We just raised a $30M Series A: Read our story
2019-03-11T07:21:00Z

What advice do you have for others considering Cisco AMP for Endpoints?

88

If you were talking to someone whose organization is considering Cisco AMP for Endpoints, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
2020 Answers

author avatar
Top 5Real User

If you are looking for deep security and malware for your endpoint users and network then I would recommend Cisco AMP. I would rate Cisco AMP for Endpoints a ten out of ten.

2021-05-14T17:19:12Z
author avatar
Top 5Real User

It's been really interesting working with the application, going from 5.X.X connector versions up until 7.X.X. As previously highlighted, there are numerous ways to improve the products. Working with the engineers in previous cases, there is the zeal to improve and an attitude that embraces change

2020-10-20T04:19:00Z
author avatar
Top 5LeaderboardReal User

I began with implementing Cisco AMP for Endpoints and then integrated Umbrella and the other products after that. I would rate this solution a nine out of ten.

2020-10-13T07:21:00Z
author avatar
Top 5Reseller

It's very simple to deploy, doesn't cause much in the way of management overhead, and does what it suggests. I would have no hesitation in recommending it. We obviously do, as we're selling it and have been using it for a number of years.

2020-07-12T11:48:00Z
author avatar
Top 5Real User

At the start, we realized how much we didn't know what was going on in the network and where all the endpoint weaknesses were. That opened eyes up straight away to the risk that was involved. Then, we did the numbers, and said, "For us, risk is downtime, and time is dollars." We just did the sums very quickly and worked out what it would cost us if we didn't have any idea what was going on in the network and got hit by something that we should have been aware of. Because if the software is out there and gives you this type of visibility, you should be using it. We do use it with another Cisco product, Cisco Umbrella, which is a DNS-level content-filtering, web-filtering software. That has had an impact on the business world in terms of restricting a lot of stuff which may have come in for some web pages or websites that may not have been secured. We have seen a reduced impact on the business because we're using the two Cisco products together. I would give Cisco AMP a nine (out of 10). It is as good as anything out there. I can't see any reason why we would look elsewhere for a product. It does the job it's meant to do and is improving all the time. We have been very happy with it.

2020-07-09T06:27:00Z
author avatar
Top 10Real User

You need to look at your exclusions. You need to understand everything you have in your environment that needs to be able to operate. Because one thing AMP does, if doesn't know what a file is, it will go get that file and isolate/quarantine it. That file might be part of another software platform that's needed to function for whatever it is you do. Chances are you won't have any visibility into whatever that platform is until it stops working, because AMP has quarantined one of the central files for it. Knowing what you have in your environment, what the exclusions are, and how to create and apply those exclusions for those other systems is a key piece. I think that AMP is really effective in isolating and stopping things that it doesn't know. This is probably good because you don't know if a threat is really a threat until you get a chance to look at it. AMP gets out in front of that. This can cause problems if you don't know that you need to have an exclusion, but you're better safe than sorry. We are using Cisco Email Security, Cisco Firepower, Cisco Talos, Cisco Threat Grid, and SecureX. We have not stood Stealthwatch up yet. We are refreshing our ISE instance. The integrations across the board have really been a multiplier for each tool individually, and certainly through AMP. It's really launched AMP into another level far as automation is concerned. The integration of all these tools is seamless and very effective. I would rate it an eight (out of 10). It is all still a work in progress; it is all still a new thing. Not only is the tool itself a new thing, but how the tool integrates with all the other tools. It's in development.

2020-07-08T09:01:00Z
author avatar
Top 5Real User

They keep adding more features to it and there are features you can enable and turn off. One of the best, newer features addresses the fact that it did not work unless you had an internet connection. They put an antivirus engine on there that works when it does not have an internet connection. That was a big deal. It has a lot of capabilities. They keep developing more for it, which makes it a better product. Be sure to password-protect it so that users can't disable it. It has a feature to add a password to it which prevents the user from uninstalling or even stopping it. Also, enable that offline antivirus engine called Tetra. You want to be sure to enable that so that it works when it doesn't have an internet connection. Using the product, what I've learned is that you need to keep the client up to date. One of the hardest things is that people have computers that come and go. Someone might have a laptop that breaks and the company will give them a new one. You've got to manually find that broken laptop and delete it. You want to make sure you go in there frequently to ensure that the information is accurate or up to date. If you wait too long and there are hundreds and hundreds of computers you have to search and work. That's way too much. We did Threat Response and we did a demo of Threat Grid and did not move forward with it. We had it integrated with ISE and Umbrella. Threat Response provides a little bit more information but, honestly, it wasn't that useful. It seemed like it was a repeat of what we could already find through the other tools we had. Threat Response isn't the best add-on to it, but it's free. It provides more information but the response wasn't that good, those times that I used it. Threat Response didn't impress me. It does do more, but it's not that useful.

2020-07-08T09:01:00Z
author avatar
Top 5Real User

Integration is a key selling factor for Cisco security products. We have a Cisco Enterprise Agreement with access to Cisco Email Security, Cisco Firepower, Cisco Stealthwatch, Cisco Talos, Cisco Threat Grid, Cisco Umbrella, and also third-party solutions. This is key to our security and maximizing operations. Because we do have the Email Security appliance and it is integrated with Threat Response, we have everything tied together. Additionally, we are using the Cisco SecureX platform, as we were a beta test for that new solution. With SecureX, we are able to pull all those applications into one pane for visibility and maintenance. This greatly maximizes our security operations. Orbital just went from beta to production recently, so I haven't had the opportunity to go through and do a complex search on anything yet. Biggest lesson learnt: How impactful proper tool utilization in an organization can be to the overall efficiency. I would rate the solution a 10 (out of 10).

2020-06-10T08:01:00Z
author avatar
Top 5LeaderboardReal User

Read the manual. There is a lot of information in there. Cisco gives threat hunting workshops globally, which are free. They take about half a day and show you how to use this product for threat hunting. Because we're looking at protection and antivirus, we're looking at a reactive response if there is a nasty file to be blocked. With Cisco AMP, you get the possibility to proactively go hunting for threats and find them before they become a problem. With this workshop, it will really shows you the different tools with real life examples, how to effectively test, and make the most of your investment in Cisco. The solution’s endpoint protection is very comprehensive in terms of the operating systems and devices it protects, e.g., servers, Windows and Linux, smart devices, tablets, or home PCs. As long as it has an Internet connection, I can deploy an endpoint connector. I can get all the input into Microsoft for that endpoint as well. We haven't had any operating systems or devices in which we could not get visibility with AMP. Other solutions are just the basic, "There was something wrong." They will give you the location, but will not give you the context, from which user, nor show you how the file got onto the system. With Cisco AMP, I just open a dashboard and it will show me (without doing anything), "We had 60 malware incidents via Chrome. We had five malware incidents via Outlook. We had two malware incidents from USB sticks." Immediately, we have an overview of how we're doing today, also showing where the nasty things are coming from. I don't know if there is anything that I'm not seeing. With Threat Response, there should be some new integrations announced later this month. I would rate this solution as a 10 (out of 10).

2020-06-09T07:46:00Z
author avatar
Top 5Real User

Take a holistic view of your security stack. If you can only focus in on the endpoints, I understand, but if you take a longer view on where you want your cyber security posture to be over the course of time and over the course of budget, this is a great building block. I took a step back half a decade ago, evaluated where we were and where we needed to be, and I started taking baby steps. We started with AMP; we quickly added Umbrella. And that was a great little solution to endpoint protection. We knew where our people were going on the internet. We could block them from bad sites. We had the power of Talos protecting us. Over the course of time, and as budget constraints allowed, we were able to add on more layers. I would rate our cyber security posture as very mature. You're always growing, you're always evolving, as the threat landscape does, but I think that we have the fundamentals in place to be able to adjust rapidly to an evolving threat landscape. That didn't happen overnight. We didn't just open up the checkbook and write a $10 million check to say, "Hey, we have cybersecurity." We took a very methodical approach over the course of time, trying to plug in the right pieces as they fit and as our business grew and matured. Our fundamental building block was AMP. We started there and then built out from it. Just recently, this past fall, we finished up building security into the core of the data center. We built from the endpoint up to the perimeter and then into the data center. Now, we have good visibility into our north-south traffic, where AMP plays and, with the recent project that we just finished up, we now have great visibility into east-west traffic out of the data center. AMP plays into that, too. At the end of the day, AMP will feed both data feeds and give you good visibility into all your traffic, whether it's leaving your network, coming into your network, or going across your network. We're very confident about the security alerts that pop up on Threat Grid. And we use another tool that's not Cisco-related, another SIEM tool, that will alert us for different things. We cross-correlate the two platforms — it's like a check-and-balance, if you will. It makes sure Cisco's doing everything it's supposed to, and that this other tool is doing everything it's supposed to do.

2020-06-03T06:54:00Z
author avatar
Top 5LeaderboardReal User

AMP for endpoints is a great advanced cloud based solution. My opinion is to keep up with an aditional antivirus (add exclusions on both AV & AMP for scanning).

2020-06-02T12:50:30Z
author avatar
Top 5Real User

I normally work with Cisco systems, as well as most of the routing and switching companies out there, like Juniper, among others. We're partners with Cisco. I handle consultation with all Cisco products, which includes all of the safe architecture, security logging, and switching. I'm basically working with the system architecture within Compass. I am a unified, tech grade umbrella for the entire product portfolio. I'd advise, if users are running a Cisco environment, to definitely adopt AMP as an endpoint-based solution, which makes it a lot easier for them to manage your devices. I'd also advise that AMP works very well if someone is running a non-Cisco set up (and they're looking at an endpoint solution that works independently). However, there's a little bit of complexity in terms of getting the actual business use case, because there's less documentation surrounding that kind of setup. In terms of rating the solution overall, I'd rate it an eight out of ten. It has covered most of the feature sets we need. The reason I'm not giving it a full ten out of ten is because there is still room to improve the scope of integration. It doesn't support many of the IoT endpoints as well as the other components on the network, which are not yet compatible but under development. Once that happens, I'd probably give it a proper ten out of ten.

2020-01-29T08:35:00Z
author avatar
Top 10Real User

I will recommend this solution to others. I would, however, like to see better features and implementation to cover some points. It would be nice if they could add more protocols to support encrypted files, and be able to inspect an encrypted file, or at least be able to support that. Better and faster technical support is also necessary. On a scale from one to 10, I rate this solution a seven.

2020-01-12T12:03:00Z
author avatar
Top 20Real User

On a scale from one to ten, I will rate this solution an eight. I do recommend it to others.

2019-11-18T07:22:00Z
author avatar
Real User

We use the hybrid deployment model. I would advise other potential users that if they are looking for a long term security solution, this particular solution is going to add value to their cybersecurity strategy. Cisco AMP is one of the solutions that adds value to your cybersecurity roadmap. It should not be considered as a solution, but rather as a strategy. I would rate the solution nine out of ten.

2019-09-27T04:38:00Z
author avatar
Real User

Just purchase the license, download it, install it to an active device, the main controller, and send it to everyone. My advice is that you need to delete your existing endpoint security solution because AMP actually contains everything that you need. Those two softwares can attack each other which can be a problem. I would rate it a nine out of ten.

2019-09-24T05:43:00Z
author avatar
Real User

This is a good product but there are always going to be some issues. I would rate this solution an eight out of ten.

2019-07-02T06:57:00Z
author avatar
Real User

I would say that if you have a vision or plan for security, and want to have an integrated solution, AMP can be a very integral part of this digitization roadmap. AMP should be considered if you have digitization or a digitalization plan, which most if not all organizations are going for. So I think AMP is good for that, from the security standpoint. I would give this solution an 8 out of 10. It has all the solutions.

2019-06-26T05:26:00Z
author avatar
Consultant

We have some mature security services, like anti-malware. We are looking to broaden our service portfolio and are on the first steps to climb further. You should always assess your customers' needs. Once you get that information, you just look for respective vendors.

2019-03-11T07:21:00Z
author avatar
Real User

Seriously consider it. It blocks a lot of emails. Look at the market, do your evaluation, and pick the right solution for you. We are fairly mature in our security program maturity, but there is always room for improvement.

2019-03-11T07:21:00Z
Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,586 professionals have used our research since 2012.