Overall Satisfaction with Cisco Advanced Malware Protection (AMP) for Endpoints
AMP is used globally across the entire organization. It provides great protection and visibility to what is executing on my servers and endpoints. Operationalizing the tool with our ITSM system allows for quicker remediation.
- Provides good visibility to vulnerable software.
- Device trajectory for applications is very useful when determining if an application should really be whitelisted.
- It is very effective at mitigating command and control.
- The tool needs a facility for submitting SHA-256 and samples via the web interface to report false positives. This is a very common issue and a quicker method for submitting these types of items must be addressed.
- Reporting need to be reintroduced as it was available in earlier versions of the management portal.
- The limited number of exclusions can be challenging depending on the environment.
- HAMP has allowed the team to focus on value added activities instead of constant cleanup of workstations and servers.
- AMP is probably not the most cost effective solution, but is very good at protecting your systems.
The only comparable product I have evaluated is from enSilo, however the whitelisting capability is more difficult to manage in a dynamic environment.