Cisco AMP for Endpoints Review

Real-time threat prevention using sandboxing, file trajectory, and retrospective security

What is our primary use case?

Endpoint security prevents malware and exploit kits coming into your mobile devices, and when you are outside the corporate network and not protected by the firewall.

How has it helped my organization?

Provides enhanced security, lowering IT risks, and IT operational costs by integrating with Cisco NGFW, network security and email security.

What is most valuable?

Real-time threat prevention using sandboxing, file trajectory, and retrospective security. On the prevention side, AMP has nine engines.

New feature AMP Visibility (beta) is an IR orchestration tool, where the local AMP for Endpoint Intelligence, Talos Intelligence, Threat Grid, AMP global intelligence, Umbrella Investigate, and VirusTotal are correlated. This gives a visual IR tool where you can search by file (SHA256), IP, or domain.

AMP for Endpoints is not a point solution. The AMP architecture also support ISR routers, IPSs, and NGFWs, Email and web security from Cisco is making common cloud threat architecture for all customers checkpoints.

What needs improvement?

It does not include:

  • Encryption
  • Decryption of local file shares
  • Disks and URL filtering are done by separate product (Umbrella/OpenDNS).

For how long have I used the solution?

Less than one year.

What's my experience with pricing, setup cost, and licensing?

Pricing can be more expensive than similar software that does less functionality, but not recognized by customers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment