Overall Satisfaction with Cisco Secure Endpoint (formerly Cisco AMP)
Cisco Secure Endpoint is used across our entire network. It is on all of our endpoints and addresses the security of such. It is our sole EDR solution and protects us against malware and particularly the current rising threat of ransomware and APTs.
- Identifies malware, malicious processes/services and other events well
- Great automated actions features such as host isolation
- Detailed threat visibility such as file trajectory
- Integration with other Cisco suite of security products
- Great value
- Low false positive rate
- Lightweight agent
- Variety of reporting
- Stable agent
- Additional methods for blocking such as file path and not just file hash
- File blocking by other hashes other than SHA 256
- Email notifications of certain predefined events
- As a Federal contractor, meets our NIST compliance requirement
- Great value especially when included in an Enterprise Agreement
- Great threat detection and hence risk reduction product
The platform provides an enormous amount of capability and information to the administrators in an intuitive and meaningful format. From monitoring to the development of different security policies for our environment, Cisco Secure Endpoint is an easy to use and effective endpoint security solution. Once a threat enters your environment, you are able to identify it and track its trajectory and stop it in its tracks.
From our customer service representative to Cisco TAC for technical support, we have experienced fantastic support. Our customer service representative is always responsive and resolves all of our needs. Furthermore, our technical support from Cisco TAC has been great. As an example, we recently had an issue with the Exploit Prevention Engine (Cisco Secure Endpoint has several malware engines) blocking a specific Excel file within our environment. Cisco TAC worked with my staff to identify the issue and resolve it in a timely and effective manner. If a particular issue is not resolved by a technician, it is quickly escalated to higher level support staff.
- Threat Response
- Email Security (ESA)
The integration of our Cisco suite of security products has reduced the need of acquiring additional staff to monitor and manage our other security products across our different network components to include our email, firewalls and DNS layer.
- Malwarebytes and Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
Cisco Secure Endpoint is an advanced EDR solution that is highly effective and scalable. Our experience previously with MalwareBytes and Microsoft Defender was not horrible, but these products were not as effective and did not integrate well with our other security products to allow us to monitor and react quickly to address threats that were within our network. Key to any security effort is mitigation and the ability to quickly identify and respond so any damage can be avoided or limited.
Cisco Secure Endpoint has proven to be well suited for most if not all of our security concerns on our endpoints. From the annoying unwanted PUA to the sophisticated attack by an APT, it has been outstanding in identifying and stopping malicious activities on our endpoints both workstations and servers.
Cisco Secure Endpoint Feature Ratings
Evaluating Cisco Secure Endpoint (formerly Cisco AMP) and Competitors
Yes - Cisco Secure Endpoint replaced Windows Defender and MalwareBytes. These prior products were not bad, but we needed a more advanced endpoint security solution that had more than monitoring, detection and response capabilities. We needed more visibility into the activities on our endpoints and the ability to respond both with manual and automated actions. Cisco Secure Endpoint was a great addition to our threat hunting capability especially with it Orbital Advanced Search feature.
- Product Features
- Product Usability
- Product Reputation
The most important factor was product features. We wanted a product that provided a range of features to address the constantly changing and advanced threats we have seen attack our network. Also, with the integration of the TALOS threat intelligence information, Cisco Secure Endpoint has an advantage over its competitors since their security suite of products incorporate this information almost real time.
We did a very detailed and comprehensive analysis when going to market for our EDR solution. However, we would have did more testing during the POC of current advanced threats like the introduction of Cobalt Strike and other TTPs to see how they are detected and stopped.