Cisco Secure Endpoint

Cisco Secure Endpoint
Formerly Cisco AMP

About TrustRadius Scoring
Score 8.7 out of 100
Cisco Secure Endpoint


Recent Reviews

Read all reviews

Popular Features

View all 7 features
  • Centralized Management (17)
  • Anti-Exploit Technology (17)
  • Endpoint Detection and Response (EDR) (17)
  • Infection Remediation (17)

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Cisco Secure Endpoint, and make your voice heard!


View all pricing

What is Cisco Secure Endpoint?

Cisco Secure Endpoint (formerly Cisco Advanced Malware Protection [AMP] for Endpoints) offers cloud-delivered next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR).

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit…


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

50 people want pricing too

Alternatives Pricing

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection…

What is CrowdStrike Falcon?

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance…

Features Scorecard

Endpoint Security


Product Details

What is Cisco Secure Endpoint?

Cisco Secure Endpoint (formerly Cisco Advanced Malware Protection [AMP] for Endpoints) offers cloud-delivered next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR).

Cisco Secure Endpoint Features

Endpoint Security Features

  • Supported: Anti-Exploit Technology
  • Supported: Endpoint Detection and Response (EDR)
  • Supported: Centralized Management
  • Supported: Infection Remediation
  • Supported: Vulnerability Management
  • Supported: Malware Detection

Cisco Secure Endpoint Video

Cisco Secure Endpoint Downloadables

Cisco Secure Endpoint Integrations

Cisco Secure Endpoint Competitors

Cisco Secure Endpoint Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Symantec Endpoint Security, ESET PROTECT, and McAfee Endpoint Security are common alternatives for Cisco Secure Endpoint.

Reviewers rate Centralized Management and Malware Detection highest, with a score of 8.7.

The most common users of Cisco Secure Endpoint are from Mid-sized Companies (51-1,000 employees) and the Information Technology & Services industry.


View all alternatives

Compare with

Reviews and Ratings




(1-17 of 17)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Cisco Secure Endpoint to protect staff devices within our school district. Cisco Secure Endpoint helps us make sure we take an additional step to protect our systems from cyber-attacks and threats. Cisco Secure Endpoint also provides an inventory of potentially vulnerable software. We then know which systems we need to address when vulnerabilities are announced.
  • Protects endpoints from known viruses
  • Protects endpoints from emerging threats
  • Reports devices that have known vulnerabilities
  • Navigation is just a little more complicated
  • Better reporting
  • MSP support models
Cisco Secure Endpoint is a very good endpoint protection solution. It would be particularly good for someone with the time and ability to really work with it to get the most out of it. This would include the other Cisco product integrations and systems that it works well with.
The basic features of the software are not too hard to use. Some of the advanced features can be more difficult. We find that our less experienced tech staff has a much more difficult time working in the dashboard.
In terms of technical support for Cisco Secure Endpoint, the support has been pretty good. All the cases I submitted were solved in a reasonable time frame, and it was a good experience. However, I find that not as many vendors have the expertise I would expect.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Cisco AMP was deployed amongst all workstations and servers, tied closely with other Cisco infrastructures such as Umbrella, FirePower, ESA, and WSA to bring in all the event telemetry to make best-informed decisions on application/file access and/or movement. Cisco AMP aimed to help solve malicious file access/movement and ransomware detection.
  • Retrospective Alerting.
  • Sandboxing.
  • Scanning & Detection.
  • Quarantining.
  • Overall reporting.
  • Access to endpoints via SSH/shell.
  • Deployment support with SCCM.
AMP is well suited for organizations that have made the investment with Cisco's full security suite. The integration provided with all other platforms such as the firewall, web and email gateway, and Cisco Umbrella works well to not only quickly detect malicious activity, but block it before it hits the endpoint. Cisco AMP is not suited for small organizations, who are looking for a sole A/V product. Missing out on all the additional integration would make AMP a very pricey product.
Of all the anti-malware tools I've used, I found Cisco Secure Endpoints to be one of the top players in the market. Its ability to detect malicious content and then retrospectively go back and quarantine older files was a key feature that was counted on time after time. In addition, the timeline view of activity really helped us work backward from when an event was detected to discover its entry point.
Cisco's AMP support is pretty good. There were not many occasions where I felt that their engineers were inexperienced or that I had to wait too long for a response. Overall, I received support for items that were even outside of their scope, such as deployment planning and policy management.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Cisco Secure Endpoint is deployed in departments and works well when it comes to handling online threats/cyber attacks. We no longer have to worry about viruses, malware, among other online threats. The software is quick to detect these threats and block them before getting into our IT infrastructure. Besides scanning and blocking threats, Cisco Secure Endpoint also sends notifications to the admin for more action.
  • Great viruses protection.
  • Great threat detection and blocking features.
  • Malware analytics.
  • Easy to use.
  • Affordable.
  • The reports are straightforward.
  • I like the notification features.
  • No bad experiences.
Cisco Secure Endpoint is a great product and since it has worked for us, I'm recommending it to every other business. All businesses face online threats and cyber-attacks and will this endpoint protection software, your business is in a better position to handle threats.
Using and understanding Cisco Secure Endpoint is easy.
The support is knowledgeable and very responsive.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Cisco Secure Endpoint is installed and used on all computers at our company. It is an invisible guard that you rarely notice, but it has strong protection capabilities that prevent the corporate systems from being attacked from the outside. The application runs in the background and requires very little system resources or user intervention while providing a strong shield from intruders.
  • Runs in the background and does not require end-user intervention
  • Uses cloud protection solution that always stays up-to-date
  • Low system requirements to run
  • The ability of generating a report with a summary of prevented threats
It is a great security solution for corporations of all sizes that care about keeping their technology and users secure.
It is very autonomous, secure, and highly configurable.
Cisco Secure Endpoint plays a huge role in keeping the employees secure.
sitaram gurjar | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
[A Cisco] secure endpoint is an advanced tool that detects and prevents malware from affecting your email and organization data. [Cisco] secure endpoint is fully capable for prevent cyber attacks on your organization. it offers cloud-based next-generation antivirus and advanced endpoint detection and response. [We] are using this for the last 2 years. malware attacks are increasing day by day. with the help of the cisco secure endpoint, we can easy to stop the malware attacks and it also sends alerts and logs which will help us in the future.
  • [It] will stop the threats before the compromise.
  • [Very] fast performance and quick response on attack.
  • Maximize operations efficiently[.]
  • Easy to configure and manage[.]
  • Logging
  • Dynamic malware analysis[.]
  • Alert send.
  • [We] can manage this through centralized management[.]
  • [Quick] malware detection[.]
  • The cost is little bit high[.]
Cisco Secure Endpoint is well suited for every organization and it is fully capable for detect and prevent malware attacks on your organization. it gives us [all] the security features which help us to manage the organization without any security attack and downtime. we can easy to configure and deploy in [the] existing network and we will never face any big downtime. the customer support is also very good and helpful. Cisco provides lots of documentation for help.
We have been using this for the last 2 years and we never faced any malware attacks on our organizations. [Cisco Secure Endpoint] is an advanced and high-performance tool for detecting and preventing malware attacks on your organization. [We] can configure and install the [Cisco Secure Endpoint] very easily and manage through a centralized [location.]
Cisco is always best and known for good 24/7 technical support. the [SLA] is very good and cisco provides us all the information document for study. the [Cisco] support community is also very good and helpful.
Randy Zuehlke | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Cisco Secure Endpoint is used across our entire network. It is on all of our endpoints and addresses the security of such. It is our sole EDR solution and protects us against malware and particularly the current rising threat of ransomware and APTs.
  • Identifies malware, malicious processes/services and other events well
  • Great automated actions features such as host isolation
  • Detailed threat visibility such as file trajectory
  • Integration with other Cisco suite of security products
  • Great value
  • Low false positive rate
  • Lightweight agent
  • Variety of reporting
  • Stable agent
  • Additional methods for blocking such as file path and not just file hash
  • File blocking by other hashes other than SHA 256
  • Email notifications of certain predefined events
Cisco Secure Endpoint has proven to be well suited for most if not all of our security concerns on our endpoints. From the annoying unwanted PUA to the sophisticated attack by an APT, it has been outstanding in identifying and stopping malicious activities on our endpoints both workstations and servers.
The platform provides an enormous amount of capability and information to the administrators in an intuitive and meaningful format. From monitoring to the development of different security policies for our environment, Cisco Secure Endpoint is an easy to use and effective endpoint security solution. Once a threat enters your environment, you are able to identify it and track its trajectory and stop it in its tracks.
From our customer service representative to Cisco TAC for technical support, we have experienced fantastic support. Our customer service representative is always responsive and resolves all of our needs. Furthermore, our technical support from Cisco TAC has been great. As an example, we recently had an issue with the Exploit Prevention Engine (Cisco Secure Endpoint has several malware engines) blocking a specific Excel file within our environment. Cisco TAC worked with my staff to identify the issue and resolve it in a timely and effective manner. If a particular issue is not resolved by a technician, it is quickly escalated to higher level support staff.
Score 5 out of 10
Vetted Review
Verified User
Review Source
We are currently using Cisco AMP across the entire organization. All endpoints with the exception of a few servers have the agent installed. Our main use for AMP is to protect and clean any malware that may enter our environment. AMP provides an enterprise grade anti-virus/anti-malware solution with centralized cloud management.
  • AMP remediates threats without administrator intervention
  • AMP provides a detailed dashboard of new threats or events that occur
  • AMP is very configurable, policies can be scoped granularly
  • The dashboard should be easier to use
  • The agent updates are very cumbersome to manage
  • AMP support is difficult to use compared to Meraki. Lots of hoops to jump through to get someone on the phone.
AMP has effectively cleaned malware on our endpoints. Unfortunately, there have been many false positives with no real explanation or detail. The engine that runs AMP is somewhat heavy on system resources, you should carefully consider the impact on production servers before deploying this to the enterprise. Since AMP is very configurable, it can be used in a variety of ways on any operating system or platform including iPhone, and Linux.
AMP is very difficult to use compared to other products we've seen. It's hard to understand why there are so many different logins for the various products that supposedly integrate with AMP. We had weekly phone calls for months to implement the product yet none of the IT department really enjoys using this product or feels comfortable with the accuracy of detections. The number of false positives is high.
I've called support a few times and my experience was very poor. The process of opening a ticket is unnecessarily difficult. You are required to speak to multiple people. One person answers the phone and takes basic details, creates the ticket, then you wait for a call back from their engineers depending on how severe your issue is. In comparison to Meraki support where you get help right away after providing them your support passcode, AMP has a long way to go!
Score 8 out of 10
Vetted Review
Verified User
Review Source
AMP is being used across the entire organization on every domain joined workstation and server. We use it as our primary defense against malware and we use its reports combined with our case management system to create incidents for any high or critical cases. We also use it to isolate any out of compliance devices, like Windows 7 machines with no ESU.
  • Endpoint Isolation. It allows us to remove EAST/WEST exposure while still giving internet to a device.
  • Policy grouping. The granularity of the policies allow us to roll out updates in stages and test new settings effectively.
  • Scan analysis. Allowing the scans to be submitted for analysis saves you that extra time spent parsing long log files.
  • Event search function. The searching is very limited and allows for poor filtering choices.
  • Slowness. The web GUI is far slower than most Cisco products.
  • Sync issues. When attempting to move a device from one group to another or start isolation on a device, there is a sizable delay in communication with the device that can cause operations to fail.
AMP is best as part of a Cisco suite of solutions. If you are just looking for end point protection and do not use other Cisco products, get something else. AMP is best when integrated into Firepower, SecureX, and Umbrella. With all of these parts feeding data in and out, AMP becomes another piece of the puzzle to protect against common and day zero malware.
The UI is slow and clunky. The event search function needs an overhaul (you can't sort or search by custom terms or by event criticality). However, it allows for great visibility on individual machines and by using scheduled reports we can capture each event and use a parser to pull the important ones.
TAC responds quickly and well. They also are helpful during health checks in providing a laundry list of ways to improve our utilization of AMP. That said, TAC is a bit of a roll of the dice. About 80% of their agents are helpful, the other chunk are less useful than a Google search.
Oleksandr Tsapenko | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
Currently I'm using Cisco Advanced Malware Protection (AMP) for Endpoints but have a plan to implement it widely in my company. I think Cisco Advanced Malware Protection (AMP) for Endpoints is a very useful solution for achieving our goal to secure users from risk to be infected by malware.
  • Ease of use
  • Straight method to solve specific security issues and fulfill the security gap
  • Cisco Advanced Malware Protection (AMP) for Endpoints could have some features to integrate with third-party solutions
Specific tool for specific need. If you have a gap in your security infrastructure (protection from malware) you might think to use Cisco Advanced Malware Protection (AMP) for Endpoints to make sure your company's devices are safe. But also you can go beyond and enforce your SOC with Cisco AnyConnect where Cisco Advanced Malware Protection (AMP) for Endpoints is used as one of modules.
Great web interface, which allows you to easily manage all devices and have an overall view of the whole security picture.
Like most Cisco products, Cisco Advanced Malware Protection (AMP) for Endpoints has a great knowledge base on Cisco's community portal, but unfortunately the Cisco support team cannot always clearly describe the solution for your issue, especially if it is related to the demo period. Nevertheless, Cisco goes to great efforts to improve your current situation with Cisco Advanced Malware Protection (AMP) for Endpoints support.
Sebastián Sarasate | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Cisco Advanced Malware Protection is our antivirus and antimalware solution. It is deployed throughout the organization.
  • It is simple.
  • Its administration is centralized.
  • Integrates with other brand products.
  • Greater market penetration.
  • More documentation.
  • More partners with deep knowledge.
I consider that Cisco Advanced Malware Protection is very useful and recommended in environments with a large number of computers, in different locations and with a high risk.
If other products of the suite such as umbrella, stealwatch and / or Cisco ISE are also used, much better.
I give it a very good score due to its simplicity in deployment, actually being able to do everything remotely is very good. Also noteworthy is the low consumption of resources compared to other competitive products.
Cisco support is really very remarkable and the tool has a good integration with other products, a very good work dashboard and very useful reporting.
Score 7 out of 10
Vetted Review
Verified User
Review Source
Cisco Advanced Malware Protection (AMP) is being used across our entire school district for endpoint protection. We have over 10K devices, that it protects from various antivirus and malware threats. Its is a very robust cloud managed solution.
  • It gives great visibility of all detected threats across our devices.
  • It is very easy to deploy and maintain.
  • The cloud UI is constantly being updated with new features.
  • I don't know if this is a bad feature but the engine is very sensitive it picks up a lot of things that are not always threats.
  • While AMP is a strong product it is not cheap.
  • Software upgrades usually require a reboot which can make it difficult with student devices.
While on the expensive side, Cisco Advanced Malware Protection (AMP) is a solid product that is very robust and can be customized a lot. It can also integrate with Cisco's threat grid, umbrella, firepower and other security solutions to give a more broad range of visibility.
Cisco support is top notch.
Wouter Hindriks | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Cisco Advanced Malware Protection for Endpoints is being used as the primary antivirus product across our thousands of endpoints and servers to protect our end-users before, during, and after any malicious activity or malware incident. The features of the product make it effective against both known and unknown malware but also against malicious activity using legitimate software tools.
  • lightweight connector
  • great integration with other security products
  • highly effective
  • will also alert for vulnerable software being used on your systems
  • Management console is web-based, which is always less customizable.
Any internet-connected device can be protected (Windows, Mac, Linux, Android, & Apple) and Cisco Advanced Malware Protection can integrate with email, web, and firewall security products to provide full coverage and visibility.
Cisco Threat Response (free) makes investigation and prevention much easier. The ability to share casebook with other users makes collaboration during incident response effective.
Easy to deploy, use, manage.
Support for AMP is excellent, some of the best engineers I have worked with.
Rik Aragoza | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
Day-to-day use, implementation, and deployment experience were awesome! Being in internal IT support, Cisco Advanced Malware Protection provides an additional layer of security with minimal to no effort in making sure that we have visibility and security with our endpoints. Maintenance and routine work were lessened due to the feature set that this application brought!
  • We utilize Cisco AMP on our ASA and our CES as well.
  • Using it everywhere gives us great visibility into where a file came from and what it does.
  • It provides complete protection for endpoints, from the point of entry and acts to prevent vulnerabilities.
  • In addition, it provides users with a view of possible blind spots which is cross-platform (Windows, Android, iOS, Linux, macOS) and can immediately perform isolation with only a few clicks!
  • Sometimes during whitelisting, other files from security tools get isolated even if it's not user intended.
  • Re-syncing policies also take some time, albeit in a straightforward process.
  • As with all security software, false-positives are still detected.
  • Hoping that once the library is expanded further, the false positives will be fewer.
For starters looking for endpoint security, or companies looking to upgrade those initial safe measures, Cisco Advanced Malware Protection is definitely worth a look to see if it would be compatible with their use-case. Even for bigger and most established companies, I think it's still worth considering all together.

It might not be appropriate for those who already have a long-term/standing security application that they go with as the migration or transition towards Cisco AMP might not be well suited.
If you are looking at a new security software or at least planning to change your current one, make sure that this is on the short-list as the feature-set is extensive!

It provides complete protection for endpoints, from the point of entry, and acts to prevent vulnerabilities.

It provides users with a view of possible blind spots which is cross-platform (Windows, Android, iOS, Linux, macOS) and can immediately perform isolation with only a few clicks.
All cases (albeit minimal) were handled appropriately towards resolution by Cisco's support. Kudos to them!
We only looked at administrator guides and deployment materials for end-user training, as it's only a handful of people in the support team that is working with this application. We also had senior security engineers assisting on the deployment making it a breeze. Administrator and Deployment guides helped a lot, in addition to the support that Cisco provides if needed.
November 20, 2019


Score 8 out of 10
Vetted Review
Verified User
Review Source
AMP is being used across our organization on workstations and servers.
  • Detects malware and viruses on endpoints.
  • AMP shows a timeline associated with an event and if the malicious event has spread.
  • AMP quarantines but also does retroactive pullbacks of malicious attachments or downloads if they are later discovered to be bad.
  • I would like to see some emphasis put on being able to makes notes if there is an incident you are working on so other analysts do not have to open the incident or ask you if you have worked on the incident.
  • More clarity around files/downloads that are that they do not end up in your incidents but maybe another tab for incidents that AMP resolved without need for work by an analyst.
  • I would like to see silent upgrades. At this moment in order to upgrade you have to do a reboot, this is my biggest frustration.
AMP is a great addition to any organization. AMP is your eyes and ears, keeps you on the pulse of your organizations end point safety. The console is easy to use. AMP has helped us see immediate threats so that things do not go unnoticed in our environment and that is a huge win.
We have needed very little support, but anytime we need to reach out for assistance they have always been helpful and knowledgeable about the product and helped us resolve any issues or needs we may have.
November 16, 2019

AMP, a good choice

Score 9 out of 10
Vetted Review
Review Source
AMP is being used across the whole organization and several costumers. We use it to block malware, provides visibility to what is running on our endpoints.
  • Detects and block malware on endpoints.
  • It provides good visibility and trajectory.
  • Easy to deploy.
  • The need for a reboot in upgrades.
  • The number of exclusions.
AMP is well suited for any organization, it helps to reduce risks on catching malware on endpoints.
Anytime we have needed support they have helped us to solve our issues quickly.
October 02, 2019

Review of Cisco AMP

Score 10 out of 10
Vetted Review
Verified User
Review Source
It is being used across the entire organization. We use it to block malware attacks and other types of potential security attacks.
  • Easy to install/push to computers.
  • Runs in the background.
  • AMP helps drastically reduce investigation and remediation cycles.
  • More options for the end-user.
For us, Cisco AMP has been well suited for us to easily check for potential security breaches, malware, etc. I can't really think of any limitations.
It's been a very effective tool for the company.
Scott Shipley | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
AMP is used globally across the entire organization. It provides great protection and visibility to what is executing on my servers and endpoints. Operationalizing the tool with our ITSM system allows for quicker remediation.
  • Provides good visibility to vulnerable software.
  • Device trajectory for applications is very useful when determining if an application should really be whitelisted.
  • It is very effective at mitigating command and control.
  • The tool needs a facility for submitting SHA-256 and samples via the web interface to report false positives. This is a very common issue and a quicker method for submitting these types of items must be addressed.
  • Reporting need to be reintroduced as it was available in earlier versions of the management portal.
  • The limited number of exclusions can be challenging depending on the environment.
AMP is great for providing endpoint visibility of your endpoints. However, it is not a catch-all for everything happening on your systems. Limited visibility to powershell execution is a weak point and would require further analysis.