Try our new research platform with insights from 80,000+ expert users

Cisco Secure Endpoint vs Cybereason Endpoint Detection & Response comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Secure Endpoint
Ranking in Endpoint Protection Platform (EPP)
13th
Ranking in Endpoint Detection and Response (EDR)
12th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
49
Ranking in other categories
Cisco Security Portfolio (6th)
Cybereason Endpoint Detecti...
Ranking in Endpoint Protection Platform (EPP)
35th
Ranking in Endpoint Detection and Response (EDR)
26th
Average Rating
8.0
Reviews Sentiment
7.9
Number of Reviews
21
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of March 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Cisco Secure Endpoint is 1.6%, down from 2.2% compared to the previous year. The mindshare of Cybereason Endpoint Detection & Response is 1.1%, down from 1.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

Mark Broughton - PeerSpot reviewer
Tighter integration with Umbrella and Firepower gave us eye-opening information
We were using a third-party help desk. One of the ways that they were fixing problems was to delete the client and then add the client back if there was an issue where the client had stopped communicating. Any improvement in the client communicating back to the server would be good, particularly for machines that are offline for a couple of weeks. A lot of our guys were working on a rotation where the machine might be offline for that long. They were also terrible about rebooting their machines, so those network connections didn't necessarily get refreshed. So, anything that could improve that communication would be good. Also, an easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful. If you could say, "Okay, we've got these two machines. This one says it's not reporting and this one says it's been reporting. Obviously, somebody did a reinstall," it would help. That way you could get a more accurate device count, so you're not having an inflated number. Not that Cisco was going to come down on you and say, "Oh, you're using too many licenses," right away. But to have a much more accurate license usage count by being able to better dedupe the records would be good. I also sent over a couple of other ideas to our technical rep. A lot of that had to do with the reporting options. It would be really nice to be able to do a lot more in the reporting. You can't really drill down into the reports that are there. The reporting and the need for the documentation to be updated and current would be my two biggest areas of complaint. Also, there was one section when I was playing with the automation where it was asking for the endpoint type rather than the machine name. If I could have just put in the machine name, that would have been great. So there are some opportunities, when it comes to searching, to have more options. If I wanted to search, for example, by a Mac address because, for some reason, I thought there was a duplication and I didn't have the machine name, how could I pull it up with the Mac address? When you're getting to that level, you're really starting to get into the ticky tacky. I would definitely put the reporting and documentation way ahead of that.
Chad Kliewer - PeerSpot reviewer
We can make more informed decisions on whether an action is malicious
The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it. While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together. It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made. It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Integration is a key selling factor for Cisco security products. We have a Cisco Enterprise Agreement with access to Cisco Email Security, Cisco Firepower, Cisco Stealthwatch, Cisco Talos, Cisco Threat Grid, Cisco Umbrella, and also third-party solutions. This is key to our security and maximizing operations. Because we do have the Email Security appliance and it is integrated with Threat Response, we have everything tied together. Additionally, we are using the Cisco SecureX platform, as we were a beta test for that new solution. With SecureX, we are able to pull all those applications into one pane for visibility and maintenance. This greatly maximizes our security operations."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"The most valuable feature is signature-based malware detection."
"appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us."
"It provides real-time visibility and control over endpoints, allowing its users to promptly respond to any security incidents and remediate any vulnerabilities."
"I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"With Cisco Secure Endpoint, we now have visibility over what is happening on the endpoint side."
"The interface is user-friendly."
"What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it."
"Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective."
"The initial setup was easy and straightforward."
"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."
"The dashboard is very good and you can consider it as an interactive UI."
"I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."
"What I find most valuable is the clarity of the platform. It is very straightforward."
 

Cons

"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"Cisco Meraki could benefit from AI assistance or intelligent assistance features. Compared to competitors like Juniper, Cisco Meraki currently lacks a digital network assistant, which is an area Cisco is reportedly working on."
"The reporting and analytics areas of the solution need to be improved."
"They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."
"Cisco Secure Endpoint is an expensive solution."
"Previously, there were options to uninstall the agent without a password if you had admin access, and this could be improved."
"The initial setup is a bit complex because you need to execute existing antiviruses or security software that you have on your device."
"In the next version of this solution, I would like to see the addition of local authentication."
"The reporting feature needs improvement."
"The network coverage becomes an issue most of the time."
"Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."
"I would like to see improvements on the operational side, specifically in grouping."
"Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts."
"The integration with Microsoft solutions and Microsoft capabilities needs to be improved."
"I feel that the product lacks reporting features and needs improvement."
"While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper."
 

Pricing and Cost Advice

"The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market."
"Cisco's pricing is reasonable. We also do not need to opt for niche players, which would have charged us significantly more than Cisco for ecosystem solutions. We are highly satisfied with the pricing structure of Cisco's solutions they are reasonable."
"...the licensing needs to be improved. All the product features we need are there. It's just a matter of the complexity and the different offerings and trying to figure things out."
"I rate the pricing a five or six on a scale of one to ten, where one is expensive, and ten is cheap."
"The price is very good."
"Cisco Secure Endpoint is not too expensive and it's not cheap. It's quite fair."
"We can know if something bad is potentially happening instantaneously and prevent it from happening. We can go to a device and isolate it before it infects other devices. In our environment, that's millions of dollars saved in a matter of seconds."
"There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization."
"Though it is not the cheapest solution but it fits our budget. We pay an annual licensing fee."
"In terms of pricing, it's a good solution."
"The pricing is manageable."
"This product is somewhat expensive and should be cheaper."
"I do not have experience with the licensing of the product."
"I had to go through a third-party to purchase it, which I wasn't really pleased about."
"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."
"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
842,651 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Government
9%
Financial Services Firm
8%
Manufacturing Company
8%
Computer Software Company
18%
Financial Services Firm
11%
Manufacturing Company
8%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cisco Secure Endpoint?
The product's initial setup phase was very simple.
What is your experience regarding pricing and costs for Cisco Secure Endpoint?
I am not entirely sure about the exact licensing cost. It ranges from 2,000 to 2,500 INR annually.
What needs improvement with Cisco Secure Endpoint?
Previously, there were options to uninstall the agent without a password if you had admin access, and this could be improved. It may require a password for uninstalling clients, which would be help...
What is your experience regarding pricing and costs for Cybereason Endpoint Detection & Response?
Comparison with other products showed it be cheaper than some larger competitors. Set up cost for us were cheaper as we already had users experienced with the product in other business units. Initi...
What is your primary use case for Cybereason Endpoint Detection & Response?
We use it to improve detection in the whole industrial sector. We are a big energy company. Across multiple endpoints, we deploy the EDR to secure all, improve detection, and also attempt to automa...
 

Also Known As

Cisco AMP for Endpoints
Cybereason EDR, Cybereason Deep Detect & Respond
 

Overview

 

Sample Customers

Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank
Lockheed Martin, Spark Capital, DocuSign, Softbank Capital
Find out what your peers are saying about Cisco Secure Endpoint vs. Cybereason Endpoint Detection & Response and other solutions. Updated: February 2025.
842,651 professionals have used our research since 2012.