Cisco has definitely improved our organization a lot. In terms of business, our company feels safer. We actually switched from legacy signature-based solutions to threat intelligence-based and machine learning-based solutions, which is Cisco Secure. This has improved our security significantly, from 10% of signature-based technology security to 99.9% of the current one which we are running. We were happy.

The threat-based solution, the machine learning-based solution moving towards AI, the ecosystem visibility, and the single click of threat hunting and incident response, were the few major reasons to switch from legacy security to the latest one.

The implementation of Cisco Secure Endpoint has had a significant impact on reducing the operating expenditures of our organization. The savings amount to approximately half a million to a million euros every year. We don't need a lot of different solutions that collect all these threat logs, correlate them, and then automate them for incidents. We already have this with Cisco SecureX, more or less. Cisco is also saving on the FTE side, we need fewer resources to do threat hunting and incidence response.

We save approximately half a million to a million Euros every year with Cisco solutions. 

The actionable alerts in the security console are very good and very useful. They alert us immediately when something happens so that we can take action faster, instead of having to wait until a user report's something or until we view the logs. It sends you alerts so that you can know about them as soon as they happen and remediate the problem. It's a very nice feature.

The solution also makes it possible to see a threat once and block it everywhere, across all endpoints and your entire security platform. You can identify a threat and then mark it as, "If you ever see this file, delete it." It uses something like crowdsourcing, where, if someone works for another company and has AMP and it detects a malicious file on that person's computer, it then updates so that my AMP knows about the virus at that person's company, and protects my company from their virus.

Cisco AMP simplifies endpoint protection detection and response workflows. I'm the only one who manages it now, so it frees up time for a lot of other people. Once it is deployed and set up, one person can manage and maintain it. That reduces the number of people you have to pay for those responsibilities. The console will show if an AMP agent has checked in and I can use all the search features it has. And it deletes all the viruses so I don't really have to do too much, once it has been installed.

It has also minimized security risks to our business that we were previously unaware of. It points out vulnerabilities in software that is already installed, such as in Microsoft Office. If you don't have the latest version of Office, AMP proactively lets you know that you could potentially be infected. We didn't have that before. It has a more comprehensive database that's made up of all the information it has collected from my company and all the other companies that use it. It takes all that information and protects your environment from anything it's ever seen.

When it comes to time to detection, Cisco AMP has taken it from one day to one hour. And our time to remediate has gone from hours to minutes. It does it itself, so we don't have to do anything. 

I can't think of a case where a computer was infected and AMP did not let us know or missed it. It has never happened to us that the product didn't detect something while another product did detect that problem. So far it has been 100 percent successful.

The ability to respond rapidly, whether it was doing isolation or threat hunting, helped improve our security. Even when there were a few false positives, it was a good exercise for us to run through and determine what exactly was going on. It was definitely an improvement from what we were using before, which was Trend Micro. That tighter integration definitely helped.

In the time that I was there, we didn't really have any sufficiently major occurrence that did not turn out to be a false positive. But there was useful stuff coming up on the dashboard, where it showed the vulnerable applications. Being aware that those were in our environment, and what threat level they presented on that one to 10 scale, was helpful. It enabled us to say, "Hey, look, Firefox version 71 is still in our environment, and it's a 10. We need to contact that user and get them to upgrade, or remove it if they're using something else." That definitely allowed us to enhance our security posture.

That prioritization of threats, particularly on those vulnerable applications, meant we were able to take action using Microsoft Endpoint Manager. We could deploy applications with supersedence to get that old product off of the machines or upgraded. It definitely improved our situation.

Being able to do pretty immediate research through a simple right-click and threat-detect was very quick and invaluable in making a rapid assessment of what I might be looking at. And with the tighter integration with the Umbrella and Firepower products, when I got in touch with our infrastructure team, they were able to see what I was seeing and more. That was very eye-opening: Wow, look how much information we can get and how quickly we can get that information. We could start evaluating what our status was and what actions we needed to take.

Overall, the impact on our security was that the endpoints were that much safer than they were before, by eliminating those vulnerable applications. And in the event that there was something that appeared to be significant, we had the ability to isolate that device.

Also, Cisco Secure Endpoint, as far as I know, consolidated endpoint, cloud, and remote access agents into a single agent. When we bought the product, it was actually Cisco AMP, and then they went to Cisco Secure Endpoint and everything was managed through the cloud. With that change in the agent, I presume that was all moved to a more cloud-oriented situation.

I would say it improved our time to detection, but that's one of those things that is hard to document. I didn't spend a whole lot of time working with the Trend Micro product, but it seemed to me like it was probably an improvement of at least 30 minutes, which in today's world is forever.

Cisco Secure solutions have improved our company in the sense that we are now moving towards being a managed service provider, which is doing what Cisco is telling about combining your network, your hosting, and your security together in one company so that you can deliver IT services in a carefree way for your customers. So, Cisco is helping us in creating that goal of carefree use of IT.

I'm very glad that for most customers, we have onboarded Cisco Secure Endpoint because it helps us a lot in solving and detecting ransomware. It's being done automatically, so you don't have to worry. It's removing that. Therefore, it is called an EDR solution. It takes care of detection and response, and it's being done automatically. In the case some handling is needed, we have a connection from Cisco Secure Endpoint towards SecureX and ServiceNow. So, we are bringing that very simply to our support engineers. If any handling is needed there, they automatically get a ticket, and they can act.

It has helped a lot in saving time because when you have an automated flow of tickets, a ticket is immediately handled by the support people. They can immediately act in ServiceNow and see what they have to do if something is detected where a manual action is still needed. There are, however, not many cases because AMP already handles a lot of responses automatically. 

We are saving a lot of money on our operational costs because people don't have to enter tickets anymore in the system. Secondly, a lot of response is being done automatically by AMP. That helps us a lot as well in saving costs because, in the past, somebody had to do it manually.

The main benefit is that we have visibility on the network. With the combination of Cisco Secure Endpoint and our antivirus, we feel a little bit more secure. We have better monitoring of and overview of what's going on in the network.

It's reliable. It's doing most of the jobs for us, so we don't have to worry. We check it for just 15 minutes per day to be sure that everything is fine.

It doesn't save time, but we feel more confident that everything is okay on the network. It improves our security posture.

[It has helped our organization] tremendously. First of all, because we are always on-point in terms of our solution. We are proactively looking into the alerts and Cisco Secure Endpoint is already taking care of looking into it, provisioning it, and fixing it. All those three stages are done by the software itself. We are only looking at in terms of what the statistics look like. That really helped us. 

Because the solution is taking care of itself, we get the chance to research more on the other side of it rather than focusing on the problem. The moment a problem is there, Cisco Secure Endpoint is already working toward fixing it. That really helps us. I can go home and have [peace of mind] at home, not thinking about whether the next attack is coming and I have to wake up in the middle of the [night] to figure out what's going on. That really helps in a tremendous way.

It has easily [helped us save] hundreds of hours in a quarter. We are definitely saved because of this solution.

The solution improved the effectiveness of our security. Before Cisco Secure Endpoint, we used Trend Micro Deep Security for our virtualized environment, but it didn't allow us to track all the malicious events. We can follow them with Cisco, which is a positive change for us. 

Cisco Secure Endpoint enables us to stop a threat before it spreads across our system. This is a massive improvement for us, as we couldn't follow threats and respond to them as rapidly when we used other solutions. 

Most of the customers don't even know that they are more secure. It's like they expect to be secure, but the moment we have a big threat from the outside, they will see and they will know that we are far faster and better able to protect them and react to threats from the outside.

Cisco Secure has saved us time, especially the SecureX platform has helped us to automate certain processes and do analytics. That prevents us from taking each individual part of the logging. They have the intelligence in there to do the first check for us, and that saves a lot of time.

There is a reduction in operating expenditures but not only from the Secure perspective. Our full stack is based on Cisco, so we leverage the full integration part of that. We have our compute, we have our networking, and we have our security, and that makes it easier because you have less interfaces with different products.

From a technical perspective, I would rate it quite high for securing our infrastructure from end to end. From a behavioral perspective, in terms of the end customers leveraging it, there's still a little bit of work to do because we need to help the end customers to be more aware of what they're doing. On the endpoint for a user, they don't exactly see what is happening. From a visual perspective, you also want to have a feeling that you're safe or you get some tips or tricks to be safer, but for the most important part, which is the technical part, I would rate it very high. We really trust Cisco.

I think a large benefit of using Secure Endpoint is the ability to offload the personnel. We have a crisis in the country where we have too many jobs and there are not enough people, and using something like Secure Endpoint and integrating the Cisco ecosystem allows us to pull in all of this data into a single place and offset those people that we have to have to do the job. It allows us to do some threat hunting and make good decisions with good tools, and it's affordable. 

Secure Endpoint has decreased our time to remediate by providing the tools and the integrations we need so we can quickly look across our entire network, look for those threats, and actually make good decisions. 

Cisco Secure Endpoint provides us the scale to quickly reduce the time to find out about an event by integrating into different platforms and providing threat intelligence specifically from Talos so we could quickly find these things. Where things used to take days, we can now do things in hours. 

Cisco Secure Endpoint does a great job of allowing us to take the individual endpoint assets, do an inventory, and know what the normal state is, so we can have a delta when things change, and we can look for consistencies. And when those things change, we get alerts. We can know what's happening with those boxes. The great part about it is I was able to eliminate lots of other features of doing inventory management and spreadsheets and see what's going on. It's also allowing us to integrate all of the other secure malware antivirus-type platforms that do a single platform. And do threat hunting with that.

Five out of five times, Secure Endpoint helps every customer I talk to improve their cybersecurity resilience. It provides integrations, it provides an affordable and easy-to-implement package where we can quickly talk to customers and work with them to get a solution in place. Logicalis does a great job of taking the package and not just installing it, but doing it in a way that a customer can understand how to use that platform afterward. 

The fact that the solution offers cloud-delivered endpoint protection makes it simpler to use. Historically, Cisco's appliances have been relatively expensive and that has been a block to Cisco getting into the SME space, which is our particular focus. Having it cloud-based, where there's no cost, as such, to get the deployment running, has made it easier to sell to small businesses. We've got AMP installations with as few as two users. In the past, with Cisco, we would never have been able to deliver into that size of business without some sort of cloud for delivering it.

It also has a neat web interface that allows us to access it simply and therefore more people are able to manage it, rather than it being a specialist product. We're able to give it to more junior people on the helpdesk and they're able to determine quite quickly and simply what the state of the environment is and, if needed, escalate it to more senior people if they believe there's an issue. That's worked well for us.

We had quite a large client that had a partial AMP installation only covering key assets, and they were hit by ransomware. It was only Cisco AMP that showed where the problems were. The rest of the antivirus that they had across the estate was completely ineffective. AMP was intact and it gave the engineers the vital information they required to remediate the problem. With all attacks what we're interested in is knowing what was "patient zero," where the problem came in, and where it's spread. That can be a challenge sometimes when you've got multiple devices in a network and you're looking across a large number of PCs to work out who was compromised first and, therefore, what the course of action is.

It has decreased our time to remediate. In the scenario of the client that was hit by ransomware, effectively, none of the endpoints were compromised. We were able to detect what the issue was via the AMP client, which discovered and alerted us to what the actual problem was. We then had to do a cleanup process on the remaining. It certainly showed its value to us and the client in that particular incident. It is hard to say how much time it saved us, because in that particular incident they only had a limited deployment. It actually took six man-days to solve the problem, but it didn't affect any of the AMP clients. It arguably could have taken even longer, had they not had AMP deployed on at least some of the assets. It's very simple: If they had had AMP on all of them, they would have probably avoided the problem in the first place. And they certainly wouldn't have needed six days to actually resolve the issue.

Cisco Threat Response accelerates Cisco Umbrella security operation functions. The abilities of Talos are definitely one of the reasons we bought into this as a product. It enables us to react more quickly. We're relying on Cisco providing that updated information in a timely fashion, and that obviously has a knock-on effect on our ability to support our clients if they've been compromised. That ability to push information automatically into Talos and their environment and then prove it's a problem or otherwise, and then update the system automatically, saves us an enormous amount of time. It gives us a lot of confidence in what we do, because Cisco is able to update things and do that part of the function for us, rather than our relying on in-house skills to try to determine what is good and what is bad.

We use it internally, in our business, to secure us, as we are an MSP, which means we are at particular risk. Obviously, we have a duty of care for our clients to ensure that we take the utmost responsibility and steps to secure our businesses and, in turn, secure our clients' businesses. The Cisco suite of security solutions definitely gives us a great deal of comfort that we are doing that. Relying on Cisco for those updates certainly takes a load off my mind, knowing that we've got the backing of Talos across the suite of products. We feel, with all the steps we have taken, that there are very few gaps in our security.

The solution has also made our team more effective by being able to focus on high-value initiatives. We have it integrated into our helpdesk system where it alerts us of things that are of particular concern. That minimizes the amount of time that we're looking at non-threatening situations. A lot of these systems can throw up an awful lot of information and you can end up spending an awful lot of time looking at things that aren't an issue — false positives. If we're able to target things more accurately, it helps us focus that high-cost engineering resource more accurately. It does save time and money.

Cisco AMP has definitely decreased our time to detection, relative to where we were with previous products. Before this type of next-gen solution, we were relying on things like antivirus, which is pretty poor and didn't produce much in the way of protection, certainly around ransomware and other things. We were relying heavily on perimeter protection, like firewalls. That was, of course, completely ineffective when people took their laptops home. The risk was great and we saw more people bringing problems back into the business. The AMP and Umbrella combination has made life a lot more secure and enables us to deliver consistent policy, which is the other important thing. When people are in our building, we've got a reasonably consistent policy because we have greater control. But the minute a person leaves the building and connects via a phone or at an internet cafe, we lose most of the traditional protection we had. The endpoint becomes everything.

The decrease in time to detection has been significant. It's very hard to put a percentage to it because, before it, we were often blissfully unaware that devices had a problem at all. It's given us visibility and we are much more effective. I'm guessing in terms of what it saves time-wise, because it's given us visibility that we otherwise didn't have, but I would say 80 percent, if I had to put a figure on it.

We now have gained more visibility into what's going on. We had an incident four or five years ago where a member of our staff had a Tor Browser installed on his workstation in the office. I discovered it by chance while doing some work on his workstation. At that time, we had no way of knowing what was going on. Now, between our two Cisco products, we have the capability to see and block that sort of thing going on from the network side. From that point of view, it's straightaway. It has given us the security aspect of not having to deal with people putting Tor Browsers on their workstations to access stuff on the dark web. We have been able to lock that down straightaway, which is good, because that's obviously a big threat to any business. If you don't understand what's going on in and out of your office, whether physically or virtually, then you have no idea what's going on and where your risks are going to be. 

It gives us visibility with minimal intrusion. We don't have an on-premise sort of interaction with it, though. It's just a connector that sits on the workstations and servers, then interacts with the workstations or servers through to the cloud. It has very minimal impact on us in terms of performance. They have recently improved the updating of the program. It no longer requires a reboot after a connector update, which is always a handy thing. From that point of view, the impact is better on the business. I can roll out an update to all devices and not have to worry about having reboots, particularly for servers. Thus, the impact has gotten better on the business over time.

The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems.

The solution simplifies endpoint protection, detection, and response workflows, such as security investigation, threat hunting, and incident response. We have policies and procedures in place now at the HR user level and also at the machine level to make sure that certain procedures are followed and those procedures are put in place. From that point of view, the Cisco gives us confidence. We don't have to worry too much about threats. This means we can focus a lot more on doing the work we are being paid to do rather than spending time trying to protect the business too much. The fact that we are very quickly able to see what's going on is good in terms of how much time it takes to work through any issues. 

We now have a standard rollout of devices with procedures in place. The shared nature where Cisco AMP gets installed on all our devices means we are benchmarking our risk at a level that we're comfortable with. We don't have to deal with managing that risk day-to-day, as the risk level is fairly low in terms of what we're expecting from day-to-day operations. From that point of view, this means we can focus more on the business at hand rather than worrying incessantly about threats to the business.

I rely on this system. I am hoping that everything is fine with the system and that it will catch any harmful file or virus or trojan. If any of those things happen on my network, it will hold it or stop them.

It has helped to simplify cybersecurity in my company. I see that there are files that have been blocked. I don't go deep into the reports that I get from the system, but I believe that it's doing its job. I haven't had any serious problems.

The most valuable thing about the solution is a feature that's not in the actual product set itself. It's peace of mind. We take a look at security holistically, multilayered. We start from the edge and perimeter and work all the way down to the client. I feel we've deployed best-of-breed in each of the slices of the security layer. For the endpoint, Cisco gives us good clarity about what our endpoints are actually doing. So when we get bad actors into the network, we get quick visibility into which devices are compromised.

We've really subscribed to the whole security stack from Cisco. AMP feeds into that whole Threat Grid for us. We're able to see hashes, and the like, all the way down to the client and we get that visibility because of AMP. As AMP reports back into the Threat Grid, we can see the hashes running on the actual endpoint, and whether they are malicious, and what those things have done. If malware has infected a certain laptop, we get all the forensic evidence around that laptop and, if it's jumped, where that bad stuff has jumped to and what it's done. All that visibility is possible because of AMP.

Even as a standalone product, you get peace of mind having AMP running on something. So if you open up an attachment and it's doing things that it's not supposed to, because your endpoint gets security updates it is protected. Whether it's connected to the network or not, whether it's connected to the internet or not, it is protected. It does its job very well.

The fact that the solution offers cloud-delivered endpoint protection simplifies our security operations. We don't have to worry about updates or signature updates. It takes care of itself in the background, so it frees my guys up to do more meaningful work.

The quality of alerts that actually percolate up for us to take action on are on point. There aren't a lot of false positives so my security team is able to spend its time more effectively. They're not on a wild goose chase. They're chasing actionable things to take care of.

In addition, the security stack that we have in place allows us to see a threat once and block it everywhere, across all endpoints and our entire security platform. If one piece of bad malware gets through, the entire network will self-heal. It makes us more efficient. Standardizing on one pane of glass is the dream that you're after. So even though Cisco doesn't have just one management console for its entire security suite, the pieces plug in properly. With help from Cisco and their security experts, having this deployed the right way lightens the load on my team. We become much more effective. I don't have a team of 15 security experts running around our network, facing down bad guys and preventing them from ever touching our core pieces of data or IP assets they would be after. AMP and the rest of the security stack from Cisco give me peace of mind that the network is taking care of itself and that the endpoints are protected. As long as we are not careless with the pieces that we control, we can rest reasonably well at night knowing that Cisco is doing the heavy lifting that keeps the bad guys at bay.

AMP has decreased our time to detection and to remediate, without a doubt. It's gone down by 100 percent. We're able to detect, real-time, bad or malicious software and mitigate it, not quite in real-time but pretty darn close. If you go back to when we first deployed it, there was no time measurement, so I'm comfortable saying it has sped things up considerably. Now, we're only chasing real threats.

The product gives greater visibility of malware being downloaded by my clientele. In a more general fashion, Cisco Secure Endpoint has helped to prioritize threats. It has allowed us to make more effective use of our security team members.

Another advantage is that it has improved the effectiveness of our security options. We now have better response times when dealing with outbreaks.

We have decreased our time to detection, although it is difficult to say by how much because we weren't detecting all of the malware in the past.

It is reasonably easy to remediate issues using Cisco Secure Endpoint. In part, this is because I don't have to visit the physical machines to remediate them. As such, the time it takes for remediation has been decreased. 

It has greatly improved my organization from a security standpoint.

We need to follow many countries' laws about data privacy. This is a requirement that is key for users. Cybersecurity resiliency has been important for us because we need to protect against loss.

First of all, we performed a PoV (Proof of Value) together with our Cisco partners, and we tested about a few months the efficacy and complexity of this product.

After the evaluation of the cost and security that AMP 4 Endpoints could offer, we decided to replace the old solution with AMP 4 Endpoints. The implementation was performed, with support from Cisco partners, in a few hours. In the following days, AMP 4 Endpoints found many things that the old antivirus solution missed. That was a very huge advantage for us.

It has been effective as the primary AV tool.

The visibility, dashboard and the navigations gives pretty decent insights into threats, IOCs and endpoint events to help with proactive monitoring. Deployment and connector upgrades are straightforward with available technical documentation for most scenarios.

AMP simplifies endpoint protection, detection, and response workflows, like security investigation, threat hunting, and incident response. By using the solution, we've been able to divert attention towards of the tasks, saving us significant time and effort. It has also served as a one stop shop for endpoint anomaly detection and proactive protection, thwarting the need to gathering inputs from various applications and having to compile that data into one relevant result. It has obviously minimized security risks to the entire business, most importantly, endpoints, servers and other crown-jewel assets. 

It gives awareness of our users' security posture.

Cisco Secure Endpoint has improved our speed of response and the level of confidence we have that we are in good shape or are not in good shape.

It just gives me more insights into what threats are out there on the machines, so I can be more proactive.

Actionable alerts in the security console are helpful. With the security console, I immediately get to know about an issue. So, it has sped things up. It also gives you a way to research and see if an issue is spreading, so it has assisted quite a bit.

It definitely gives a starting point for investigating and mitigating threats. It has research tools, and we can run queries. I have used its Orbital Advanced Search feature. I have run quite a few queries to determine what is out on the network or on the devices that could be a threat. It could be something that is misconfigured or something that we don't want to have running. It is able to quickly run these queries.

I usually use the Orbital Advanced Search feature for groups. I use it to look for commonality for a threat thread, and it provides good visibility. I've never used it for just one endpoint.

Orbital Advanced Search helps in reducing the attack surface and investigating real-time data on endpoints. I've only used it a handful of times, and I was mostly looking for whether or not an update has been applied.

Orbital Advanced Search definitely saves time. I assume money goes right along with time. I don't have to go from desktop to desktop. I have 50 desktops, and if I'm looking for something in particular, it would take at least 15 to 20 minutes per desktop.

We use Cisco Umbrella. The integration when you use the SecureX console is really good to go from one to the other. I have pulled the endpoint and Cisco Umbrella into SecureX, so I just have one console. It was easy to integrate. They provided really good instructions. This integration just made things more convenient.

It simplifies endpoint protection, detection, and response workflows, especially for threat hunting. The way it is set up, with the console, I would get to know quickly that we have an issue. It increases operational efficiency because I don't have to go from desktop to desktop. I'm also proactive instead of reactive.

It has minimized security risks to our business. I've had several desktops where they have triggered an alert, and all I had to do was to go and clean that machine out before the problem spread. 

It allows us to focus on the incident instead of investigating the group, so we are more efficient. It has decreased our time to remediate because we're focusing on the machines we need to.

It has decreased our time to detect. I can't quantify the time, but in some of the older antiviruses, the user would say, "Okay, I've got a pop-up, and it has flagged this or that," and then you'd have to go look for it. With this, I know ahead of time, or I know when it happens. 

While I can understand from a theoretical standpoint how some organizations may not want a cloud connection, it increases the processing and detection because of ETHOS and SPERO detection. Throughout all the other Cisco security products, it is able to add this detection into the threat analytics through Threat Grid and Threat Response for other customers who have the same type of hash in their environment. There are the options: If you want to submit a file to be removed after submission and also for it to be submitted anonymously.

We tie AMP into our SIEM so we are receiving alerts through the SIEM. I also have AMP independently send me alerts. I have these alerts finely tuned so I'm getting the right severity level on events where I am being notified. If you choose to receive a notification on all events, potential malware, or potentially unwanted applications, you're going to have an overload of information. Therefore, AMP allows the ability to go through and fine tune the alerts, both in the console and remotely, so you get a proper level of notification to make actionable requests and executions.

In our organization, we have about 95 percent Windows operating systems. Then, we have about five percent Mac OS. Therefore, Cisco AMP covers a 100 percent of our endpoints. It's totally comprehensive.

I had a conversation with my CIO about a week ago. We are seeing more security incidents in our organization. However, we believe these events have always occurred, and that we are more aware of them now. For example, last Thursday we had an incident where a device tried to go and reach out to a malicious website. Because of the integration we have with Threat Response between Umbrella with WSA and AMP, we were able to stop that malicious activity. That's something we wouldn't been previously aware of: If we had an endpoint out there trying to reach out to a malicious site. Until it hit our perimeter security, we wouldn't have been aware of that. You don't always want to rely on your perimeter security for everything, as it won't catch everything all the time. Therefore, you want a multilayered approach, and having Cisco AMP and Cisco Threat Response helps us to accomplish that.

It offers advanced threat protection by using machine learning to prevent any possible cyber threat, including malware and ransomware. We get complete real-time visibility and control over the system, so it is easy to track any possible data breaches. You can see on the report what kind of tactic was used and at what time. It provides a comprehensive security posture for our company.

It helped to free up our IT staff's time. We don't need to manually check everything in the compliance area. Everything is automated, so we don't need to check all the time. I don't know how much time it has saved, but it helped us a lot.

The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it.

The solution’s actionable alerts in the security console are granular. They take you right to whatever the incident was so you can start investigating it. One thing that I have noticed lately, as we have spun up more tools associated with our Enterprise Agreement, is that AMP interfaces with all of them, then takes on some automated actions. One of the things that AMP allows you to do if there's an incident, it gives you an alert. This is because a threat was detected. You can click on the threat that's detected, then it takes you right to it in the timeline. Finally, you can pull/fetch the file and submit it for analysis. However, it will also do that automatically.

Cisco is standing up so much stuff right now. This solution interfaces with Talos Intelligence, Threat Grid, Threat Response, and SecureX. All of these things are integrating together and a lot of stuff is now starting to happen automatically, e.g., if a threat is detected, it is automatically interfacing with Talos Intelligence to figure out what that threat is and the hash value of whatever file that is. If it thinks it's suspicious, it automatically submits it to Threat Grid, which detonates the file in the sandbox, but also in the cloud, and returns a report saying whether the file, or whatever it is, is an actual threat/incident. Then, it remediates and quarantines it, and you find out about it later. It's doing a lot of stuff in the background as the integration with other tools increases.

Cisco Threat Response accelerates security operation functions. It gives you great visibility into your network. You start with a hash value, and you can search for that hash value within your environment by just dropping it into Threat Response. Then, it'll show you how that file has interacted with other files, systems, and devices. It gives you immediate visibility with a chart that shows you where that file has gone and where it's been. If you're looking to contain outbreaks, it's all there.

Cisco AMP simplifies endpoint protection detection and response workflows, such as security instigation. It really shortens the window to respond to an incident. You can do something in five minutes that probably would have taken several days in a big, diverse, ambiguous environment, where you have a lot of people working remotely. It would be tough to run down all this stuff. It is saving not only time, but manpower. Another person plus myself can now fix a problem. Whereas before, I would have to crawl through four or five different people before I got the right guy to get to the right place to do the thing that I needed him to do.

We are on proof of concept phase and will see how it works.

I hope it will help decrease mean time to detect and respond, because it provides scalability, and we could make an efficient, effective service providing it for customers.

Cisco Secure Endpoint has improved our security boundary. It makes our network more secure.

Cisco Secure Endpoint has decreased our time to remediate and time to detect, but I don't have the metrics.

Cisco Secure Endpoint has improved our cybersecurity resilience.

We worked a lot from home over the past few months. This was our only product that did not need to be changed in configuration when all the laptops did not come into the office for a few weeks. As long as there's an Internet connection, it will get the updates. Anything happening locally will upload to your cloud so you have full mobility on it. You have no need to update your console. You log in one day, and there's a note saying, "We added these new features. Click here for more." It has taken a lot of the hassle out so you don't have to worry about the connectivity or updates. You can just worry about stopping the malware you're investigating and incidents in your environments.

Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us.

With Cisco AMP, or any Cisco security products, you get Cisco Threat Response. Threat Response takes the intelligence from all your different solutions, then combines it with sources, like VirusTotal, and includes general information that Cisco has available on those threats. E.g., if I see a file somewhere, I can with one click go from my AMP console to Cisco Threat Response, and there it will be enriched, saying, "We have already seen this piece of software two months ago in Japan. This is what we thought of it. We did an automatic analysis on it. These are the indicators on this piece of software being either malicious or benign." With Threat Response, it is very easy to go from what's happening on my environment to what's happening in the world.

If there's spam coming from a machine, I can with one click determine, "Has there been any other intrusive events originating from this machine? Has it been sending me just spam or has it also been scanning me, making connections to other machines, or login attempts?" With Threat Response, we get the view from all sides, both inside and outside our network.

Orbital helps us with investigation, especially if there's been an incident on one machine, and I want to know, "Are there other machines in my environment with the same type of modifications." It's just a click away. I don't have to leave the Orbital or AMP to do the incident investigation. Thus, I don't have to pivot to another solution to check the event logs or files on the endpoints, and not having to leave the tool is very efficient. You have the same casebook in which you can keep notes of your investigation, then you can share the notes with your colleagues. 

The solution simplifies endpoint protection, detection, and response workflows, such as security investigation, threat hunting, and incident response. This positively affects our operational efficiency. We don't have to guess anymore if we have everything or need to use different tools. I can query the machines directly from Orbital. It's a complete tool set. You don't need anything else besides the tools you get with Cisco AMP. There are things now possible which we could not do before, and they're easier than before as well.

Cisco AMP is the broadest, most integrated security platform that connects the breadth of Cisco's integrated security portfolio and the customer's infrastructure for a consistent experience. It unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications--all without replacing your current security infrastructure or layering on new technology.

I am told that we get over 100 million emails a month. This filters them down and allows only somewhere about three million emails, which is a great help.

Provides enhanced security, lowering IT risks, and IT operational costs by integrating with Cisco NGFW, network security and email security.

This solution has allowed us to segment the organization to provide better security.