Cylance, a Blackberry company since the early 2019 acquisition, developed their flagship business antivirus and endpoint protection software in CylancePROTECT, featured in business and home editions boasting artificial intelligence guided protection. BlackBerry Protect is a post-acquisition evolution of CylanceProtect.
N/A
Cisco Secure Endpoint
Score 8.5 out of 10
N/A
Cisco Secure Endpoint (formerly Cisco Advanced Malware Protection [AMP] for Endpoints) offers cloud-delivered next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR).
If I had to recommend an endpoint AV solution, [BlackBerry Protect (CylancePROTECT)] would be on the list...in fact at the top of the current list. It is a cost effective solution. When we did the bakeoff in our selection we built 3 generic W10 PCs. We located a Malware repository on the internet and downloaded a package of 100. The first solution stopped 80% from installing, the second stopped 100%, [BlackBerry (CylancePROTECT)] would not let the package download! Winner winner chicken dinner :)
Cisco Secure Endpoint is well suited for keeping track of the many different and points that we have in our organization. All of these devices can easily be monitored with Cisco Secure Endpoint. It can monitor our servers and our desktops and laptops in our environment. It isn’t as appropriate for our student devices. However, those aren’t as critical since they are just Chromebooks.
Fast and Unobtrusive, users hardly notice that Cylance is running on their computer, except when it detects something malicious
User interface is simple for end users, and the management interface is streamlined and easy to get started with. The management interface has a quick tutorial that comes up upon first login that explains all the different aspects of how to configure CylanceProtect.
Customer support is fantastic - in that if you get stuck or need help understanding a feature/setting, they are quick to respond and help to ensure that your configuration is set as optimal as possible for your scenarios.
Once we, I guess one turned out that path because we have a small IT team, one of the big factors that came into play is how easy it was to deploy and the kind of security it provides for your endpoint devices. For us, it's got all those AI capabilities that really help. So traditionally when there was an incident on Alert on an antivirus program, you'd have a couple of guys run across the office to try to pull a plug. One of the awesome features with Secure Endpoint is its isolation mode that clamps down endpoint devices and then just isolate it. It's connected to, I think Cisco's tell us the threat intel environment. So they've got up-to-date metrics and fixes on threats out in the wild. And once they detect that, they apply it across your whole brand. So yeah, really effective for us.
One of the things that really stands out is the retrospective detections. So say something's detected two weeks later of a product that you had on your system. Initially it scanned it past, but then they discover vulnerability. The product has the ability to come back and retrospectively apply restrictions on specific applications you have on your environment. So I think that's one key winner.
It would be great if there was a way for an administrator to make a file as safe from the end user device when a false positive has occurred (which is rare). At present and administrator has to log into the web console, create an exception and then wait 60-120 seconds for this to be effective on the end user device, still great, but this can be frustrating for users that are urgently trying to use the file.
Executive reporting could be better. Just a single page dashboard report that could be included in other monthly reporting.
The interface has many views that all look the same, except that functionalities are different. This makes it incredibly difficult to find the action you want to take.
Built-in exclusion sets are missing a number of notable Anti-Malware products and must be manually implemented.
High learning curve due to complexity of the solution and the range of features it contains. Provided documentation is hidden in a small icon at the top of the page which is often off-screen when needed.
Color choices lead to panic situations during deployment. 1 questionable file could lead to the main display showing a large, bright red alert which makes customers think their whole environment is compromised.
AMP is very difficult to use compared to other products we've seen. It's hard to understand why there are so many different logins for the various products that supposedly integrate with AMP. We had weekly phone calls for months to implement the product yet none of the IT department really enjoys using this product or feels comfortable with the accuracy of detections. The number of false positives is high.
I have only used CylancePROTECT support one time and they were very fast and responsive with the answers that solved my issue. That is the only reason I gave them a 7 as I have only had one interaction with them.
In terms of technical support for Cisco Secure Endpoint, the support has been pretty good. All the cases I submitted were solved in a reasonable time frame, and it was a good experience. However, I find that not as many vendors have the expertise I would expect.
Cylance, I believe is the only one that uses the predict and prevent execution of advanced threats and malware at the endpoint. Cylance is by far a superior product.
Cisco Secure Endpoint is an advanced EDR solution that is highly effective and scalable. Our experience previously with MalwareBytes and Microsoft Defender was not horrible, but these products were not as effective and did not integrate well with our other security products to allow us to monitor and react quickly to address threats that were within our network. Key to any security effort is mitigation and the ability to quickly identify and respond so any damage can be avoided or limited.
AMP has been able to catch some serious infections and stop them from doing huge damage in our environment.
The overall cost of AMP vs the cost of not having this protection and getting hit with malware, or other nefarious damage to your environment is well worth the money.
