Cisco Secure Endpoint

Formerly Cisco AMP

It's kind of easy to use. It's pretty user-friendly. So the way we have it configured in our agency is we have it automatically connect. So the user-friendliness is great. You don't have to know what you're doing.

I really don't know because it does what we want it to do and it does it pretty easily, so I don't really have any.

Identifies malicious files on an endpoint

Contains malicious files to prevent spreading of harmful issues

Sends out alerts to notify administrators of the network and keep them informed

Frequent name changes are not helpful

Some of the reports that get sent are very high-end reports with lots of information. It would be nice if there was a simplified report that could be sent automatically when an issue is identified on a computer

machine learning with behavioral analysis

provides detailed endpoint visibility.

integration with other Cisco security products

Simplified Management Interface

Enhanced Machine Learning Models

Behavioral Analytics Refinement

Malware detection, we have received a handful of alerts where malware has been detected on a system. This allowed us to isolate the workstation and remediate the threat

Notifications...similar to above. We were made aware of the threat and were able to act

Integration with MDR outside of Cisco. Our provide integrates with CSE, but cannot quarantine workstations or block bad hashes when they are detected.

Threat protection

behavior analysis

ease of use

False postives

local firewall

file retrival

Once we, I guess one turned out that path because we have a small IT team, one of the big factors that came into play is how easy it was to deploy and the kind of security it provides for your endpoint devices. For us, it's got all those AI capabilities that really help. So traditionally when there was an incident on Alert on an antivirus program, you'd have a couple of guys run across the office to try to pull a plug. One of the awesome features with Secure Endpoint is its isolation mode that clamps down endpoint devices and then just isolate it. It's connected to, I think Cisco's tell us the threat intel environment. So they've got up-to-date metrics and fixes on threats out in the wild. And once they detect that, they apply it across your whole brand. So yeah, really effective for us.

One of the things that really stands out is the retrospective detections. So say something's detected two weeks later of a product that you had on your system. Initially it scanned it past, but then they discover vulnerability. The product has the ability to come back and retrospectively apply restrictions on specific applications you have on your environment. So I think that's one key winner.

There's a lot of content on the dashboards. I think some of the areas you could improve it just with the notifications, maybe adding on some video tutorials on how to navigate through the screens and that kind of stuff. But otherwise it's pretty intuitive, easy to use. And I guess if some of the integrations with the secure X and all that kind of thing, I think for my users they just need a bit more training on that.

Endpoint Isolation

Exclusion Policies

Endpoint Malware Protection

Orbital query

Retrospective Analysis. I really like that Cisco routinely re-visits previous security decisions with "if I knew then, what I know now" intelligence. That allows them to dynamically re-classify previous safe/not safe decisions based upon current information. Many products don't do this function

The fact that in the Cisco SecureX framework Cisco is not just looking at the endpoint but tying that to Cisco Umbrella and even their mail front end is awesome because it provides a broader picture of threats to the organization is awesome.

Cisco has a number of connectors so you can have one product and provide a consistent way to product a diverse list of devices is great.

Cisco allows scheduled scans to re-evaluate previous protection decisions

The update mechanism of the client is not obvious and takes some finesse to learn

The clients auto update signatures, but not agents which I have seen lead to mixed version levels as it is harder to keep up with

It is generally a challenge to manage the licenses and if you let the license lapse, it is a very bad thing in my opinion.

It helps provide visibility at the firewall level.

We would like to see the product evolve a little bit more from a threat intelligence perspective and also the ability to provide remediation services and have better visibility on the endpoints from a telemetry perspective.

Threat identification: it finds things we wouldn't have even been looking for.

Integration with Secure Malware Analytics for automatic submission of suspicious files.

In-depth and complex configuration options for finely tuned policies for different users and endpoints.

Part of the Cisco Secure Client product for easier distribution and reduction of running agents on end-user devices

Integrates with Secure-X for single-pane of glass view of dashboards.

The interface has many views that all look the same, except that functionalities are different. This makes it incredibly difficult to find the action you want to take.

Built-in exclusion sets are missing a number of notable Anti-Malware products and must be manually implemented.

High learning curve due to complexity of the solution and the range of features it contains. Provided documentation is hidden in a small icon at the top of the page which is often off-screen when needed.

Color choices lead to panic situations during deployment. 1 questionable file could lead to the main display showing a large, bright red alert which makes customers think their whole environment is compromised.

workstation security

allow to manage the computer remotely

allow to lock the undesired activities

allow to follow the activities of the computer

the application of the policies are a bit complex

need to increase the admin experience to set and deploy

Identifies malware, malicious processes/services and other events well

Great automated actions features such as host isolation

Detailed threat visibility such as file trajectory

Integration with other Cisco suite of security products

Great value

Low false positive rate

Lightweight agent

Variety of reporting

Stable agent

Additional methods for blocking such as file path and not just file hash

File blocking by other hashes other than SHA 256

Email notifications of certain predefined events

Protects endpoints from known viruses

Protects endpoints from emerging threats

Reports devices that have known vulnerabilities

Navigation is just a little more complicated

Better reporting

MSP support models

Retrospective Alerting.

Sandboxing.

Scanning & Detection.

Quarantining.

Overall reporting.

Access to endpoints via SSH/shell.

Deployment support with SCCM.

Great viruses protection.

Great threat detection and blocking features.

Malware analytics.

Easy to use.

Affordable.

The reports are straightforward.

I like the notification features.

No bad experiences.

Runs in the background and does not require end-user intervention

Uses cloud protection solution that always stays up-to-date

Low system requirements to run

The ability of generating a report with a summary of prevented threats

[It] will stop the threats before the compromise.

[Very] fast performance and quick response on attack.

Maximize operations efficiently[.]

Easy to configure and manage[.]

Logging

Dynamic malware analysis[.]

Alert send.

[We] can manage this through centralized management[.]

[Quick] malware detection[.]

The cost is little bit high[.]

AMP remediates threats without administrator intervention

AMP provides a detailed dashboard of new threats or events that occur

AMP is very configurable, policies can be scoped granularly

The dashboard should be easier to use

The agent updates are very cumbersome to manage

AMP support is difficult to use compared to Meraki. Lots of hoops to jump through to get someone on the phone.

Ease of use

Straight method to solve specific security issues and fulfill the security gap

Cisco Advanced Malware Protection (AMP) for Endpoints could have some features to integrate with third-party solutions

It is simple.

Its administration is centralized.

Integrates with other brand products.

Greater market penetration.

More documentation.

More partners with deep knowledge.

It gives great visibility of all detected threats across our devices.

It is very easy to deploy and maintain.

The cloud UI is constantly being updated with new features.

I don't know if this is a bad feature but the engine is very sensitive it picks up a lot of things that are not always threats.

While AMP is a strong product it is not cheap.

Software upgrades usually require a reboot which can make it difficult with student devices.

lightweight connector

great integration with other security products

highly effective

will also alert for vulnerable software being used on your systems

Management console is web-based, which is always less customizable.

Detects malware and viruses on endpoints.

AMP shows a timeline associated with an event and if the malicious event has spread.

AMP quarantines but also does retroactive pullbacks of malicious attachments or downloads if they are later discovered to be bad.

I would like to see some emphasis put on being able to makes notes if there is an incident you are working on so other analysts do not have to open the incident or ask you if you have worked on the incident.

More clarity around files/downloads that are quarantined...so that they do not end up in your incidents but maybe another tab for incidents that AMP resolved without need for work by an analyst.

I would like to see silent upgrades. At this moment in order to upgrade you have to do a reboot, this is my biggest frustration.

Detects and block malware on endpoints.

It provides good visibility and trajectory.

Easy to deploy.

The need for a reboot in upgrades.

The number of exclusions.

Easy to install/push to computers.

Runs in the background.

AMP helps drastically reduce investigation and remediation cycles.

More options for the end-user.