Try our new research platform with insights from 80,000+ expert users

Cisco Secure Endpoint vs Cisco Secure Workload comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Secure Endpoint
Ranking in Cisco Security Portfolio
5th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
49
Ranking in other categories
Endpoint Protection Platform (EPP) (13th), Endpoint Detection and Response (EDR) (12th)
Cisco Secure Workload
Ranking in Cisco Security Portfolio
9th
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
15
Ranking in other categories
Cloud and Data Center Security (7th), Cloud Workload Protection Platforms (CWPP) (14th), Microsegmentation Software (4th)
 

Mindshare comparison

As of April 2025, in the Cisco Security Portfolio category, the mindshare of Cisco Secure Endpoint is 11.1%, up from 5.6% compared to the previous year. The mindshare of Cisco Secure Workload is 8.2%, up from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cisco Security Portfolio
 

Featured Reviews

Mark Broughton - PeerSpot reviewer
Tighter integration with Umbrella and Firepower gave us eye-opening information
We were using a third-party help desk. One of the ways that they were fixing problems was to delete the client and then add the client back if there was an issue where the client had stopped communicating. Any improvement in the client communicating back to the server would be good, particularly for machines that are offline for a couple of weeks. A lot of our guys were working on a rotation where the machine might be offline for that long. They were also terrible about rebooting their machines, so those network connections didn't necessarily get refreshed. So, anything that could improve that communication would be good. Also, an easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful. If you could say, "Okay, we've got these two machines. This one says it's not reporting and this one says it's been reporting. Obviously, somebody did a reinstall," it would help. That way you could get a more accurate device count, so you're not having an inflated number. Not that Cisco was going to come down on you and say, "Oh, you're using too many licenses," right away. But to have a much more accurate license usage count by being able to better dedupe the records would be good. I also sent over a couple of other ideas to our technical rep. A lot of that had to do with the reporting options. It would be really nice to be able to do a lot more in the reporting. You can't really drill down into the reports that are there. The reporting and the need for the documentation to be updated and current would be my two biggest areas of complaint. Also, there was one section when I was playing with the automation where it was asking for the endpoint type rather than the machine name. If I could have just put in the machine name, that would have been great. So there are some opportunities, when it comes to searching, to have more options. If I wanted to search, for example, by a Mac address because, for some reason, I thought there was a duplication and I didn't have the machine name, how could I pull it up with the Mac address? When you're getting to that level, you're really starting to get into the ticky tacky. I would definitely put the reporting and documentation way ahead of that.
Raj Metkar - PeerSpot reviewer
Discover internal application dependencies and create a dependency map
We actively seek improvements in integrating the Infoblox DDI platform with Cisco Secure Workload. This integration allows Cisco Secure Workload to learn about our networks and network tags, providing valuable insights into vulnerabilities related to the operating system and various applications installed on our servers. Recently, Cisco announced a new product called HyperShield, an AI-based autonomous micro-segmentation solution. While Cisco has not stated that HyperShield will replace Cisco Secure Workload, it represents a natural evolution for the company. HyperShield features dynamic policy discovery and enforcement; however, once policies are enforced, they do not change until a discovery occurs, requiring a re-enforcement process. This new platform operates autonomously, minimizing the need for user or security engineer intervention. I would have expected Cisco to incorporate more automatic discovery and enforcement features within the existing Cisco Secure Workload product. Instead of enhancing the current product, they have introduced a new solution. Cisco plans to honor existing Tetration licenses, allowing users to transition to HyperShield without additional costs, reflecting the investment enterprises have already made. From Cisco’s perspective, this represents a natural progression in their product line. While the product name changes, it seems more of a rebranding effort. The enhancements are greater autonomy, improved discovery, and automatic enforcement, which are now being introduced in HyperShield. Cisco Secure Workload offers automatic policy enforcement but cannot adjust policies dynamically as the application needs to change. Having used the platform for the past five years, the recent announcement has been reassuring. Cisco has confirmed that our investment in the platform will not go to waste. They will honor our existing licenses, providing a natural migration path to the new solution without any disruption

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"With Cisco Secure Endpoint, we now have visibility over what is happening on the endpoint side."
"The most valuable feature is signature-based malware detection."
"Real-time threat prevention using sandboxing, file trajectory, and retrospective security."
"Its most valuable features are its scalability and advanced threat protection for customers."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"It used to take us a month to find out that something is infected, we now know that same day, as soon it is infected."
"The most valuable feature at this moment is that Cisco AMP or Cisco Secure Endpoint solution is delivering a lot of things, and I always say to a lot of customers that if we didn't have Cisco AMP, we probably would have had ransomware somewhere. So, it's protecting us very well from a lot of hackers, malware, and especially ransomware."
"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"A complete and powerful micro-segmentation solution."
"It's stable."
"By using Tetration insight, we are able to get the latency on our level accounts and we can determine whatever the issue is with the application latency itself."
"The product offers great visibility into the network so we can enforce security measures."
"The solution offers 100% telemetry coverage. The telemetry you collect is not sampled, it's not intermittent. It's complete. You see everything in it, including full visibility of all activities on your endpoints and in your network."
"The most valuable feature of the solution is that we don't have to do packet captures on the network."
"The most valuable feature of this solution is security."
"Secure Workload's best feature is that it's an end-to-end offering from Cisco."
 

Cons

"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"Previously, there were options to uninstall the agent without a password if you had admin access, and this could be improved."
"It is an expensive solution."
"In the next release, I would for it to have back up abilities. I would like the ability to go back to a point in time to when my PC was uninfected and to the moment of when the infection happened."
"Logging could be better in terms of sending more logs to Cisco Firepower or Cisco ASA. That's an area where it could be made better."
"They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."
"Maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"It has an uninviting interface."
"Secure Workload is a little complicated to use, and the dashboard isn't intuitive, so it takes a while to learn how to use it."
"There's room for improvement when it comes to Cisco Secure Workload. A couple of internal areas could be refined a little bit. They are trying to solve it, depending on where you suppose the agent is. Suppose you have the agent on both the server and the client, which could be the front-end server or web server connecting to the. In that case, if those two are communicating on RPC, the server can look into its configuration. It could go down and find the configuration file on the FTP server and then set the policies to it. But there are a lot of different FTP servers out there. It's also a complex case for the tool to support all FTP servers."
"The multi-tenancy, redundancy, backup and restore functionalities, as well as the monitoring aspects of the solution, need improvement. The solution offers virtually no enterprise-grade possibility for monitoring."
"They should scale down the hardware a bit. The initial hardware investment is two million dollars so it's a price point problem. The issue with the price comes from the fact that you have to have it with enormous storage and enormous computes."
"The integration could be better, especially with different types of solutions."
"I'd like to see better documentation for advanced features. The documentation is fairly basic. I would also like to see better integration with other applications."
"It is highly scalable, but there is a limitation that it is only available on Cisco devices."
 

Pricing and Cost Advice

"The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market."
"We had faced some license issues, but it has been improved. At the beginning of the implementation, we faced a lot of licensing issues, but now, we have EA licensing, which gives us an opportunity to grow."
"Its price is fair for us."
"I rate the pricing a five or six on a scale of one to ten, where one is expensive, and ten is cheap."
"The Enterprise Agreement is like an all-you-can-eat buffet of Cisco products. In that vein, it was very affordable."
"It is quite cost-effective. I would rate it ten out of ten."
"Cisco Secure Endpoint is not too expensive and it's not cheap. It's quite fair."
"Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection."
"The price is based on how many computers you're going to install it on."
"Pricing depends on the scope of the application and the features. Larger installations save more."
"The pricing is a bit higher than we anticipated."
"Regarding price, Cisco Secure Workload can be expensive if you don't have a budget. If you're not doing micro-segmentation, every extra security measure or enforcement you're putting on top of your existing environment will be an extra cost. It's not a cheap solution at all. But from my point of view, if you need to do micro-segmentation, this is one of the best tools I've seen for it. I can't compare that to Microsoft's solution because I haven't looked into it. I've looked into VMware and Cisco. Those are the only two that I know of. I didn't know that Microsoft could do micro-segmentation at all. Maybe they can, but I haven't heard anything about it."
"The cost for the hardware is around 300k."
"The price is outrageous. If you have money to throw at the product, then do it."
"It is not cheap and pricing may limit scalability."
report
Use our free recommendation engine to learn which Cisco Security Portfolio solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Government
9%
Financial Services Firm
8%
Manufacturing Company
8%
Computer Software Company
26%
Financial Services Firm
10%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cisco Secure Endpoint?
The product's initial setup phase was very simple.
What is your experience regarding pricing and costs for Cisco Secure Endpoint?
Cisco is aggressive in pricing, making it competitive and sometimes even cheaper than other good products like CrowdStrike, Microsoft Defender, or SentinelOne.
What needs improvement with Cisco Secure Endpoint?
Cisco Secure Endpoint lacks features like DLP which other vendors offer. XDR is new, so integration capabilities with third-party tools need improvement. The forensic capabilities need enhancement,...
What do you like most about Cisco Secure Workload?
The product provides multiple-device integration.
What is your experience regarding pricing and costs for Cisco Secure Workload?
CloudStrike offers antivirus capabilities and firewall features for servers and VDI but lacks automatic policy discovery. This raises questions about the resources required to discover and write po...
What needs improvement with Cisco Secure Workload?
We actively seek improvements in integrating the Infoblox DDI platform with Cisco Secure Workload. This integration allows Cisco Secure Workload to learn about our networks and network tags, provid...
 

Also Known As

Cisco AMP for Endpoints
Cisco Tetration
 

Overview

 

Sample Customers

Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank
ADP, University of North Carolina Charlotte (UNCC)
Find out what your peers are saying about Cisco Secure Endpoint vs. Cisco Secure Workload and other solutions. Updated: March 2025.
848,716 professionals have used our research since 2012.