Please share with the community what you think needs improvement with Cisco AMP for Endpoints.
What are its weaknesses? What would you like to see changed in a future version?
Nice to have URL management, password protection of the app, more details of the machine & user running the app.
I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products. AMP works very well within the Cisco ecosystem. If it could work along with the third party ecosystem as well, if that integration or even more APIs came into play, I think we could utilize this product a little bit better. One thing which I would like to see in terms of a major improvement would be AMP supporting the IoT infrastructure, which has been coming up in networks recently. It should also support more factory managed devices, like systems running Linux. Better support is what I'm looking for. The common endpoints are already covered and we work very well with them. That would be the case if support is extended to new devices as well. I think that would bring real value to the table. AMP has recently released email security and web security. If there was something like a common dashboard, similar to that of CrowdStrike, it would be useful. AMP needs to come up with a common dashboard for all of the solutions. That single pane of information would allow us to view everything. Instead of installing a plugin, what we need AMP to do is run installs in the background. Then the user doesn't know that AMP is running on the system. That would be a fantastic use case or the recommendation which I would like to make, in they're looking for products and features to develop. Something like that would allow me to have a high-end deployment in place for AMP which would be ideal.
I think there should be better support and I would also like to see an easier implementation of the solution. The support should be cheaper and more available during the implementation stage. It would be great if they could have support teams that involve an AMP team because there's a specific team for AMP.
I would like more seamless integration, because I have a security solution based on Cisco and I'm looking at integration for the old solution. It would be much easier for the security administrator to monitor integration.
The reporting and analytics areas of the solution need to be improved.
It should be doing backups. Every stage that this malware is going forward, it should snapshot the situation. Then I could go back to the first stage before it got infected. It doesn't have this option, and I know that other manufacturers have it, like Check Point, for example. In the next release, I would for it to have back up abilities. I would like the ability to go back to a point in time to when my PC was uninfected and to the moment of when the infection happened.
In the next version of this solution, I would like to see the addition of local authentication.
When we're talking about anti-malware protection, AMP is a very good solution, but again, the CSO level reports are not generated. There is a dashboard, there is a report, but again, those reports have to be taken to the CSO, because when it comes to security, we always want to have high-level reports. So if we had a system that generated reports from the AMP itself, that would be great for us. Also, the solution needs more in-depth analytics. Right now they have implemented AMP, so, monitoring is happening, but you need to see what exactly is happening, the updates and then the mode of attacks that have happened and have been prevented. An in-depth report could be generated, and it should be on a CSO level. That's the value should be added to AMP solution.
We would like to have an API integration with a SIEM solution, because as far as I know, it currently hasn't yet been released. We are looking forward to it because it's important for us to integrate the product with a SIEM solution in order to provide our customers a good, robust solution. It needs major improvement with its ease of integration.
I would like them to add whatever makes filtering more advanced in scanning and blocking for malware in emails. It would just improve the product further. I think they are working on this, the continuous improvement aspect.