Cisco AMP for Endpoints Room for Improvement

Tim Crosweller
IT Manager at van der Meer Consulting
The biggest area where I liked seeing improvement is in the interface and its interaction with the customer and portal. Since these things are quite technical, it's important that you can find your way around the console quickly without having to remember where things are. I think the interface has improved quite a lot in the last couple of years, which is good, but also the integrations are starting to be incorporated a lot more too. We can see more value in the product as time goes on. It's a different product to what it was when we first got it in terms of visibility and also its user interface. You need a certain level of technical experience because the console is not the easiest thing to look at. It's very in-depth and there's a lot going on. It does a lot of stuff. I often compare that to our antivirus console, which is pretty self-explanatory, but it is not really doing a lot in terms of its visibility. It will do similar remediation work, but AMP has the visibility. You can see where it's going and what processes are running. Everything that it's tracking can be overwhelming to some people so you need a level of IT and technical experience to understand what it's doing and your way around the console. It's a very high-level product in that respect. Therefore, it might scare a few people off if they're not up to that level. However, if you have someone who can handle it, then it's fine. There are some features with the integrations that I'm not using because I haven't gotten my head around how they integrate and how best to integrate them into what we're doing. It is just a matter of giving me some time to sit down with a Cisco rep and working through it to understand exactly what these things are doing, then implementing them. I am not one to pay for something that we're not going to use. However, from what I can see, everything that comes with the product is worth doing. Obviously, the threats out there now in the Internet world are only getting more complex. Therefore, it makes sense that we keep up with all the technology and software that comes with it. View full review »
Wouter Hindriks
Technical Team Lead Network & Security at Missing Piece BV
We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment. View full review »
Mark Bonnamy
Technical Director at Ridgewall Ltd
Some of the dashboards don't always populate with data. Most of them do, but some of them don't. Another issue for me, that would be the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal. If I were Cisco, that would be my greatest focus of all because it would be of such great value if I could give one pane of glass to an engineer and he could look across all the Cisco products. The other thing I would say to Cisco is they need to move more to a consumption model like Office 365, because I want to be able to sell it and deploy it by just adding things on to a particular client. For example, you set a client up on the AMP portal, which I'm looking at as I speak. I have X number of clients. If I need to sell or deploy Umbrella, I've got to go through a completely different process and enter exactly the same sort of thing. I've got to create the client somewhere else, I've got to put the information somewhere else, and I've got to run the deployment from somewhere else. Whereas with the Office 365 model, I'm able to upgrade packages and add features and functionality all from the one place. That is an incredibly powerful selling tool. The other area for improvement is to make billing simpler. The billing process for us is hard where we've got those two users. We've got to create a separate bill for those clients and we have to create a separate report to Cisco to say that we're billing those clients. Anything they could do to make that billing process more seamless would be of great value. If they could almost automate it, so that it is something that links in with accounts packages to make the billing process neater, it would help promote the sale of it and make it more profitable to sell. If someone deploys AMP For Endpoints on a client, at the moment that process is very disjointed. We've got to do a check once a month to see how many deployments there are relative to last month and, if we had to add one, we not only have to bill an extra one but we also have to buy an extra one from Cisco. And all that is manual. View full review »
Learn what your peers think about Cisco AMP for Endpoints. Get advice and tips from experienced pros sharing their opinions. Updated: July 2020.
437,168 professionals have used our research since 2012.
CIO at Per Mar Security Services
If it could physically go out and slap the end-user to keep him or her from doing the bad thing initially, that would be great. But seriously, maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that. View full review »
Security Officer at a healthcare company with 51-200 employees
The solution’s endpoint protection, in terms of the operating systems and devices that it protects, is pretty comprehensive. The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on. It's a rapidly evolving product. Every time they turn on a new feature, you're going to have glitches. Recently, they put out a bad version of a Connector, but they put out a new version of a Connector every other week it seems, so they pulled that back and put out a new version. View full review »
Neal Gravatt
Sr Network Engineer at a real estate/law firm with 1-10 employees
The endpoint agent on a machine doesn't provide much data. And the thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself. There are features that are supposed to work that don't that reduce the duplicates. View full review »
Cole Two-Bears
Systems Architect at a consultancy with 5,001-10,000 employees
The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications. As far as reducing the attack surface, Orbital really doesn't decrease that surface. View full review »
System Architect at COMPASS IT Solutions & Services Pvt.Ltd.
I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products. AMP works very well within the Cisco ecosystem. If it could work along with the third party ecosystem as well, if that integration or even more APIs came into play, I think we could utilize this product a little bit better. One thing which I would like to see in terms of a major improvement would be AMP supporting the IoT infrastructure, which has been coming up in networks recently. It should also support more factory managed devices, like systems running Linux. Better support is what I'm looking for. The common endpoints are already covered and we work very well with them. That would be the case if support is extended to new devices as well. I think that would bring real value to the table. AMP has recently released email security and web security. If there was something like a common dashboard, similar to that of CrowdStrike, it would be useful. AMP needs to come up with a common dashboard for all of the solutions. That single pane of information would allow us to view everything. Instead of installing a plugin, what we need AMP to do is run installs in the background. Then the user doesn't know that AMP is running on the system. That would be a fantastic use case or the recommendation which I would like to make, in they're looking for products and features to develop. Something like that would allow me to have a high-end deployment in place for AMP which would be ideal. View full review »
Solution Architect / Presales Engineer at a comms service provider with 1,001-5,000 employees
It should be doing backups. Every stage that this malware is going forward, it should snapshot the situation. Then I could go back to the first stage before it got infected. It doesn't have this option, and I know that other manufacturers have it, like Check Point, for example. In the next release, I would for it to have back up abilities. I would like the ability to go back to a point in time to when my PC was uninfected and to the moment of when the infection happened. View full review »
Mohammad Siraj
Deputy GM at Oregon Systems
When we're talking about anti-malware protection, AMP is a very good solution, but again, the CSO level reports are not generated. There is a dashboard, there is a report, but again, those reports have to be taken to the CSO, because when it comes to security, we always want to have high-level reports. So if we had a system that generated reports from the AMP itself, that would be great for us. Also, the solution needs more in-depth analytics. Right now they have implemented AMP, so, monitoring is happening, but you need to see what exactly is happening, the updates and then the mode of attacks that have happened and have been prevented. An in-depth report could be generated, and it should be on a CSO level. That's the value should be added to AMP solution. View full review »
Edvins Logins
IT Security Services Owner at Atea Global services
We would like to have an API integration with a SIEM solution, because as far as I know, it currently hasn't yet been released. We are looking forward to it because it's important for us to integrate the product with a SIEM solution in order to provide our customers a good, robust solution. It needs major improvement with its ease of integration. View full review »
Chief Information Officer at Sacramento County
I would like them to add whatever makes filtering more advanced in scanning and blocking for malware in emails. It would just improve the product further. I think they are working on this, the continuous improvement aspect. View full review »
Designer Engineer Cyber Security at Salam Technology
I think there should be better support and I would also like to see an easier implementation of the solution. The support should be cheaper and more available during the implementation stage. It would be great if they could have support teams that involve an AMP team because there's a specific team for AMP. View full review »
Mohammad Siraj
Deputy GM at Oregon Systems
The reporting and analytics areas of the solution need to be improved. View full review »
CEO at Oriental Weavers
I would like more seamless integration, because I have a security solution based on Cisco and I'm looking at integration for the old solution. It would be much easier for the security administrator to monitor integration. View full review »
Network Administrator at Lili Valley Foundation
In the next version of this solution, I would like to see the addition of local authentication. View full review »
Learn what your peers think about Cisco AMP for Endpoints. Get advice and tips from experienced pros sharing their opinions. Updated: July 2020.
437,168 professionals have used our research since 2012.