Item: Cisco Secure Endpoint
Rating: 9
Author: Randy Zuehlke

Use Cases and Deployment Scope

Cisco Secure Endpoint is used across our entire network. It is on all of our endpoints and addresses the security of such. It is our sole EDR solution and protects us against malware and particularly the current rising threat of ransomware and APTs.

Pros and Cons

Identifies malware, malicious processes/services and other events well
Great automated actions features such as host isolation
Detailed threat visibility such as file trajectory
Integration with other Cisco suite of security products
Great value
Low false positive rate
Lightweight agent
Variety of reporting
Stable agent

Additional methods for blocking such as file path and not just file hash
File blocking by other hashes other than SHA 256
Email notifications of certain predefined events

Return on Investment

As a Federal contractor, meets our NIST compliance requirement
Great value especially when included in an Enterprise Agreement
Great threat detection and hence risk reduction product

Usability

The platform provides an enormous amount of capability and information to the administrators in an intuitive and meaningful format. From monitoring to the development of different security policies for our environment, Cisco Secure Endpoint is an easy to use and effective endpoint security solution. Once a threat enters your environment, you are able to identify it and track its trajectory and stop it in its tracks.

Support Rating

From our customer service representative to Cisco TAC for technical support, we have experienced fantastic support. Our customer service representative is always responsive and resolves all of our needs. Furthermore, our technical support from Cisco TAC has been great. As an example, we recently had an issue with the Exploit Prevention Engine (Cisco Secure Endpoint has several malware engines) blocking a specific Excel file within our environment. Cisco TAC worked with my staff to identify the issue and resolve it in a timely and effective manner. If a particular issue is not resolved by a technician, it is quickly escalated to higher level support staff.

Systems Integrated With

Umbrella
SecureX
Threat Response
Email Security (ESA)
FTD

The integration of our Cisco suite of security products has reduced the need of acquiring additional staff to monitor and manage our other security products across our different network components to include our email, firewalls and DNS layer.

Alternatives Considered

Malwarebytes and Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)

Cisco Secure Endpoint is an advanced EDR solution that is highly effective and scalable. Our experience previously with MalwareBytes and Microsoft Defender was not horrible, but these products were not as effective and did not integrate well with our other security products to allow us to monitor and react quickly to address threats that were within our network. Key to any security effort is mitigation and the ability to quickly identify and respond so any damage can be avoided or limited.

Other Software Used

Cisco Umbrella, Cisco Firepower 2100 Series, Cisco AnyConnect, Cisco Secure Email (formerly Cisco Email Security), Rapid7 InsightVM (Nexpose), Rapid7 InsightIDR, Global Learning Systems, Cisco Meraki Wireless Access Point, Cisco ASA

Likelihood to Recommend

Cisco Secure Endpoint has proven to be well suited for most if not all of our security concerns on our endpoints. From the annoying unwanted PUA to the sophisticated attack by an APT, it has been outstanding in identifying and stopping malicious activities on our endpoints both workstations and servers.

Products Replaced

Yes - Cisco Secure Endpoint replaced Windows Defender and MalwareBytes. These prior products were not bad, but we needed a more advanced endpoint security solution that had more than monitoring, detection and response capabilities. We needed more visibility into the activities on our endpoints and the ability to respond both with manual and automated actions. Cisco Secure Endpoint was a great addition to our threat hunting capability especially with it Orbital Advanced Search feature.

Key Differentiators

Price
Product Features
Product Usability
Product Reputation

The most important factor was product features. We wanted a product that provided a range of features to address the constantly changing and advanced threats we have seen attack our network. Also, with the integration of the TALOS threat intelligence information, Cisco Secure Endpoint has an advantage over its competitors since their security suite of products incorporate this information almost real time.

Evaluation Lessons Learned

We did a very detailed and comprehensive analysis when going to market for our EDR solution. However, we would have did more testing during the POC of current advanced threats like the introduction of Cobalt Strike and other TTPs to see how they are detected and stopped.

Still Going Strong After 2 Years

Overall Satisfaction with Cisco Secure Endpoint (formerly Cisco AMP)