Skip to main content
Cisco Secure Endpoint

Cisco Secure Endpoint
Formerly Cisco AMP


What is Cisco Secure Endpoint?

Cisco Secure Endpoint (formerly Cisco Advanced Malware Protection [AMP] for Endpoints) offers cloud-delivered next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR).

Read more
Recent Reviews
Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Endpoint Detection and Response (EDR) (23)
  • Anti-Exploit Technology (23)
  • Infection Remediation (23)
  • Centralized Management (23)

Reviewer Pros & Cons

View all pros & cons

Video Reviews

1 video

Cisco Secure Endpoint Review
Return to navigation


View all pricing

What is Cisco Secure Endpoint?

Cisco Secure Endpoint (formerly Cisco Advanced Malware Protection [AMP] for Endpoints) offers cloud-delivered next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR).

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit…


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

112 people also want pricing

Alternatives Pricing

What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection…

Return to navigation


Endpoint Security

Endpoint security software protects enterprise connected devices from malware and cyber attacks.

Avg 8.4
Return to navigation

Product Details

What is Cisco Secure Endpoint?

Cisco Secure Endpoint (formerly Cisco Advanced Malware Protection [AMP] for Endpoints) offers cloud-delivered next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR).

Cisco Secure Endpoint Features

Endpoint Security Features

  • Supported: Anti-Exploit Technology
  • Supported: Endpoint Detection and Response (EDR)
  • Supported: Centralized Management
  • Supported: Infection Remediation
  • Supported: Vulnerability Management
  • Supported: Malware Detection

Cisco Secure Endpoint Video

Cisco Secure Endpoint Integrations

Cisco Secure Endpoint Competitors

Cisco Secure Endpoint Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Cisco Secure Endpoint Downloadables

Frequently Asked Questions

Symantec Endpoint Security and ESET PROTECT are common alternatives for Cisco Secure Endpoint.

Reviewers rate Malware Detection highest, with a score of 8.9.

The most common users of Cisco Secure Endpoint are from Mid-sized Companies (51-1,000 employees).
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Attribute Ratings


(1-25 of 25)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Our organization uses Cisco Secure Endpoint to track activity on all of the desktops and laptops in our organization. Cisco Secure Endpoint helps identify potential problems to malicious activity. It sends alerts when malicious files or malicious activity is found. It also will act to contain any known issues so that the problem does not spread onto our network.
  • Identifies malicious files on an endpoint
  • Contains malicious files to prevent spreading of harmful issues
  • Sends out alerts to notify administrators of the network and keep them informed
  • Frequent name changes are not helpful
  • Some of the reports that get sent are very high-end reports with lots of information. It would be nice if there was a simplified report that could be sent automatically when an issue is identified on a computer
Cisco Secure Endpoint is well suited for keeping track of the many different and points that we have in our organization. All of these devices can easily be monitored with Cisco Secure Endpoint. It can monitor our servers and our desktops and laptops in our environment. It isn’t as appropriate for our student devices. However, those aren’t as critical since they are just Chromebooks.
Score 8 out of 10
Vetted Review
Verified User
We use Cisco Secure Endpoint for malware protection, threat detection, incident response, endpoint visibility. We do not have a dedicated security team so the more automated visibility we have to go on the better.
  • machine learning with behavioral analysis
  • provides detailed endpoint visibility.
  • integration with other Cisco security products
  • Simplified Management Interface
  • Enhanced Machine Learning Models
  • Behavioral Analytics Refinement
Cisco Secure Endpoint has comprehensive protection across different operating systems and device types. Its scalability and centralized management capabilities make it a good fit for companies with large deployments. It's also helpful for threat hunting and rapid incident response by our security teams. It would be less appropriate in environments with limited resources (older, low compute, etc). It's also not the most budge friendly option available.
Score 6 out of 10
Vetted Review
Verified User
We used Cisco Secure Endpoint (CSE) before I started in my position. It does a fair job of detecting and preventing malicious files of being executed. We have been happy, but have decided to move away from CSE as our endpoint protection in favor of a more current solution. The biggest driver of this is our MDR partner cannot interface with CSE as fully as with other EDRs.
  • Malware detection, we have received a handful of alerts where malware has been detected on a system. This allowed us to isolate the workstation and remediate the threat
  • Notifications...similar to above. We were made aware of the threat and were able to act
  • Integration with MDR outside of Cisco. Our provide integrates with CSE, but cannot quarantine workstations or block bad hashes when they are detected.
As I stated before, Cisco Secure Endpoint (CSE) is fine. However, there are other players in the field that are better at defending and mitigating threats. CSE has not kept up as much as other Cisco products. They do a fine job, but fine is not good enough when it comes to the protection of my network.
Chris Goodhue | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Managing and protecting the security of endpoint devices in our environment and remote. Helps protect endpoints when being used in our now remote workforce. Cloud console helps protect outside our organization. Being able to monitor endpoints and remotely isolate them is a huge win in protecting our data. Using the vulnerable software section has also been helpful in discovering outdated software needing to be patched. Another great feature is the ability to search for and scan files. This is great for being able to verify the validity of downloaded files and create a block list or whitelist.
  • Threat protection
  • behavior analysis
  • ease of use
  • False postives
  • local firewall
  • file retrival
Great product if using other Cisco products like firewalls. Not so great if using Non-Cisco XDR products. Does not always hook into non-Cisco tools well. Well suited: -Scanning files after downloading and adding to whitelist or block list. -Isolating endpoints to prevent spread of infected software. -Finding vulnerable software needing to be patched or removed. Not Well Suited: Non Cisco based enviroments.
Score 10 out of 10
Vetted Review
Verified User
Business. Definitely. So we use the product for our end user devices. We're protecting all our servers, all our endpoints, so mobile phones as well. So we've got security on all those devices and how we use to protect those devices is just ensuring that they're up to date. They've got to fix the good detection mechanisms that the secure endpoint has enabled you to. If it detects that there's a vulnerability, it'll automatically lock it down and the user has to come and an IT admin would have to come and enable connectivity back to the user device. Pretty amazing stuff. I haven't seen anything else like it out there and it's a lifesaver for us.
  • Once we, I guess one turned out that path because we have a small IT team, one of the big factors that came into play is how easy it was to deploy and the kind of security it provides for your endpoint devices. For us, it's got all those AI capabilities that really help. So traditionally when there was an incident on Alert on an antivirus program, you'd have a couple of guys run across the office to try to pull a plug. One of the awesome features with Secure Endpoint is its isolation mode that clamps down endpoint devices and then just isolate it. It's connected to, I think Cisco's tell us the threat intel environment. So they've got up-to-date metrics and fixes on threats out in the wild. And once they detect that, they apply it across your whole brand. So yeah, really effective for us.
  • One of the things that really stands out is the retrospective detections. So say something's detected two weeks later of a product that you had on your system. Initially it scanned it past, but then they discover vulnerability. The product has the ability to come back and retrospectively apply restrictions on specific applications you have on your environment. So I think that's one key winner.
  • There's a lot of content on the dashboards. I think some of the areas you could improve it just with the notifications, maybe adding on some video tutorials on how to navigate through the screens and that kind of stuff. But otherwise it's pretty intuitive, easy to use. And I guess if some of the integrations with the secure X and all that kind of thing, I think for my users they just need a bit more training on that.
I think you need it for all your endpoint devices, whether you are running an organization or for home use, it's just that level of security that will help out if you don't have the firewalls, all the fancy XDR equipment, all that kind of stuff, just having this on your endpoint will save your life. So even if there's a compromise in your network, it has the capability to isolate. Restrict so that you can't lose any more data or nothing else gets in.
December 07, 2023

The right Endpoint to use

Score 9 out of 10
Vetted Review
Verified User
We use Secure Endpoint as an endpoint protection service. By using Cisco Secure Endpoint we are able to achieve protection, pinpoint endpoint vulnerabilities and apply mitigation on endpoints in the event of an issue being seen. It also helps us achieve posturing with our VPN authentication and ISE making sure access is granted as long as endpoint has the latest version and latest definition updates.
  • Endpoint Isolation
  • Exclusion Policies
  • Endpoint Malware Protection
With endpoint protection Cisco Secure Endpoint provides excellent protection and tools to research and/or mitigate an issue that comes up on a system within our tenant. Only area that it becomes less appropriate is on server class systems due to 3rd party software that is needed on those systems becoming quarantined even in a server light policy or exclusion list.
November 18, 2023

Cisco Secure Endpoint

Scott Quimby | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
We are heavily invested in Cisco infrastructure, servers, and security tools. We use Cisco Umbrella, Cisco DUO, and the Cisco SecureX suite including the Cisco Secure Endpoint. We required a more advanced EDR solution beyond basic antivirus. 100% of of local and remote servers and endpoints needed comprehensive protection.
  • Retrospective Analysis. I really like that Cisco routinely re-visits previous security decisions with "if I knew then, what I know now" intelligence. That allows them to dynamically re-classify previous safe/not safe decisions based upon current information. Many products don't do this function
  • The fact that in the Cisco SecureX framework Cisco is not just looking at the endpoint but tying that to Cisco Umbrella and even their mail front end is awesome because it provides a broader picture of threats to the organization is awesome.
  • Cisco has a number of connectors so you can have one product and provide a consistent way to product a diverse list of devices is great.
  • Cisco allows scheduled scans to re-evaluate previous protection decisions
  • The update mechanism of the client is not obvious and takes some finesse to learn
  • The clients auto update signatures, but not agents which I have seen lead to mixed version levels as it is harder to keep up with
  • It is generally a challenge to manage the licenses and if you let the license lapse, it is a very bad thing in my opinion.
This is a commercial product and not a consumer product. It works extremely well in a connected environment and is especially well suited for commercial users who are heavy users of many Cisco products and services. If you are not committed to Cisco and are not leveraging the other Cisco offerings or are very small in size, this product is not for you.

Score 6 out of 10
Vetted Review
We use the product to do endpoint detection and response and it helps detect and prevent breaches on the endpoint.
  • It helps provide visibility at the firewall level.
  • We would like to see the product evolve a little bit more from a threat intelligence perspective and also the ability to provide remediation services and have better visibility on the endpoints from a telemetry perspective.
When the organization has invested a lot of money into the Cisco stacks from firewall endpoint, to email security, this product is well suited. However, if the organization hasn't invested a lot of money into Cisco, then it's a little bit of a challenge.
Nate Haleen | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Cisco Secure Endpoint acts as our primary anti-malware solution. We use it on all our endpoints and servers.

It primarily addresses the problem of devices being out of commission due to malware activity.

In addition it is part of the offering we sell to customers for the same purpose.
  • Threat identification: it finds things we wouldn't have even been looking for.
  • Integration with Secure Malware Analytics for automatic submission of suspicious files.
  • In-depth and complex configuration options for finely tuned policies for different users and endpoints.
  • Part of the Cisco Secure Client product for easier distribution and reduction of running agents on end-user devices
  • Integrates with Secure-X for single-pane of glass view of dashboards.
  • The interface has many views that all look the same, except that functionalities are different. This makes it incredibly difficult to find the action you want to take.
  • Built-in exclusion sets are missing a number of notable Anti-Malware products and must be manually implemented.
  • High learning curve due to complexity of the solution and the range of features it contains. Provided documentation is hidden in a small icon at the top of the page which is often off-screen when needed.
  • Color choices lead to panic situations during deployment. 1 questionable file could lead to the main display showing a large, bright red alert which makes customers think their whole environment is compromised.
Anyone making use of multiple Cisco cloud security products would benefit from its integrations with other products.

It is appropriate for medium to large organizations due to the flexibility and depth of configuration options available to administrators.

It is appropriate for organizations with strained resources in the security division, because the default configurations provide a high level of security without much micro-management.

It is less appropriate for small shops where there are fewer specific configurations needed, and the depth of that functionality is not needed.

It is not recommended for budget-constrained organizations due to its relatively high price compared to competitors.
Score 8 out of 10
Vetted Review
Verified User
Allow to secure the compute as to lock usb sockets
  • workstation security
  • allow to manage the computer remotely
  • allow to lock the undesired activities
  • allow to follow the activities of the computer
  • the application of the policies are a bit complex
  • need to increase the admin experience to set and deploy
need to have a tool to manage, to protect the computer for the physical and software attacks
Randy Zuehlke | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Cisco Secure Endpoint is used across our entire network. It is on all of our endpoints and addresses the security of such. It is our sole EDR solution and protects us against malware and particularly the current rising threat of ransomware and APTs.
  • Identifies malware, malicious processes/services and other events well
  • Great automated actions features such as host isolation
  • Detailed threat visibility such as file trajectory
  • Integration with other Cisco suite of security products
  • Great value
  • Low false positive rate
  • Lightweight agent
  • Variety of reporting
  • Stable agent
  • Additional methods for blocking such as file path and not just file hash
  • File blocking by other hashes other than SHA 256
  • Email notifications of certain predefined events
Cisco Secure Endpoint has proven to be well suited for most if not all of our security concerns on our endpoints. From the annoying unwanted PUA to the sophisticated attack by an APT, it has been outstanding in identifying and stopping malicious activities on our endpoints both workstations and servers.
Score 9 out of 10
Vetted Review
Verified User
We use Cisco Secure Endpoint to protect staff devices within our school district. Cisco Secure Endpoint helps us make sure we take an additional step to protect our systems from cyber-attacks and threats. Cisco Secure Endpoint also provides an inventory of potentially vulnerable software. We then know which systems we need to address when vulnerabilities are announced.
  • Protects endpoints from known viruses
  • Protects endpoints from emerging threats
  • Reports devices that have known vulnerabilities
  • Navigation is just a little more complicated
  • Better reporting
  • MSP support models
Cisco Secure Endpoint is a very good endpoint protection solution. It would be particularly good for someone with the time and ability to really work with it to get the most out of it. This would include the other Cisco product integrations and systems that it works well with.
Score 9 out of 10
Vetted Review
Verified User
Cisco AMP was deployed amongst all workstations and servers, tied closely with other Cisco infrastructures such as Umbrella, FirePower, ESA, and WSA to bring in all the event telemetry to make best-informed decisions on application/file access and/or movement. Cisco AMP aimed to help solve malicious file access/movement and ransomware detection.
  • Retrospective Alerting.
  • Sandboxing.
  • Scanning & Detection.
  • Quarantining.
  • Overall reporting.
  • Access to endpoints via SSH/shell.
  • Deployment support with SCCM.
AMP is well suited for organizations that have made the investment with Cisco's full security suite. The integration provided with all other platforms such as the firewall, web and email gateway, and Cisco Umbrella works well to not only quickly detect malicious activity, but block it before it hits the endpoint. Cisco AMP is not suited for small organizations, who are looking for a sole A/V product. Missing out on all the additional integration would make AMP a very pricey product.
Score 10 out of 10
Vetted Review
Verified User
Cisco Secure Endpoint is deployed in departments and works well when it comes to handling online threats/cyber attacks. We no longer have to worry about viruses, malware, among other online threats. The software is quick to detect these threats and block them before getting into our IT infrastructure. Besides scanning and blocking threats, Cisco Secure Endpoint also sends notifications to the admin for more action.
  • Great viruses protection.
  • Great threat detection and blocking features.
  • Malware analytics.
  • Easy to use.
  • Affordable.
  • The reports are straightforward.
  • I like the notification features.
  • No bad experiences.
Cisco Secure Endpoint is a great product and since it has worked for us, I'm recommending it to every other business. All businesses face online threats and cyber-attacks and will this endpoint protection software, your business is in a better position to handle threats.
Score 9 out of 10
Vetted Review
Verified User
Cisco Secure Endpoint is installed and used on all computers at our company. It is an invisible guard that you rarely notice, but it has strong protection capabilities that prevent the corporate systems from being attacked from the outside. The application runs in the background and requires very little system resources or user intervention while providing a strong shield from intruders.
  • Runs in the background and does not require end-user intervention
  • Uses cloud protection solution that always stays up-to-date
  • Low system requirements to run
  • The ability of generating a report with a summary of prevented threats
It is a great security solution for corporations of all sizes that care about keeping their technology and users secure.
sitaram gurjar | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
[A Cisco] secure endpoint is an advanced tool that detects and prevents malware from affecting your email and organization data. [Cisco] secure endpoint is fully capable for prevent cyber attacks on your organization. it offers cloud-based next-generation antivirus and advanced endpoint detection and response. [We] are using this for the last 2 years. malware attacks are increasing day by day. with the help of the cisco secure endpoint, we can easy to stop the malware attacks and it also sends alerts and logs which will help us in the future.
  • [It] will stop the threats before the compromise.
  • [Very] fast performance and quick response on attack.
  • Maximize operations efficiently[.]
  • Easy to configure and manage[.]
  • Logging
  • Dynamic malware analysis[.]
  • Alert send.
  • [We] can manage this through centralized management[.]
  • [Quick] malware detection[.]
  • The cost is little bit high[.]
Cisco Secure Endpoint is well suited for every organization and it is fully capable for detect and prevent malware attacks on your organization. it gives us [all] the security features which help us to manage the organization without any security attack and downtime. we can easy to configure and deploy in [the] existing network and we will never face any big downtime. the customer support is also very good and helpful. Cisco provides lots of documentation for help.
Score 5 out of 10
Vetted Review
Verified User
We are currently using Cisco AMP across the entire organization. All endpoints with the exception of a few servers have the agent installed. Our main use for AMP is to protect and clean any malware that may enter our environment. AMP provides an enterprise grade anti-virus/anti-malware solution with centralized cloud management.
  • AMP remediates threats without administrator intervention
  • AMP provides a detailed dashboard of new threats or events that occur
  • AMP is very configurable, policies can be scoped granularly
  • The dashboard should be easier to use
  • The agent updates are very cumbersome to manage
  • AMP support is difficult to use compared to Meraki. Lots of hoops to jump through to get someone on the phone.
AMP has effectively cleaned malware on our endpoints. Unfortunately, there have been many false positives with no real explanation or detail. The engine that runs AMP is somewhat heavy on system resources, you should carefully consider the impact on production servers before deploying this to the enterprise. Since AMP is very configurable, it can be used in a variety of ways on any operating system or platform including iPhone, and Linux.
Oleksandr Tsapenko | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Currently I'm using Cisco Advanced Malware Protection (AMP) for Endpoints but have a plan to implement it widely in my company. I think Cisco Advanced Malware Protection (AMP) for Endpoints is a very useful solution for achieving our goal to secure users from risk to be infected by malware.
  • Ease of use
  • Straight method to solve specific security issues and fulfill the security gap
  • Cisco Advanced Malware Protection (AMP) for Endpoints could have some features to integrate with third-party solutions
Specific tool for specific need. If you have a gap in your security infrastructure (protection from malware) you might think to use Cisco Advanced Malware Protection (AMP) for Endpoints to make sure your company's devices are safe. But also you can go beyond and enforce your SOC with Cisco AnyConnect where Cisco Advanced Malware Protection (AMP) for Endpoints is used as one of modules.
Sebastián Sarasate | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Cisco Advanced Malware Protection is our antivirus and antimalware solution. It is deployed throughout the organization.
  • It is simple.
  • Its administration is centralized.
  • Integrates with other brand products.
  • Greater market penetration.
  • More documentation.
  • More partners with deep knowledge.
I consider that Cisco Advanced Malware Protection is very useful and recommended in environments with a large number of computers, in different locations and with a high risk.
If other products of the suite such as umbrella, stealwatch and / or Cisco ISE are also used, much better.
Score 7 out of 10
Vetted Review
Verified User
Cisco Advanced Malware Protection (AMP) is being used across our entire school district for endpoint protection. We have over 10K devices, that it protects from various antivirus and malware threats. Its is a very robust cloud managed solution.
  • It gives great visibility of all detected threats across our devices.
  • It is very easy to deploy and maintain.
  • The cloud UI is constantly being updated with new features.
  • I don't know if this is a bad feature but the engine is very sensitive it picks up a lot of things that are not always threats.
  • While AMP is a strong product it is not cheap.
  • Software upgrades usually require a reboot which can make it difficult with student devices.
While on the expensive side, Cisco Advanced Malware Protection (AMP) is a solid product that is very robust and can be customized a lot. It can also integrate with Cisco's threat grid, umbrella, firepower and other security solutions to give a more broad range of visibility.
Wouter Hindriks | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Cisco Advanced Malware Protection for Endpoints is being used as the primary antivirus product across our thousands of endpoints and servers to protect our end-users before, during, and after any malicious activity or malware incident. The features of the product make it effective against both known and unknown malware but also against malicious activity using legitimate software tools.
  • lightweight connector
  • great integration with other security products
  • highly effective
  • will also alert for vulnerable software being used on your systems
  • Management console is web-based, which is always less customizable.
Any internet-connected device can be protected (Windows, Mac, Linux, Android, & Apple) and Cisco Advanced Malware Protection can integrate with email, web, and firewall security products to provide full coverage and visibility.
Cisco Threat Response (free) makes investigation and prevention much easier. The ability to share casebook with other users makes collaboration during incident response effective.
November 20, 2019


Score 8 out of 10
Vetted Review
Verified User
AMP is being used across our organization on workstations and servers.
  • Detects malware and viruses on endpoints.
  • AMP shows a timeline associated with an event and if the malicious event has spread.
  • AMP quarantines but also does retroactive pullbacks of malicious attachments or downloads if they are later discovered to be bad.
  • I would like to see some emphasis put on being able to makes notes if there is an incident you are working on so other analysts do not have to open the incident or ask you if you have worked on the incident.
  • More clarity around files/downloads that are that they do not end up in your incidents but maybe another tab for incidents that AMP resolved without need for work by an analyst.
  • I would like to see silent upgrades. At this moment in order to upgrade you have to do a reboot, this is my biggest frustration.
AMP is a great addition to any organization. AMP is your eyes and ears, keeps you on the pulse of your organizations end point safety. The console is easy to use. AMP has helped us see immediate threats so that things do not go unnoticed in our environment and that is a huge win.
November 16, 2019

AMP, a good choice

Score 9 out of 10
Vetted Review
AMP is being used across the whole organization and several costumers. We use it to block malware, provides visibility to what is running on our endpoints.
  • Detects and block malware on endpoints.
  • It provides good visibility and trajectory.
  • Easy to deploy.
  • The need for a reboot in upgrades.
  • The number of exclusions.
AMP is well suited for any organization, it helps to reduce risks on catching malware on endpoints.
October 02, 2019

Review of Cisco AMP

Score 10 out of 10
Vetted Review
Verified User
It is being used across the entire organization. We use it to block malware attacks and other types of potential security attacks.
  • Easy to install/push to computers.
  • Runs in the background.
  • AMP helps drastically reduce investigation and remediation cycles.
  • More options for the end-user.
For us, Cisco AMP has been well suited for us to easily check for potential security breaches, malware, etc. I can't really think of any limitations.
Scott Shipley | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
AMP is used globally across the entire organization. It provides great protection and visibility to what is executing on my servers and endpoints. Operationalizing the tool with our ITSM system allows for quicker remediation.
  • Provides good visibility to vulnerable software.
  • Device trajectory for applications is very useful when determining if an application should really be whitelisted.
  • It is very effective at mitigating command and control.
  • The tool needs a facility for submitting SHA-256 and samples via the web interface to report false positives. This is a very common issue and a quicker method for submitting these types of items must be addressed.
  • Reporting need to be reintroduced as it was available in earlier versions of the management portal.
  • The limited number of exclusions can be challenging depending on the environment.
AMP is great for providing endpoint visibility of your endpoints. However, it is not a catch-all for everything happening on your systems. Limited visibility to powershell execution is a weak point and would require further analysis.
Return to navigation