What advice do you have for others considering Cisco Secure Endpoint?

Talos is a major feature. We have STC access. We are pushing our partners and customers to purchase Cisco Umbrella and Cisco Secure Endpoint. Usually, customers are not aware of the product. They tell us that they already have an antivirus solution. We must educate them about the difference between antivirus solutions and Cisco Secure Endpoint. Overall, I rate the product a nine out of ten.

It is a very good product overall, it provides multi-layered protection, but its promptness is challenged, so that is something that should be worked on. I would rate it eight out of ten.

I recommend the solution to those planning to use it. I rate the overall solution an eight or nine out of ten.

I would overall rate the product an eight out of ten and recommend it to fellow users.

The vendor from Cisco takes care of the maintenance. We need three people to take care of the tool in case of crashes. From the dashboard, we come to know about everything related to the endpoint. You can take action unless it is not the physical hardware to which something wrong has happened, especially if something wrong happens to the operating system. I would definitely recommend the solution to those planning to use it. To provide endpoint protection, I feel the product should be speedy enough to detect malicious programs and trojans. There are a lot of tools that are not acting as signature-based but as behavior-based antivirus. Cisco Secure Endpoint is required, especially if the customers don't have a sandbox. Overall, I rate the product an eight out of ten.

I would definitely weigh it with its competitors. The best bang for the buck in the technology is Cisco Secure Endpoint. I would rate Cisco Secure Endpoint an eight out of ten.

Don't take it to light and implement it with your customer in mind, and don't only implement it as a technical project. It's all about mitigating risks for your customers, and it might not always be technical. Be aware that implementing such a new embedded technology might also cause an impact on performance. So, keep informing your customers about the benefits and say that it might be a little difficult at certain times, but when we're finished, they are far safer than they were ever before. Open Line has a big customer base in healthcare, local government, logistics, and social housing. Societal responsibility is quite huge in the Netherlands. Cisco might also be aware of the impact that they have. They shouldn't just look at us as a managed services company or a partner; just be proud that their social reach in the Netherlands is so high. They're part of that as well. At certain times, I don't think they're aware of that. They can be far prouder than they are right now. I'd rate Cisco Secure an eight out of ten because we have a high ambition level. Perhaps with the new Cisco 3100 series firewalls, we'll go up a little bit because that will also help us in a risk-based security approach.

To those evaluating Cisco Secure solution, I'd advise understanding the roadmap and the architecture of Cisco very well and seeing how it can add things. I have to mention Microsoft solutions because there is an added value on top of the Microsoft solutions, and that's what you have to look for. Cisco Secure solutions are currently at the level of a seven out of ten, and that's based on the fact that some management consoles are not working together, and in some of the new products, there are still, for instance, some known bugs. That's an issue that could be improved, and they are working on that.

I rate Cisco Secure Endpoint an eight out of ten. I chose a rating of eight out of ten for Cisco Secure Endpoint because it does not provide pure AI-based detection or AI-based learning, which is a core reason for my rating. While Cisco's current support is excellent, it may not be the same in the future. Additionally, there is a lack of visibility from Cisco about its AI-based security solutions. We are working with other vendors who excel in AI and are augmenting them with Cisco solutions in certain segments. However, we hope to see Cisco improve in the AI-based security space in the future, even though we don't have any insight into any AI-based security projects that Cisco may be working on.

I'd rate Cisco Secure Endpoint a nine out of ten. It's excellent.

If you have a Cisco environment inside, it's best to have a Cisco solution for the outside. You don't need to use multiple vendors because it can be difficult for them to communicate with each other. Sometimes, there can be difficulties when you have different vendors. Overall, I'd rate it a seven out of ten.

We had a very small IT team, so we didn't have a security team, per se, other than being able to rely upon Cisco for assistance if we saw something that we thought was major. We could have them, if need be, engage their team through the active threat detection. But luckily, everything that we ran into that looked like it might have been something major, turned out to be a false positive. With the few false positives that we had, we were able to mobilize and react very quickly. We were able to involve Cisco pretty much right away, and start the threat-hunting routines and look at the virus total scores to determine if it was really a threat. How it entered the environment, et cetera. I thought it was very easy to do an investigation to the point that I was involved as the endpoint manager and the administrator of the software. When it came to the real threat hunting, because I didn't have access to Umbrella and Firepower, once I detected something, it got handed off, to a large extent. I would do what I could on my end to isolate the endpoint and get the information over to the infrastructure team, and then they really ran with it. I didn't notice it necessarily shutting down threats in advance so much as it threw alerts, but that may be because we did not have the automations and workflows configured to do that, by the time I left that company. That was something that we were looking into and playing with and developing. Overall, I really liked the product. It was well done. If I had to say the few things that were lacking, I really would have liked the ability to drill deeper into the reporting. Also, the documentation available online didn't always seem to fit and could be kind of convoluted, and it was difficult to locate what you were looking for.

I would rate this solution an eight out of ten as we are in a Cisco environment. Without that, it would be a seven out of ten. Our biggest challenge was the initial deployment, which required using SCCM or other automated tools like Ansible, Puppet, or Chef. We spent a long time in the audit phase, as the configurations we made didn't integrate well into our environment, causing stability issues. We started using SecureX, but we're at the beginning of understanding and fully implementing its capabilities; we need to learn more. We like the integration of Cisco Secure Endpoint with other Cisco products like Firepower NGFW, ISE, and more. We use a proxy as we have another company acting as our SOC; they receive threat alerts and relay them to us. I'm satisfied with the solution, and I recommend it to those with other Cisco products. I wouldn't suggest it to those who don't have them. Cisco Secure Endpoint requires some knowledge of security and malware. An understanding of heuristics, exploits, and living-off-the-land attacks is essential. I would advise any organization to acquire this knowledge if it doesn't exist in their staff pool before implementing and deploying the solution in a production environment. The solution taught me to take things one step at a time.

My advice for anybody who is considering this solution is that all of their security products should come from the same vendor. This way, your dashboard can be set up to monitor all of them. In my case, because we're a Cisco shop, this product makes sense for us. The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected. I would rate this solution an eight out of ten.

Traditionally you'll see the industry reviews talk about Cisco Secure Endpoint as typically in Cisco environments, but I'd tell the CrowdStrike users and other folks to take a look. It's an interesting solution and it provides a lot of value. Cyber security resilience has been extremely important for our organization. Cisco Secure Endpoint has stopped a few things. I don't know whether other avenues of defense in depth would have caught them or not, but the resilience of depth and the ability to keep moving, even after an event, keep the rest of our business productive. The Cisco environment has been perfect. When there is an event in the news that I know my leaders are going to be reading about, in 10 minutes I can check my environment to see if I have any indicators of compromise, and I'm done.

I really recommend to test and connect it with different devices, especially mobile, tablets, notebooks, and servers. Then, the potential customer can understand the value of naturally integrating all these devices together. When it comes to data security, it is important to protect the data. I would rate the solution as nine out of 10.

The fact that I've been using it for five years already means that I believe I can trust it. Others can also trust it.

Very good AI mechanism. 

My suggestion is to install it together- in parallel modifications for exclusions- with one more "traditional" AV. 
Management dashboard and reporting need some improvements. 

I would advise others to take a real hard look at it because it is a good solution for companies of our size. I like the fact that it is managed in the cloud. I don't have to maintain a server presence. It is easy to use. It was a bit of a learning curve to start with because I was completely unfamiliar with it. I just dug in there and figured it out. Its documentation is fairly good. If you go through SecureX, everything is right there in terms of user access and device protection. This integration is nice, but so far, it hasn't really saved me any time. It may in the future. I believe it makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform, but I never had to do that. I would rate Cisco Secure Endpoint an eight out of 10.

Everything is working fine.

If you are looking for deep security and malware for your endpoint users and network then I would recommend Cisco AMP. I would rate Cisco AMP for Endpoints a ten out of ten.

It's been really interesting working with the application, going from 5.X.X connector versions up until 7.X.X. As previously highlighted, there are numerous ways to improve the products. Working with the engineers in previous cases, there is the zeal to improve and an attitude that embraces change

I began with implementing Cisco AMP for Endpoints and then integrated Umbrella and the other products after that. I would rate this solution a nine out of ten.

It's very simple to deploy, doesn't cause much in the way of management overhead, and does what it suggests. I would have no hesitation in recommending it. We obviously do, as we're selling it and have been using it for a number of years.

At the start, we realized how much we didn't know what was going on in the network and where all the endpoint weaknesses were. That opened eyes up straight away to the risk that was involved. Then, we did the numbers, and said, "For us, risk is downtime, and time is dollars." We just did the sums very quickly and worked out what it would cost us if we didn't have any idea what was going on in the network and got hit by something that we should have been aware of. Because if the software is out there and gives you this type of visibility, you should be using it. We do use it with another Cisco product, Cisco Umbrella, which is a DNS-level content-filtering, web-filtering software. That has had an impact on the business world in terms of restricting a lot of stuff which may have come in for some web pages or websites that may not have been secured. We have seen a reduced impact on the business because we're using the two Cisco products together. I would give Cisco AMP a nine (out of 10). It is as good as anything out there. I can't see any reason why we would look elsewhere for a product. It does the job it's meant to do and is improving all the time. We have been very happy with it.

You need to look at your exclusions. You need to understand everything you have in your environment that needs to be able to operate. Because one thing AMP does, if doesn't know what a file is, it will go get that file and isolate/quarantine it. That file might be part of another software platform that's needed to function for whatever it is you do. Chances are you won't have any visibility into whatever that platform is until it stops working, because AMP has quarantined one of the central files for it. Knowing what you have in your environment, what the exclusions are, and how to create and apply those exclusions for those other systems is a key piece. I think that AMP is really effective in isolating and stopping things that it doesn't know. This is probably good because you don't know if a threat is really a threat until you get a chance to look at it. AMP gets out in front of that. This can cause problems if you don't know that you need to have an exclusion, but you're better safe than sorry. We are using Cisco Email Security, Cisco Firepower, Cisco Talos, Cisco Threat Grid, and SecureX. We have not stood Stealthwatch up yet. We are refreshing our ISE instance. The integrations across the board have really been a multiplier for each tool individually, and certainly through AMP. It's really launched AMP into another level far as automation is concerned. The integration of all these tools is seamless and very effective. I would rate it an eight (out of 10). It is all still a work in progress; it is all still a new thing. Not only is the tool itself a new thing, but how the tool integrates with all the other tools. It's in development.

They keep adding more features to it and there are features you can enable and turn off. One of the best, newer features addresses the fact that it did not work unless you had an internet connection. They put an antivirus engine on there that works when it does not have an internet connection. That was a big deal. It has a lot of capabilities. They keep developing more for it, which makes it a better product. Be sure to password-protect it so that users can't disable it. It has a feature to add a password to it which prevents the user from uninstalling or even stopping it. Also, enable that offline antivirus engine called Tetra. You want to be sure to enable that so that it works when it doesn't have an internet connection. Using the product, what I've learned is that you need to keep the client up to date. One of the hardest things is that people have computers that come and go. Someone might have a laptop that breaks and the company will give them a new one. You've got to manually find that broken laptop and delete it. You want to make sure you go in there frequently to ensure that the information is accurate or up to date. If you wait too long and there are hundreds and hundreds of computers you have to search and work. That's way too much. We did Threat Response and we did a demo of Threat Grid and did not move forward with it. We had it integrated with ISE and Umbrella. Threat Response provides a little bit more information but, honestly, it wasn't that useful. It seemed like it was a repeat of what we could already find through the other tools we had. Threat Response isn't the best add-on to it, but it's free. It provides more information but the response wasn't that good, those times that I used it. Threat Response didn't impress me. It does do more, but it's not that useful.

Integration is a key selling factor for Cisco security products. We have a Cisco Enterprise Agreement with access to Cisco Email Security, Cisco Firepower, Cisco Stealthwatch, Cisco Talos, Cisco Threat Grid, Cisco Umbrella, and also third-party solutions. This is key to our security and maximizing operations. Because we do have the Email Security appliance and it is integrated with Threat Response, we have everything tied together. Additionally, we are using the Cisco SecureX platform, as we were a beta test for that new solution. With SecureX, we are able to pull all those applications into one pane for visibility and maintenance. This greatly maximizes our security operations. Orbital just went from beta to production recently, so I haven't had the opportunity to go through and do a complex search on anything yet. Biggest lesson learnt: How impactful proper tool utilization in an organization can be to the overall efficiency. I would rate the solution a 10 (out of 10).

Read the manual. There is a lot of information in there. Cisco gives threat hunting workshops globally, which are free. They take about half a day and show you how to use this product for threat hunting. Because we're looking at protection and antivirus, we're looking at a reactive response if there is a nasty file to be blocked. With Cisco AMP, you get the possibility to proactively go hunting for threats and find them before they become a problem. With this workshop, it will really shows you the different tools with real life examples, how to effectively test, and make the most of your investment in Cisco. The solution’s endpoint protection is very comprehensive in terms of the operating systems and devices it protects, e.g., servers, Windows and Linux, smart devices, tablets, or home PCs. As long as it has an Internet connection, I can deploy an endpoint connector. I can get all the input into Microsoft for that endpoint as well. We haven't had any operating systems or devices in which we could not get visibility with AMP. Other solutions are just the basic, "There was something wrong." They will give you the location, but will not give you the context, from which user, nor show you how the file got onto the system. With Cisco AMP, I just open a dashboard and it will show me (without doing anything), "We had 60 malware incidents via Chrome. We had five malware incidents via Outlook. We had two malware incidents from USB sticks." Immediately, we have an overview of how we're doing today, also showing where the nasty things are coming from. I don't know if there is anything that I'm not seeing. With Threat Response, there should be some new integrations announced later this month. I would rate this solution as a 10 (out of 10).

Take a holistic view of your security stack. If you can only focus in on the endpoints, I understand, but if you take a longer view on where you want your cyber security posture to be over the course of time and over the course of budget, this is a great building block. I took a step back half a decade ago, evaluated where we were and where we needed to be, and I started taking baby steps. We started with AMP; we quickly added Umbrella. And that was a great little solution to endpoint protection. We knew where our people were going on the internet. We could block them from bad sites. We had the power of Talos protecting us. Over the course of time, and as budget constraints allowed, we were able to add on more layers. I would rate our cyber security posture as very mature. You're always growing, you're always evolving, as the threat landscape does, but I think that we have the fundamentals in place to be able to adjust rapidly to an evolving threat landscape. That didn't happen overnight. We didn't just open up the checkbook and write a $10 million check to say, "Hey, we have cybersecurity." We took a very methodical approach over the course of time, trying to plug in the right pieces as they fit and as our business grew and matured. Our fundamental building block was AMP. We started there and then built out from it. Just recently, this past fall, we finished up building security into the core of the data center. We built from the endpoint up to the perimeter and then into the data center. Now, we have good visibility into our north-south traffic, where AMP plays and, with the recent project that we just finished up, we now have great visibility into east-west traffic out of the data center. AMP plays into that, too. At the end of the day, AMP will feed both data feeds and give you good visibility into all your traffic, whether it's leaving your network, coming into your network, or going across your network. We're very confident about the security alerts that pop up on Threat Grid. And we use another tool that's not Cisco-related, another SIEM tool, that will alert us for different things. We cross-correlate the two platforms — it's like a check-and-balance, if you will. It makes sure Cisco's doing everything it's supposed to, and that this other tool is doing everything it's supposed to do.

AMP for endpoints is a great advanced cloud based solution. My opinion is to keep up with an aditional antivirus (add exclusions on both AV & AMP for scanning).

I normally work with Cisco systems, as well as most of the routing and switching companies out there, like Juniper, among others. We're partners with Cisco. I handle consultation with all Cisco products, which includes all of the safe architecture, security logging, and switching. I'm basically working with the system architecture within Compass. I am a unified, tech grade umbrella for the entire product portfolio. I'd advise, if users are running a Cisco environment, to definitely adopt AMP as an endpoint-based solution, which makes it a lot easier for them to manage your devices. I'd also advise that AMP works very well if someone is running a non-Cisco set up (and they're looking at an endpoint solution that works independently). However, there's a little bit of complexity in terms of getting the actual business use case, because there's less documentation surrounding that kind of setup. In terms of rating the solution overall, I'd rate it an eight out of ten. It has covered most of the feature sets we need. The reason I'm not giving it a full ten out of ten is because there is still room to improve the scope of integration. It doesn't support many of the IoT endpoints as well as the other components on the network, which are not yet compatible but under development. Once that happens, I'd probably give it a proper ten out of ten.

I will recommend this solution to others. I would, however, like to see better features and implementation to cover some points. It would be nice if they could add more protocols to support encrypted files, and be able to inspect an encrypted file, or at least be able to support that. Better and faster technical support is also necessary. On a scale from one to 10, I rate this solution a seven.

On a scale from one to ten, I will rate this solution an eight. I do recommend it to others.

We use the hybrid deployment model. I would advise other potential users that if they are looking for a long term security solution, this particular solution is going to add value to their cybersecurity strategy. Cisco AMP is one of the solutions that adds value to your cybersecurity roadmap. It should not be considered as a solution, but rather as a strategy. I would rate the solution nine out of ten.

Just purchase the license, download it, install it to an active device, the main controller, and send it to everyone. My advice is that you need to delete your existing endpoint security solution because AMP actually contains everything that you need. Those two softwares can attack each other which can be a problem. I would rate it a nine out of ten.

This is a good product but there are always going to be some issues. I would rate this solution an eight out of ten.

I would say that if you have a vision or plan for security, and want to have an integrated solution, AMP can be a very integral part of this digitization roadmap. AMP should be considered if you have digitization or a digitalization plan, which most if not all organizations are going for. So I think AMP is good for that, from the security standpoint. I would give this solution an 8 out of 10. It has all the solutions.

We have some mature security services, like anti-malware. We are looking to broaden our service portfolio and are on the first steps to climb further. You should always assess your customers' needs. Once you get that information, you just look for respective vendors.

Seriously consider it. It blocks a lot of emails. Look at the market, do your evaluation, and pick the right solution for you. We are fairly mature in our security program maturity, but there is always room for improvement.