"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"Integration is a key selling factor for Cisco security products. We have a Cisco Enterprise Agreement with access to Cisco Email Security, Cisco Firepower, Cisco Stealthwatch, Cisco Talos, Cisco Threat Grid, Cisco Umbrella, and also third-party solutions. This is key to our security and maximizing operations. Because we do have the Email Security appliance and it is integrated with Threat Response, we have everything tied together. Additionally, we are using the Cisco SecureX platform, as we were a beta test for that new solution. With SecureX, we are able to pull all those applications into one pane for visibility and maintenance. This greatly maximizes our security operations."
"It is pretty easy to deploy. Its update definition file is small, so it can dispatch very quickly within the enterprise. The product itself is very lightweight, so it won't delay your endpoint. You also don't have to do any difficult configuration because it comes with a very good default setting. So, you just install it and forget it."
"The most valuable thing for me is that when I'm using the internet and I reach some site that isn't so secure, or isn't recommended because they don't have a good reputation, ESET will notify me."
"The solution is very lightweight and does not consume that much processor in terms of CPU utilization. The centralized management system is very good."
"This solution has a traditional antivirus, I believe that signature-based detection is most valuable."
"The most valuable feature of this solution is the ease of use."
"This is a product at the top of its game. That is the reason we choose to support and sell it."
"The solution has very useful MDM features."
"ESET has regular updates, and it gives me good feedback. It's not too onerous like some of the products I've used in the past."
"Ransomware protection is the most valuable feature of this solution."
"I find the security heartbeat feature with synchronized security very useful. It's a very nice feature that allows you to basically switch off an endpoint. When an endpoint has got a virus or something like that, or it's infected or compromised, you can isolate it from the network, but only if you've got an XG Firewall as well. It also provides ease of use. It is the only antivirus that can recognize 25 out of the 36 ransomware and virus techniques that have been often used in terms of the behavior base using heuristics. It's beautiful, utterly amazing. No other antivirus can do that."
"The solution has very good usability."
"It provides a feature for scanning and analyzing endpoints, which is a value-add for our infrastructure. With the advancements in the Advanced Persistent Threats (APTs), Sophos Intercept X analyzes an APT and the behavior of the endpoints. It then gives us a detailed dashboard with more information about the endpoints and their security and risk level. While deploying Sophos Intercept X, we identified a lot of vulnerability and risky endpoints that our previous solution didn't cover, which proved that this solution is the best."
"Machine learning is used to detect the threat and it does so by prioritizing the suspicious activities."
"It is not just a simple virus scanning product. It handles more advanced needs."
"Very stable solution."
"It's quite simple to use and user friendly."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"Maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"ESET Endpoint Security should offer more integration with multi-attack frameworks."
"We have experienced some problems with the actualization of some endpoints. We then have to manually reinstall the version on these endpoints."
"The adware module could be improved."
"The solution could be more user-friendly."
"Sometimes, ESET sends alerts within my own network that cause confusion. That is, it might warn about contamination, or that the VM has crashed, but it doesn't go further than that. It just shows me the alert and sometimes I am not sure what to do about it."
"They should have better support for different languages and auto-upgrading."
"They could be more aggressive with malware."
"We are looking to move towards an EDR solution rather than EPP. EDR is a solution that can dynamically detect threats based on the process behavior. It would be better if this solution was an EDR and an EPP solution, this would increase security protection."
"We are considering switching from this solution as a result of the closer integration needed between the firewall systems and the EDR."
"We would like to deploy across a variety of machines simultaneously through the network."
"When I use a proxy, I can bypass Sophos, which is an area that needs improvement."
"The ADR functionalities feel like they aren't mature enough. It hasn't been a long time since Sophos has offered reproduction. Due to the fact that it's so young, it has fewer functionalities than other and more mature ADR solutions."
"When we load Intercept X, it puts a load on the device. When it is scanning, it slows down the device. A system with basic specifications completely slows down till the scan is complete. They should improve this part."
"The endpoint detection and response (EDR) technology has room for improvement because the information that it gives us to resolve our problems is poor nowadays."
"It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc."
"It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first."
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
Protect against Ransomware
Block Targeted Attacks
Prevent Data Breaches
Detect Advanced Persistent Threats
Stop Fileless attacks
Sophos Intercept X stops the widest range of attacks with a unique combination of deep learning malware detection, exploit prevention, anti-ransomware, and more.
ESET Endpoint Security is ranked 17th in Endpoint Protection for Business (EPP) with 26 reviews while Sophos Intercept X is ranked 7th in Endpoint Protection for Business (EPP) with 54 reviews. ESET Endpoint Security is rated 8.2, while Sophos Intercept X is rated 8.6. The top reviewer of ESET Endpoint Security writes "Good at detecting potentially dangerous websites, but the alerts can be confusing at times". On the other hand, the top reviewer of Sophos Intercept X writes "Great reporting and good training with a pretty straightforward setup". ESET Endpoint Security is most compared with Microsoft Defender for Endpoint, SentinelOne, Symantec End-User Endpoint Security, CrowdStrike Falcon and Kaspersky Endpoint Security for Business, whereas Sophos Intercept X is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Cortex XDR by Palo Alto Networks, Kaspersky Endpoint Security for Business and Webroot Business Endpoint Protection. See our ESET Endpoint Security vs. Sophos Intercept X report.
See our list of best Endpoint Protection for Business (EPP) vendors.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.