A realist review of AMP
June 12, 2019

A realist review of AMP

Scott Shipley | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Cisco Advanced Malware Protection (AMP) for Endpoints

AMP is used globally across the entire organization. It provides great protection and visibility to what is executing on my servers and endpoints. Operationalizing the tool with our ITSM system allows for quicker remediation.
  • Provides good visibility to vulnerable software.
  • Device trajectory for applications is very useful when determining if an application should really be whitelisted.
  • It is very effective at mitigating command and control.
  • The tool needs a facility for submitting SHA-256 and samples via the web interface to report false positives. This is a very common issue and a quicker method for submitting these types of items must be addressed.
  • Reporting need to be reintroduced as it was available in earlier versions of the management portal.
  • The limited number of exclusions can be challenging depending on the environment.
  • HAMP has allowed the team to focus on value added activities instead of constant cleanup of workstations and servers.
  • AMP is probably not the most cost effective solution, but is very good at protecting your systems.
The only comparable product I have evaluated is from enSilo, however the whitelisting capability is more difficult to manage in a dynamic environment.
AMP is great for providing endpoint visibility of your endpoints. However, it is not a catch-all for everything happening on your systems. Limited visibility to powershell execution is a weak point and would require further analysis.

Cisco Secure Endpoint (formerly Cisco AMP) Feature Ratings

Anti-Exploit Technology
8
Endpoint Detection and Response (EDR)
8
Centralized Management
7
Hybrid Deployment Support
8
Infection Remediation
9
Vulnerability Management
8
Malware Detection
9