution?

The solution is very stable. I don't hear complaints from customers about it not working right.

What do I think about the scalability of the solution?

I rate the solution's scalability a nine out of ten. 

Which solution did I use previously and why did I switch?

Palo Alto has a portfolio similar to that of Cisco. 

How was the initial setup?

Setting up Cisco Secure Endpoint is complex, primarily because it needs to be tailored to each customer's specific needs and network configuration. Factors like whether the customer has a segmented network or uses VLANs affect how the solution is implemented.

While it's straightforward for a customer with ten branches, it becomes more complicated with 30-50  branches - not due to technical issues, but because of logistical challenges. 

One or two people are enough for deployment for complex cases with 20-30 branches. They're network or security specialists with Cisco certifications like CCNP or CCNA. The number depends on how complex the project is, but most times, it's pretty easy to deploy. We also typically need one or two people for maintenance, depending on how many branches there are and how complex the project is. If there are more than 50 branches, it can be complex to manage. Our solution architects often have CCNP certification, which helps manage the customer's network across branches.

What's my experience with pricing, setup cost, and licensing?

The solution's price is about the same as that of Palo Alto solutions.

What other advice do I have?

I recommend Cisco Secure Endpoint to others. It has been around for a long time and knows its stuff. Their Talos intelligence tool allows customers to see and secure their networks. I rate the product a nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Berkhan Yaman - PeerSpot reviewer
Cyber ​​Security Specialist at a tech services company with 11-50 employees
Reseller
Top 5
Multi-layered protection that allows complete visibility and control with significant limitation in speed
Pros and Cons
  • "It provides real-time visibility and control over endpoints, allowing its users to promptly respond to any security incidents and remediate any vulnerabilities."
  • "Due to the complexity of the technology that is used and its advanced threat detection capabilities, it is possible to encounter many delays in operation."

What is our primary use case?

We use it to deliver the best endpoint protection and control for our clients. We offer them MSSP services for their products, so they are assured that their product is fully visible and protected.

How has it helped my organization?

It offers advanced threat protection by using machine learning to prevent any possible cyber threat, including malware and ransomware. We get complete real-time visibility and control over the system, so it is easy to track any possible data breaches. You can see on the report what kind of tactic was used and at what time. It provides a comprehensive security posture for our company.

What is most valuable?

It provides real-time visibility and control over endpoints, allowing its users to promptly respond to any security incidents and remediate any vulnerabilities.

What needs improvement?

Due to the complexity of the technology that is used and its advanced threat detection capabilities, it is possible to encounter many delays in operation. It can impact the business itself, so I would suggest an improvement in that area.

For how long have I used the solution?

I have used this product for seven months. 

What do I think about the stability of the solution?

I am highly satisfied with the stability. I would rate it nine out of ten.

What do I think about the scalability of the solution?

It offers good scalability. I would rate it eight out of ten.

How are customer service and support?

They provide good customer service and support. I would rate it eight out of ten. 

How would you rate customer service and support?

Positive

What about the implementation team?

The deployment process is seamless and fast. After the suitable option is selected and downloaded, it only takes a few steps to complete it and deploy it. The efficiency and promptness of the process greatly depend on the performance of the computer. 

What's my experience with pricing, setup cost, and licensing?

It is quite cost-effective. I would rate it ten out of ten.

What other advice do I have?

It is a very good product overall, it provides multi-layered protection, but its promptness is challenged, so that is something that should be worked on. I would rate it eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
reviewer2108991 - PeerSpot reviewer
Technical Engineer at a healthcare company with 5,001-10,000 employees
Real User
Top 20
Works well and helps with compliance, but logging could be better
Pros and Cons
  • "The VPN is most valuable. It's the best thing in the market today. We can use two-factor authentication with another platform, and we can authenticate with two-factor."
  • "Logging could be better in terms of sending more logs to Cisco Firepower or Cisco ASA. That's an area where it could be made better."

What is our primary use case?

We are using it for remote users, and that's our main reason for using it. We have a lot of colleagues who work outside the organization, and they need to connect to the local, on-prem resources for file sharing and other things that we have in our data center. That's it.

How has it helped my organization?

It helped to free up our IT staff's time. We don't need to manually check everything in the compliance area. Everything is automated, so we don't need to check all the time. I don't know how much time it has saved, but it helped us a lot.

What is most valuable?

The VPN is most valuable. It's the best thing in the market today. We can use two-factor authentication with another platform, and we can authenticate with two-factor.

What needs improvement?

Logging could be better in terms of sending more logs to Cisco Firepower or Cisco ASA. That's an area where it could be made better.

For how long have I used the solution?

We've been using this solution for five or six years. 

What do I think about the stability of the solution?

We do not have any challenges, and we are fine with it. We are using it only for external endpoints, and we are very comfortable with it. 

What do I think about the scalability of the solution?

We don't see any difficulty there.

How are customer service and support?

It's very nice. You get feedback very easily. I'd rate them an eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were using another solution before. We switched because we have Cisco everywhere, and the best way is to go for Cisco for everything. That's our strategic plan.

How was the initial setup?

Its initial setup is straightforward, but I have been working with Cisco products for about 10 years. I have knowledge of how to use it, and it's very easy for us to implement.

The process of migration was easy. We have our own tools to migrate from the old one. In our environment, everything is on-prem, and we also have redundancy for the central equipment.

What about the implementation team?

We implement it ourselves. The number of people required depends on how big the organization is. We are not so big. We are a middle-sized organization, and for our use case, three or four people were involved in the planning and implementation.

What was our ROI?

We have not seen an ROI.

What's my experience with pricing, setup cost, and licensing?

We had faced some license issues, but it has been improved. At the beginning of the implementation, we faced a lot of licensing issues, but now, we have EA licensing, which gives us an opportunity to grow.

What other advice do I have?

If you have a Cisco environment inside, it's best to have a Cisco solution for the outside. You don't need to use multiple vendors because it can be difficult for them to communicate with each other. Sometimes, there can be difficulties when you have different vendors.

Overall, I'd rate it a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MD.SIHAB TALUKDAR - PeerSpot reviewer
System Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 20
A stable component of our network infrastructure security
Pros and Cons
  • "The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
  • "I would like to see integration with Cisco Analytics."

What is our primary use case?

We are system integrators and we use this product for DNS security, which is integrated with the DNS service.

How has it helped my organization?

Cisco AMP is the broadest, most integrated security platform that connects the breadth of Cisco's integrated security portfolio and the customer's infrastructure for a consistent experience. It unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications--all without replacing your current security infrastructure or layering on new technology.

What is most valuable?

The entirety of our network infrastructure is Cisco and the most valuable feature is the integration.

What needs improvement?

I would like to see integration with Cisco Analytics.

For how long have I used the solution?

We have been using the total Cisco solutions including AMP for Endpoints, Umbrella, and Firepower for three years.

What do I think about the stability of the solution?

This is a stable product.

What do I think about the scalability of the solution?

This solution is scalable.

How are customer service and technical support?

I have contacted them in the past to raise a case and they were able to resolve it.

Which solution did I use previously and why did I switch?

We use the traditional antivirus, its don't able to protects real time protection don't have firewall integration.

How was the initial setup?

The initial setup involves integration with other products such as Talos. The deployment took us about one day.

Which other solutions did I evaluate?

Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world.These teams are supported by unrivaled telemetry and sophisticated systems to create accurate, rapid and actionable threat intelligence for Cisco customers, products and services.

What other advice do I have?

I began with implementing Cisco AMP for Endpoints and then integrated Umbrella and the other products after that.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MohamedEladawy - PeerSpot reviewer
Service Security Lead at Salam Technology
Real User
Good sandboxing features but the technical support could be better
Pros and Cons
  • "It is a very stable program."
  • "The technical support is very slow."

What is our primary use case?

We mainly use this program for our business operations.

What is most valuable?

The feature I find most valuable is the sandboxing.

What needs improvement?

I think there should be better support and I would also like to see an easier implementation of the solution. The support should be cheaper and more available during the implementation stage. It would be great if they could have support teams that involve an AMP team because there's a specific team for AMP.

For how long have I used the solution?

I have been using Cisco AMP for Endpoints for around three years now.

What do I think about the stability of the solution?

Cisco AMP for Endpoints has been very stable so far. 

What do I think about the scalability of the solution?

I believe the solution is scalable. We have around 200 end users working on this program, and then we have a team of 15 that is responsible for technical and maintenance issues.

How are customer service and technical support?

I will rate the technical support a six out of ten because their response time was very slow. Not as fast as they used to be.

Which solution did I use previously and why did I switch?

We also use Micro, so we use two programs simultaneously. 

How was the initial setup?

I did the initial setup myself and it was really easy and straightforward.

What other advice do I have?

I will recommend this solution to others. I would, however, like to see better features and implementation to cover some points. It would be nice if they could add more protocols to support encrypted files, and be able to inspect an encrypted file, or at least be able to support that. Better and faster technical support is also necessary. 

On a scale from one to 10, I rate this solution a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Buyer's Guide
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions.