Item: Cisco Secure Endpoint
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

Cisco AMP was deployed amongst all workstations and servers, tied closely with other Cisco infrastructures such as Umbrella, FirePower, ESA, and WSA to bring in all the event telemetry to make best-informed decisions on application/file access and/or movement. Cisco AMP aimed to help solve malicious file access/movement and ransomware detection.

Pros and Cons

Retrospective Alerting.
Sandboxing.
Scanning & Detection.
Quarantining.

Overall reporting.
Access to endpoints via SSH/shell.
Deployment support with SCCM.

Return on Investment

Visibility into overall threat detection with timeline views.
Ability to detonate malware samples in a sandbox to decrease risk on enterprise systems.
Integration with other security platforms increased threat detection capabilities.

Usability

Of all the anti-malware tools I've used, I found Cisco Secure Endpoints to be one of the top players in the market. Its ability to detect malicious content and then retrospectively go back and quarantine older files was a key feature that was counted on time after time. In addition, the timeline view of activity really helped us work backward from when an event was detected to discover its entry point.

Support Rating

Cisco's AMP support is pretty good. There were not many occasions where I felt that their engineers were inexperienced or that I had to wait too long for a response. Overall, I received support for items that were even outside of their scope, such as deployment planning and policy management.

Systems Integrated With

Cisco FirePower
Cisco Email Security Appliance
Cisco Web Security Appliance
Cisco Umbrella

The close, tight integration with these other products helped reduce the overall attack surface and help reject/deny traffic before it even hit the firewall or even the endpoint.

Alternatives Considered

Sophos Intercept X, Palo Alto Networks Cortex XDR and CrowdStrike Falcon Endpoint Protection

The integration with all the other Cisco platforms made AMP a clear front-runner. Crowdstrike and Sophos had no integration at all and Palo Alto required their firewalls be deployed. Again, as a Cisco Security customer, it made complete sense to leverage their AMP technology.

Other Software Used

KnowBe4 KCM GRC Platform, KnowBe4 Security Awareness Training, Cisco Firepower 9300 Series

Likelihood to Recommend

AMP is well suited for organizations that have made the investment with Cisco's full security suite. The integration provided with all other platforms such as the firewall, web and email gateway, and Cisco Umbrella works well to not only quickly detect malicious activity, but block it before it hits the endpoint. Cisco AMP is not suited for small organizations, who are looking for a sole A/V product. Missing out on all the additional integration would make AMP a very pricey product.

Users and Roles

1500 - The entire org (HR, Partners, Associates, Admin and IT staff)

Cisco Secure Endpoint - The Protection You Need

Overall Satisfaction with Cisco Secure Endpoint (formerly Cisco AMP)