We performed a comparison between Cisco Secure Endpoint and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The setup is pretty simple."
"The product detects and blocks threats and is more proactive than firewalls."
"NGAV and EDR features are outstanding."
"The stability is very good."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The VPN is most valuable. It's the best thing in the market today. We can use two-factor authentication with another platform, and we can authenticate with two-factor."
"Cisco has definitely improved our organization a lot. In terms of business, our company feels safer. We actually switched from legacy signature-based solutions to threat intelligence-based and machine learning-based solutions, which is Cisco Secure. This has improved our security significantly, from 10% of signature-based technology security to 99.9% of the current one which we are running. We were happy."
"The console feature gives a centralized management of what's going on, and if something happens, it gives you an alert. So, that's the most important feature for me."
"The stability of the solution is perfect. I believe it's the most stable solution on the market right now."
"appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us."
"Integration is a key selling factor for Cisco security products. We have a Cisco Enterprise Agreement with access to Cisco Email Security, Cisco Firepower, Cisco Stealthwatch, Cisco Talos, Cisco Threat Grid, Cisco Umbrella, and also third-party solutions. This is key to our security and maximizing operations. Because we do have the Email Security appliance and it is integrated with Threat Response, we have everything tied together. Additionally, we are using the Cisco SecureX platform, as we were a beta test for that new solution. With SecureX, we are able to pull all those applications into one pane for visibility and maintenance. This greatly maximizes our security operations."
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"The most valuable feature is the ability to collect authentication information from service providers."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"The scalability is good. It can be scaled easily in the production environment."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"It takes about two business days for initial support, which is too slow in urgent situations."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"I haven't seen the use of AI in the solution."
"We find the solution to be a bit expensive."
"Integration and dashboard are areas with certain shortcomings in Cisco Secure Endpoint."
"It cannot currently block URLs over websites."
"In the next release, I would for it to have back up abilities. I would like the ability to go back to a point in time to when my PC was uninfected and to the moment of when the infection happened."
"I would like to see integration with Cisco Analytics."
"We would like to have an API integration with a SIEM solution, because as far as I know, it currently hasn't yet been released."
"The user interface is dull."
"It's pretty good as it is, but its cost could be improved."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"This solution is very hard to implement."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"Their visuals and graphs need to be better."
Cisco Secure Endpoint is ranked 9th in Endpoint Detection and Response (EDR) with 44 reviews while Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews. Cisco Secure Endpoint is rated 8.6, while Elastic Security is rated 7.6. The top reviewer of Cisco Secure Endpoint writes "Single dashboard management, quick infrastructure threat detection, and high level support". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". Cisco Secure Endpoint is most compared with Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks, CrowdStrike Falcon, Check Point Harmony Endpoint and Cisco Umbrella, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint. See our Cisco Secure Endpoint vs. Elastic Security report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.