Though a little clunky and kinda goofy, AMP will get the job done. Just like your dad!
July 21, 2021

Though a little clunky and kinda goofy, AMP will get the job done. Just like your dad!

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Cisco Secure Endpoint (formerly Cisco AMP)

AMP is being used across the entire organization on every domain joined workstation and server. We use it as our primary defense against malware and we use its reports combined with our case management system to create incidents for any high or critical cases. We also use it to isolate any out of compliance devices, like Windows 7 machines with no ESU.
  • Endpoint Isolation. It allows us to remove EAST/WEST exposure while still giving internet to a device.
  • Policy grouping. The granularity of the policies allow us to roll out updates in stages and test new settings effectively.
  • Scan analysis. Allowing the scans to be submitted for analysis saves you that extra time spent parsing long log files.
  • Event search function. The searching is very limited and allows for poor filtering choices.
  • Slowness. The web GUI is far slower than most Cisco products.
  • Sync issues. When attempting to move a device from one group to another or start isolation on a device, there is a sizable delay in communication with the device that can cause operations to fail.
  • AMP has given us a greater control over out of policy devices by allowing isolation. We can see about 1-5 devices automatically isolated per week. These prevent any spreading while remediation is scheduled.
  • 95% of vulnerabilities are handled well by AMP's auto quarantine.
  • We've seen next to no performance impact by AMP endpoints, allowing for solid protection without complaints from staff.
The UI is slow and clunky. The event search function needs an overhaul (you can't sort or search by custom terms or by event criticality). However, it allows for great visibility on individual machines and by using scheduled reports we can capture each event and use a parser to pull the important ones.
TAC responds quickly and well. They also are helpful during health checks in providing a laundry list of ways to improve our utilization of AMP. That said, TAC is a bit of a roll of the dice. About 80% of their agents are helpful, the other chunk are less useful than a Google search.
  • Umbrella
  • Firepower
  • SecureX
Unless you are going to use AMP in a fully integrated way as a Cisco shop, the above products are better. They do more than AMP does by itself and their interfaces are far less clunky. They also give you greater control of the machines you use. But if AMP is one piece of your Cisco puzzle, then AMP preforms excellently.
TOPdesk, Cisco SecureX (formerly Threat Response), TeamDynamix IT Service Management (ITSM)
AMP is best as part of a Cisco suite of solutions. If you are just looking for end point protection and do not use other Cisco products, get something else. AMP is best when integrated into Firepower, SecureX, and Umbrella. With all of these parts feeding data in and out, AMP becomes another piece of the puzzle to protect against common and day zero malware.

Cisco Secure Endpoint Feature Ratings

Anti-Exploit Technology
Endpoint Detection and Response (EDR)
Centralized Management
Infection Remediation
Vulnerability Management
Malware Detection