Still Going Strong After 2 Years
Overall Satisfaction with Cisco Secure Endpoint (formerly Cisco AMP)
Cisco Secure Endpoint is used across our entire network. It is on all of our endpoints and addresses the security of such. It is our sole EDR solution and protects us against malware and particularly the current rising threat of ransomware and APTs.
Pros
- Identifies malware, malicious processes/services and other events well
- Great automated actions features such as host isolation
- Detailed threat visibility such as file trajectory
- Integration with other Cisco suite of security products
- Great value
- Low false positive rate
- Lightweight agent
- Variety of reporting
- Stable agent
Cons
- Additional methods for blocking such as file path and not just file hash
- File blocking by other hashes other than SHA 256
- Email notifications of certain predefined events
- As a Federal contractor, meets our NIST compliance requirement
- Great value especially when included in an Enterprise Agreement
- Great threat detection and hence risk reduction product
- Umbrella
- SecureX
- Threat Response
- Email Security (ESA)
- FTD
The integration of our Cisco suite of security products has reduced the need of acquiring additional staff to monitor and manage our other security products across our different network components to include our email, firewalls and DNS layer.
- Malwarebytes and Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
Cisco Secure Endpoint is an advanced EDR solution that is highly effective and scalable. Our experience previously with MalwareBytes and Microsoft Defender was not horrible, but these products were not as effective and did not integrate well with our other security products to allow us to monitor and react quickly to address threats that were within our network. Key to any security effort is mitigation and the ability to quickly identify and respond so any damage can be avoided or limited.
Cisco Secure Endpoint Feature Ratings
Evaluating Cisco Secure Endpoint (formerly Cisco AMP) and Competitors
Yes - Cisco Secure Endpoint replaced Windows Defender and MalwareBytes. These prior products were not bad, but we needed a more advanced endpoint security solution that had more than monitoring, detection and response capabilities. We needed more visibility into the activities on our endpoints and the ability to respond both with manual and automated actions. Cisco Secure Endpoint was a great addition to our threat hunting capability especially with it Orbital Advanced Search feature.
- Price
- Product Features
- Product Usability
- Product Reputation
The most important factor was product features. We wanted a product that provided a range of features to address the constantly changing and advanced threats we have seen attack our network. Also, with the integration of the TALOS threat intelligence information, Cisco Secure Endpoint has an advantage over its competitors since their security suite of products incorporate this information almost real time.
We did a very detailed and comprehensive analysis when going to market for our EDR solution. However, we would have did more testing during the POC of current advanced threats like the introduction of Cobalt Strike and other TTPs to see how they are detected and stopped.
Comments
Please log in to join the conversation