Item: Cisco Secure Endpoint
Rating: 8
Author: Scott Shipley

Use Cases and Deployment Scope

AMP is used globally across the entire organization. It provides great protection and visibility to what is executing on my servers and endpoints. Operationalizing the tool with our ITSM system allows for quicker remediation.

Pros and Cons

Provides good visibility to vulnerable software.
Device trajectory for applications is very useful when determining if an application should really be whitelisted.
It is very effective at mitigating command and control.

The tool needs a facility for submitting SHA-256 and samples via the web interface to report false positives. This is a very common issue and a quicker method for submitting these types of items must be addressed.
Reporting need to be reintroduced as it was available in earlier versions of the management portal.
The limited number of exclusions can be challenging depending on the environment.

Return on Investment

HAMP has allowed the team to focus on value added activities instead of constant cleanup of workstations and servers.
AMP is probably not the most cost effective solution, but is very good at protecting your systems.

Alternatives Considered

Kaspersky Endpoint Security

The only comparable product I have evaluated is from enSilo, however the whitelisting capability is more difficult to manage in a dynamic environment.

Other Software Used

Cisco Umbrella, Cisco Cloud Email Security, SolarWinds Netflow Traffic Analyzer

Likelihood to Recommend

AMP is great for providing endpoint visibility of your endpoints. However, it is not a catch-all for everything happening on your systems. Limited visibility to powershell execution is a weak point and would require further analysis.

A realist review of AMP

Overall Satisfaction with Cisco Advanced Malware Protection (AMP) for Endpoints