Cisco Secure Endpoint (formerly AMP) - Detailed Review

Security Tools

Cisco Secure Endpoint (formerly AMP) Website
Cisco Secure Endpoint (formerly AMP) - Detailed Review Contents
    Add a header to begin generating the table of contents

    Cisco Secure Endpoint (formerly AMP) - Product Overview



    Introduction to Cisco Secure Endpoint

    Cisco Secure Endpoint, formerly known as Cisco AMP for Endpoints, is a comprehensive endpoint security solution that plays a crucial role in protecting individual devices, such as laptops, desktops, and mobile devices, from various cyber threats.

    Primary Function

    The primary function of Cisco Secure Endpoint is to prevent breaches, block malware, and continuously monitor and analyze endpoint activity to detect, contain, and remediate threats. It integrates prevention, detection, threat hunting, and response capabilities into a single-agent solution, leveraging cloud-based analytics to ensure real-time protection.

    Target Audience

    Cisco Secure Endpoint is particularly popular among large enterprises, accounting for a significant portion of its user base. It is designed to support organizations with diverse and hybrid workforces, ensuring that endpoints are protected regardless of their location or connection to the corporate network.

    Key Features



    Advanced Threat Protection

    • Utilizes advanced machine learning algorithms and behavioral analysis to identify and block sophisticated threats, including zero-day attacks and unknown malware. It employs sandboxing techniques to dynamically analyze files in isolated environments.


    Endpoint Detection and Response (EDR)

    • Provides real-time visibility into endpoint activities, enabling security teams to monitor and analyze behavior continuously. It includes features for incident investigation and response, allowing teams to drill down into endpoint data, conduct forensics, and take responsive actions to contain and remediate threats.


    Cloud-Native Security

    • Leverages a cloud-native architecture to deliver real-time protection and updates, ensuring consistent protection for endpoints across different locations and network connections.


    Behavioral Protection

    • Continuously monitors user and endpoint activity to protect against malicious behavior in real-time. It maintains state and matches activity records against dynamically updated attack patterns, providing granular control and protection against threats like ransomware and living-off-the-land attacks.


    Script Protection

    • Offers enhanced visibility into scripts executing on endpoints and protects against script-based attacks by preventing certain scripting DLLs from being loaded by commonly exploited applications.


    Vulnerability Management

    • For customers on Advantage or Premier Tier, it integrates with Cisco Vulnerability Management to identify known OS and application vulnerabilities, helping to proactively reduce the attack surface.


    Threat Hunting and Response

    • Supports proactive threat hunting, allowing security teams to search for signs of compromise and potential threats within the organization. It also provides tools for quick identification, containment, and remediation of threats, reducing incident response times significantly.


    Additional Capabilities

    • Cisco Secure Endpoint also integrates with the Cisco SecureX platform, enhancing visibility and response capabilities. It offers flexible licensing options, including managed security operations through Cisco Secure MDR for Endpoint, which combines human and machine intelligence to identify and stop advanced threats.
    This comprehensive suite of features makes Cisco Secure Endpoint a powerful tool for organizations seeking to fortify their endpoint security against a wide range of cyber threats.

    Cisco Secure Endpoint (formerly AMP) - User Interface and Experience



    User Interface and Experience

    The user interface and experience of Cisco Secure Endpoint are designed to be intuitive and efficient, catering to the needs of IT administrators and security teams.

    Interface Overview

    The interface of Cisco Secure Endpoint is centralized and unified, allowing administrators to manage various aspects of endpoint security from a single console. This console provides a clear and organized dashboard where users can access key features such as incident management, threat hunting, and vulnerability assessments.

    Ease of Use

    The platform is designed to simplify security investigations and management. For instance, the Orbital Advanced search capabilities enable quick and detailed searches across endpoint data, providing the visibility and answers needed to investigate threats efficiently. The SecureX platform, which is integrated with Cisco Secure Endpoint, offers a unified view and automated playbooks, making incident management more streamlined and less cumbersome.

    Key Features Access

    Administrators can easily access and manage various security features, including:

    Device Control

    Manage USB mass storage devices and monitor device connect/disconnect events.

    Host Firewall

    Control network connections using IPv4 and IPv6 rules or application-based rules.

    Script Protection

    Monitor and control scripts executing on endpoints to prevent script-based attacks.

    Vulnerability Management

    Identify and prioritize remediation of known OS and application vulnerabilities.

    User Feedback

    Users have generally praised the product for its reliability, performance, and ease of use. However, some users have noted that the user interface could be more refined, and there have been instances where connecting to the client VPN or maintaining a stable connection can be problematic.

    Additional Resources

    The Secure MDR for Endpoint Service Portal provides a comprehensive interface for managing incidents, support, feedback, and metrics. It includes widgets to guide users to the latest incidents, a security news feed, and access to the knowledge base and intelligence reports. This portal ensures that users have all the necessary tools and information at their fingertips.

    Conclusion

    Overall, Cisco Secure Endpoint is designed to be user-friendly and efficient, providing a comprehensive set of tools for managing endpoint security without overwhelming the user. While there are some areas for improvement, the general user experience is positive, with users appreciating its reliability and performance-enhancing capabilities.

    Cisco Secure Endpoint (formerly AMP) Website

    Cisco Secure Endpoint (formerly AMP) - Key Features and Functionality



    Cisco Secure Endpoint Overview

    Cisco Secure Endpoint, formerly known as AMP for Endpoints, is a comprehensive cybersecurity solution that integrates advanced technologies to protect endpoints from sophisticated threats. Here are the main features and how they work:



    Advanced Threat Protection

    Cisco Secure Endpoint employs advanced machine learning algorithms and behavioral analysis to proactively identify and block threats. This includes recognizing patterns indicative of malicious behavior, even if the threat has not been seen before. The solution uses sandboxing techniques to execute files in isolated environments, allowing for dynamic analysis to identify previously unknown threats, such as advanced malware and zero-day attacks.



    Endpoint Detection and Response (EDR)

    The EDR capabilities provide real-time visibility into endpoint activities, enabling security teams to monitor and analyze behavior continuously. This visibility is crucial for early detection of potential threats. EDR features allow security teams to investigate and respond to security incidents efficiently, including drilling down into endpoint data, conducting forensics, and taking responsive actions to contain and remediate threats.



    Integrated XDR Capabilities

    Cisco Secure Endpoint includes Extended Detection and Response (XDR) capabilities, which aggregate data across endpoints, emails, and cloud workloads to provide a unified view of security events. This simplifies investigations and speeds up responses. The integration with Cisco SecureX delivers a coordinated defense, offering a unified view, simplified incident management, and automated playbooks.



    Behavioral Analytics

    The solution utilizes behavioral analytics to identify anomalies and unusual patterns in endpoint behavior. This helps in detecting advanced threats that may not be recognizable through traditional signature-based methods. Behavioral analytics are integral to both the prevention and detection phases, ensuring that threats are identified and mitigated quickly.



    Threat Hunting Capabilities

    Cisco Secure Endpoint supports proactive threat hunting, allowing security teams to search for signs of compromise and potential threats within the organization. This capability is essential for identifying and mitigating threats that may have evaded automated detection. SecureX Threat Hunting is built-in, enabling human-driven hunts for threats with mapping to MITRE ATT&CK frameworks.



    Cloud-Native Security

    The solution leverages a cloud-native architecture to deliver real-time protection and updates. This ensures that endpoints are consistently protected, regardless of their location or connection to the corporate network. Cloud-delivered protection simplifies deployment and management while ensuring the latest updates and threat intelligence are always available.



    Automated Incident Response

    Cisco Secure Endpoint can automate the incident response process, enabling the immediate isolation of compromised endpoints and triggering remediation workflows. This automation reduces the impact of security breaches and minimizes response times, with automated remediation reducing response times by up to 97%.



    Integrated Firewall and Antivirus

    The solution includes an integrated firewall that monitors and controls incoming and outgoing network traffic, adding an additional layer of protection. It also features next-gen antivirus protection, which goes beyond traditional signature-based detection to include continuous behavioral monitoring and dynamic file analysis.



    Risk-Based Vulnerability Management

    Cisco Secure Endpoint prioritizes vulnerabilities based on their risk level, helping IT teams focus their efforts on the most critical threats. Posture assessments continuously evaluate the security posture of endpoints to ensure they meet compliance and security standards. A zero-trust architecture enforces strict access controls to prevent unauthorized users and devices from interacting with sensitive data.



    AI Integration

    The AI integration in Cisco Secure Endpoint is primarily through machine learning and behavioral analytics. Machine learning algorithms help in identifying patterns of malicious behavior, even for previously unknown threats. Behavioral analytics continuously monitor endpoint activities to detect anomalies and unusual patterns, which are then analyzed to identify potential threats. This AI-driven approach enhances the solution’s ability to proactively prevent, detect, and respond to security threats.



    Conclusion

    In summary, Cisco Secure Endpoint combines multiple advanced technologies, including AI-driven machine learning and behavioral analytics, to provide a holistic and adaptive defense strategy against sophisticated cyber threats. Its features ensure comprehensive protection, detection, and response capabilities, making it a robust solution for endpoint security.

    Cisco Secure Endpoint (formerly AMP) - Performance and Accuracy



    Performance

    Cisco Secure Endpoint has demonstrated exceptional performance in various independent tests and evaluations. Here are some notable points:



    MITRE Engenuity ATT&CK Evaluations

    In the Turla emulation conducted by SE Labs, Cisco Secure Endpoint achieved a 100% Legitimacy Accuracy Rating, correctly identifying harmless and legitimate software while blocking malicious web-based exploits and malware. This evaluation also highlighted its ability to prevent false positives, resulting in a 100% Total Accuracy Rating.



    AV-Comparative EPR Test

    Cisco Secure Endpoint was the only product to stop 100% of targeted threats in the AV-Comparative Endpoint Prevention and Response Test, which involved 50 separate attack scenarios. This test underscored its efficacy in protecting enterprise environments against multi-stage attacks.



    Detection and Prevention

    The product integrates comprehensive prevention, detection, threat hunting, and response capabilities. It employs machine learning analysis to identify malicious files and activities, and its exploit prevention feature defends against system and application exploitation, including zero-day attacks. Behavioral protection and script protection are also key components, ensuring real-time monitoring and protection against various types of threats.



    Accuracy

    The accuracy of Cisco Secure Endpoint is well-documented through its performance in various tests:



    Zero False Positives

    In the Turla emulation, Cisco Secure Endpoint correctly identified all legitimate software, avoiding any false positives and achieving a 100% Total Accuracy Rating.



    Comprehensive Threat Detection

    The product’s ability to detect and stop 100% of targeted threats in the AV-Comparative EPR Test is a strong indicator of its accuracy in identifying and mitigating threats.



    Advanced Analytics

    Cisco Secure Endpoint leverages cloud-based analytics and threat intelligence from Cisco Talos to improve its detection models. This ensures that the product can identify and block both known and unknown malware effectively.



    Limitations and Areas for Improvement

    While Cisco Secure Endpoint performs exceptionally well, there are a few considerations and potential limitations:



    Proxy Configurations

    The product may have compatibility issues with certain proxy configurations, such as Websense NTLM credential caching, HTTPS content inspection, and Kerberos/GSSAPI authentication. Workarounds are available, but these configurations need to be carefully managed to ensure smooth operation.



    System Requirements

    The Secure Endpoint connectors have specific system requirements, particularly for Linux and iOS devices. For example, the Linux connector only supports x64 architectures and requires specific amounts of RAM and hard disk space. iOS devices must be in supervised mode and managed using a Mobile Device Manager (MDM).



    Bandwidth Considerations

    For environments with constrained bandwidth, using an on-premises update server for AV definitions is recommended. However, this should be avoided in high-bandwidth environments or for endpoints connected on external networks.

    In summary, Cisco Secure Endpoint demonstrates high performance and accuracy in detecting and preventing cyber threats, backed by strong test results and advanced security features. However, users should be aware of the specific system requirements and potential issues with certain proxy configurations to ensure optimal deployment and operation.

    Cisco Secure Endpoint (formerly AMP) Website

    Cisco Secure Endpoint (formerly AMP) - Pricing and Plans



    Plans and Tiers

    Cisco Secure Endpoint is offered in three main tiers: Essentials, Advantage, and Premier.



    Secure Endpoint Essentials

    • This foundational tier includes core features such as:
    • Next-Gen Antivirus Protection
    • Continuous Behavioral Monitoring
    • Dynamic File Analysis
    • Endpoint Isolation
    • Built-in EDR (Endpoint Detection and Response) for deep visibility into endpoint activity.
    • Pricing: Approximately AED 21.05/month/device for 1 to 99 devices.


    Secure Endpoint Advantage

    • This tier builds on the Essentials plan and adds advanced features such as:
    • Risk-Based Endpoint Security
    • Orbital Advanced Search with over 200 predefined threat hunting queries
    • Access to the Malware Analytics Cloud for deep dynamic file analysis and malware threat intelligence
    • One-click isolation of infected endpoints and control over USB mass storage devices.
    • Pricing: Approximately AED 25.69/month/device for 1 to 99 devices.


    Secure Endpoint Premier

    • This is the highest tier, offering all the features from the Essentials and Advantage plans, plus:
    • Integrated continuous hunting by elite Cisco threat hunters (Threat Hunting by Cisco)
    • Full EDR capabilities for Cisco XDR
    • Secure MDR for Endpoint (Managed Detection and Response)
    • Deployment in Secure Endpoint Private Cloud environments for maximum flexibility and scalability.


    Free Trial Option

    • Cisco offers a 30-day free trial of the Secure Endpoint platform, which supports up to 50 devices. This trial does not require any payment information and is available for companies with more than 50 employees.


    Pricing Factors

    • The pricing of Cisco Secure Endpoint can be influenced by several factors, including:
    • Scale of deployment: Larger deployments generally incur higher costs due to increased licensing requirements.
    • Additional features and add-ons: Plans with advanced features like threat hunting capabilities or integrated firewall options may be more expensive.
    • Industry-specific considerations: Industries with heightened regulatory compliance requirements may need additional security features, contributing to a higher overall cost.

    For precise pricing, it is recommended to contact Cisco’s sales representatives, as the company does not provide detailed pricing on their website.

    Cisco Secure Endpoint (formerly AMP) - Integration and Compatibility



    Cisco Secure Endpoint Overview

    Cisco Secure Endpoint, formerly known as AMP for Endpoints, is a comprehensive security solution that integrates seamlessly with various tools and supports a wide range of platforms and devices. Here’s a detailed look at its integration and compatibility:



    Integration with Other Tools

    Cisco Secure Endpoint is part of the broader Cisco XDR (Extended Detection and Response) architecture. This integration allows it to communicate with other Cisco security products, such as Cisco ISE, Firewall, and Umbrella DNS, enhancing the overall security capabilities of the endpoint.

    • Secure Client: Secure Endpoint can be installed as a standalone product or as a module within the Secure Client. This flexibility ensures that it can work in conjunction with other modules in the Secure Client, such as secure access, posture checks, web security, and network visibility.
    • Cloud Infrastructure: The Secure Endpoint cloud engines process telemetry data from the endpoints in real-time and correlate it with the latest threat information. This data is used to push policy updates, file dispositions, and live query requests to the endpoints, ensuring continuous protection.


    Compatibility Across Platforms and Devices

    Cisco Secure Endpoint supports a diverse range of operating systems and devices:

    • Windows: Compatible with Windows 7 SP1, Windows 8.1, Windows 10, and various Windows Server versions (2008 R2, 2012).
    • Mac and Linux: In addition to Windows, Secure Endpoint protects Mac and Linux devices, ensuring comprehensive coverage across different operating systems.
    • Mobile Devices: The solution is compatible with Android and iOS devices, with specific versions of the Android connector supported (e.g., Android 6 through 14).


    Specific Compatibility Considerations

    • Microsoft Security Updates: Cisco Secure Endpoint has been tested and verified to be compatible with Microsoft Security Updates, particularly those addressing vulnerabilities like Meltdown and Spectre. Users must ensure they are running compatible versions of the AMP for Endpoints software and set the necessary compatibility registry keys to avoid issues like the Blue Screen of Death (BSOD).
    • Hardware Patches: While the software ensures protection, complete resolution of certain vulnerabilities may require hardware patches from the respective hardware vendors.


    Configuration and Communication

    • Firewall and Proxy Settings: Secure Endpoint requires properly configured firewall and proxy systems to communicate with the public cloud for querying dispositions, sending telemetry data, and receiving policy updates. All communication with the cloud is TLS-secured.
    • Existing Security Settings: When deploying Secure Endpoint, it is crucial to review and refine existing security policies, such as exclusions, application block lists, and IP address block lists, to ensure seamless integration with other EPP/EDR security products.


    Conclusion

    By integrating with various Cisco security tools and supporting a broad range of platforms and devices, Cisco Secure Endpoint provides a comprehensive and flexible security solution for endpoints.

    Cisco Secure Endpoint (formerly AMP) Website

    Cisco Secure Endpoint (formerly AMP) - Customer Support and Resources



    Cisco Secure Endpoint Support Overview

    Cisco Secure Endpoint, formerly known as AMP for Endpoints, offers a comprehensive range of customer support options and additional resources to ensure users can effectively manage and troubleshoot their endpoint security.



    Support Channels

    • Phone Support: Cisco provides 24/7 phone support. For users in the US and Canada, the numbers are 1 800 553 2447 and 1 408 526 7209. For other regions, there are specific country listings available.
    • Email and Online Ticketing: Users can submit support requests via email or through the online ticketing system. This allows for managing the status and priority of support tickets.
    • Web Interface: The web-based control panel provides extensive reporting, usage data, and policy enforcement reporting. It is accessible via various browsers, including Microsoft Edge, Firefox, Chrome, Safari, and Opera.


    Support Availability and Response Times

    • Support is available 24 hours a day, 7 days a week, with response times varying based on the priority of the call. Priority 1 calls are responded to within 30 minutes, Priority 2 within 1 hour, and Priority 3 within 4 hours.


    Additional Resources

    • Documentation and Guides: Cisco offers extensive documentation, including best practices guides, installation guides, and troubleshooting TechNotes. These resources are available in various formats such as HTML and ODF.
    • API Access: The API allows for integration into other threat management and threat intelligence platforms. Users can obtain API documentation and use the API to customize their integration needs.
    • Training and Onboarding: Comprehensive training services are provided, both onsite and online, to ensure successful implementation of Cisco Secure Endpoint. A standard documentation pack is also available for customization.


    Troubleshooting and FAQs

    • Troubleshooting TechNotes: Cisco provides detailed troubleshooting guides and TechNotes to help users resolve common issues with the product.
    • FAQs: A support FAQ section addresses frequently asked questions regarding product usage, updates, and integration with other Cisco products like the Firepower Management Center (FMC).


    Accessibility

    • The support interfaces, including the web-based control panel and online ticketing system, adhere to accessibility standards such as WCAG 2.1 AA or EN 301 549, ensuring usability for a wide range of users.

    By leveraging these support options and resources, users of Cisco Secure Endpoint can effectively manage their endpoint security, troubleshoot issues, and optimize the performance of the product.

    Cisco Secure Endpoint (formerly AMP) - Pros and Cons



    Advantages of Cisco Secure Endpoint

    Cisco Secure Endpoint, formerly known as Cisco AMP for Endpoints, offers several significant advantages that make it a strong contender in the endpoint security market.



    Advanced Threat Detection

    The platform is praised for its ability to identify threats that might have been overlooked, thanks to its machine learning capabilities and behavioral analysis features. It can detect and block malware, including fileless malware and ransomware, in real-time.



    Comprehensive Security Features

    Cisco Secure Endpoint provides protection across various operating systems and device types, including Windows, macOS, Linux, iOS, and Android. It includes features like file reputation scoring, sandboxing, and advanced forensics to analyze and block malicious files.



    Ease of Use

    Users appreciate the ease of use of the product, especially for small IT teams. The well-laid-out UI and easy deployment make it a favorable choice for many organizations.



    Integration with Other Cisco Products

    The product integrates seamlessly with other Cisco security solutions, creating a comprehensive security environment. This integration enhances overall protection and simplifies management.



    Scalability and Centralized Management

    Cisco Secure Endpoint is scalable and offers centralized management capabilities, making it suitable for companies with large deployments. It is particularly useful for threat hunting and rapid incident response.



    Cost-Effectiveness

    Compared to some competitors, Cisco Secure Endpoint is seen as cost-effective, offering a quicker return on investment (ROI) through time savings and better observability of security events.



    Disadvantages of Cisco Secure Endpoint

    While Cisco Secure Endpoint has many strengths, there are also some areas where it falls short.



    Performance on Older Hardware

    The product can be slower on older PCs with weak hardware, which may not be ideal for environments with limited resources.



    Reporting Features

    Users have noted that the reporting features could be improved. Some reports are very detailed and high-end, which might not be necessary for all users.



    False Positives

    There is a desire to reduce false positives, which can sometimes disrupt normal operations and require unnecessary intervention.



    Customer Support

    Experiences with customer support are mixed. While the product has straightforward deployment, some users have reported inconsistent support experiences.



    Pricing Clarity

    The pricing structure for Cisco Secure Endpoint can be unclear, which might make it difficult for some organizations to budget accurately.



    Compatibility with Third-Party Software

    On server-class systems, there can be issues with third-party software being quarantined, even with server-specific policies or exclusion lists in place.

    Overall, Cisco Secure Endpoint is a powerful and flexible endpoint security solution, but it does have some areas that need improvement, particularly in reporting, customer support, and pricing clarity.

    Cisco Secure Endpoint (formerly AMP) Website

    Cisco Secure Endpoint (formerly AMP) - Comparison with Competitors



    When comparing Cisco Secure Endpoint (formerly Cisco AMP for Endpoints) with other AI-driven security tools in its category, several key features and differences stand out.



    Unique Features of Cisco Secure Endpoint



    Four Pillars of Security

  • Four Pillars of Security: Cisco Secure Endpoint is built on four pillars: Prevent, Detect, Respond, and Maximize. This structure ensures comprehensive protection, from proactive threat prevention to automated remediation and ongoing support.


    • Extended Detection and Response (XDR)

  • Extended Detection and Response (XDR): Cisco Secure Endpoint aggregates data across endpoints, emails, and cloud workloads, providing a unified view of security events and simplifying investigations.


    • Multi-Domain Threat Management

  • Multi-Domain Threat Management: It extends protection across endpoint, email, web, and network domains, ensuring a holistic security approach.


    • Automated Remediation

  • Automated Remediation: Reduces response times significantly, with up to 97% reduction in response times, ensuring threats are neutralized quickly.


    • Tiered Plans

  • Tiered Plans: Offers three tiers (Essentials, Advantage, and Premier) to cater to different organizational needs, providing increasing levels of protection and advanced features.


    • Competitors and Alternatives



    SentinelOne

  • Fully Autonomous: SentinelOne is known for its fully autonomous cybersecurity capabilities powered by AI, making it a strong competitor in advanced threat hunting and incident response.
  • Cost and Support: It is highly rated for cost and customer support, and it integrates well with other systems.
  • Starting Price: $69.99 per endpoint, which is relatively competitive.


    • CrowdStrike

  • User Endpoint Behavior: CrowdStrike excels in monitoring user endpoint behavior and is known for its cloud-native endpoint protection platform.
  • Pricing: Starts at $59.99 per device, with a higher complexity level compared to some other tools.
  • Features: Provides comprehensive breach protection and is highly rated by users.


    • Vectra AI

  • Hybrid Attack Detection: Vectra AI is best for hybrid attack detection, investigation, and response, using network metadata to reveal and prioritize potential attacks.
  • Pricing: Pricing is available upon request, and it has a moderate complexity level.


    • Darktrace

  • Autonomous Response: Darktrace is known for its autonomous response technology that interrupts cyber-attacks in real-time, making it effective for neutralizing novel threats.
  • Pricing: Pricing is available upon request, and it has a high complexity level.


    • Cynet

  • XDR and Automated Remediation: Cynet integrates XDR attack prevention and detection with automated investigation and remediation, similar to Cisco Secure Endpoint’s capabilities.
  • Pricing: Rated highly on G2, but specific pricing details are not readily available.


    • Key Differences

  • Scope of Protection: While Cisco Secure Endpoint offers a broad, multi-domain approach, tools like SentinelOne and CrowdStrike focus more on endpoint-specific protection with advanced threat hunting capabilities.
  • Automation and AI: All these tools leverage AI, but Darktrace and SentinelOne stand out for their autonomous response and fully autonomous cybersecurity, respectively.
  • Pricing and Complexity: The pricing and complexity levels vary significantly among these tools. For example, SentinelOne has a lower starting price and complexity compared to CrowdStrike or Darktrace.


    • Conclusion

    In summary, Cisco Secure Endpoint offers a comprehensive and holistic approach to endpoint security with its multi-domain protection and tiered plans. However, depending on specific organizational needs, alternatives like SentinelOne, CrowdStrike, or Vectra AI might be more suitable for advanced threat hunting, user endpoint behavior monitoring, or hybrid attack detection. Each tool has its unique strengths and pricing models, making it important to evaluate them based on the specific security requirements of your organization.

    Cisco Secure Endpoint (formerly AMP) - Frequently Asked Questions



    Frequently Asked Questions about Cisco Secure Endpoint



    What is Cisco Secure Endpoint?

    Cisco Secure Endpoint, formerly known as AMP (Advanced Malware Protection), is a cloud-managed endpoint security solution that provides advanced protection against viruses, malware, and other cyber threats. It detects, prevents, and responds to threats by continuously monitoring and analyzing all system activity, leveraging global threat intelligence from the Talos Security Intelligence Group and Threat Grid.



    What are the key features of Cisco Secure Endpoint?

    Key features include real-time scanning, behavioral monitoring, and dynamic analysis. It blocks malware in real time, continuously monitors and records all file activity to detect stealthy malware, and accelerates investigations and remediation across various devices (PCs, Macs, Linux, servers, and mobile devices).



    How does Cisco Secure Endpoint protect against threats?

    Cisco Secure Endpoint protects endpoints through several mechanisms:

    • Behavioral Analysis: It detects malicious activity by analyzing the behavior of processes in real time, which helps in identifying and blocking new variants of ransomware and malware.
    • Dynamic Analysis: It uses sandboxing techniques to perform in-depth dynamic file analysis and provides deep malware threat intelligence.
    • Global Threat Intelligence: It leverages extensive threat intelligence to strengthen defenses and quickly identify and remediate security threats.


    What are the different tiers of Cisco Secure Endpoint?

    Cisco Secure Endpoint is available in three main tiers:

    • Secure Endpoint Essentials: Includes access to Cisco’s SecureX EDR platform, advanced endpoint protection, behavioral monitoring, protection against fileless attacks and ransomware, and dynamic analysis.
    • Secure Endpoint Advantage: Adds Orbital Advanced Search for threat hunting and access to the Malware Analytics Cloud for advanced sandboxing techniques.
    • Secure Endpoint Premier: Includes all the features from the previous tiers plus integrated continuous threat hunting by elite Cisco threat hunters.


    How is Cisco Secure Endpoint managed and deployed?

    Cisco Secure Endpoint is managed through an easy-to-use, web-based console. It is a lightweight endpoint connector with no performance impact on users. The analysis is done in the cloud, not on the endpoint, and the solution is offered as a subscription covering various devices.



    Can Cisco Secure Endpoint be used with other security products?

    Yes, Cisco Secure Endpoint can operate with other EPP/EDR security products. However, existing settings and features need to be reviewed to ensure proper integration without interference.



    What operating systems does Cisco Secure Endpoint support?

    Cisco Secure Endpoint supports Windows, Mac, Linux, and mobile devices (Android and iOS).



    How does Cisco Secure Endpoint handle threat response and remediation?

    It accelerates investigations and automatically remediates malware across endpoints. It also allows for the isolation of an endpoint with a single mouse click and provides tools for quick identification and remediation of security threats.



    Is there a trial available for Cisco Secure Endpoint?

    Yes, interested users can request a free 30-day trial of the platform without providing any payment information. The trial license supports up to 50 devices.



    Where can I find pricing information for Cisco Secure Endpoint?

    Pricing information for Cisco Secure Endpoint is not publicly available on Cisco’s website. Interested parties need to contact one of their sales representatives for specific pricing details.

    Cisco Secure Endpoint (formerly AMP) Website

    Cisco Secure Endpoint (formerly AMP) - Conclusion and Recommendation



    Final Assessment of Cisco Secure Endpoint

    Cisco Secure Endpoint, formerly known as AMP for Endpoints, is a comprehensive and advanced endpoint security solution that offers a wide range of benefits and features, making it a strong contender in the security tools AI-driven product category.



    Key Features and Benefits

    • Multifaceted Prevention: Cisco Secure Endpoint combines behavioral analytics, machine learning, and signature-based techniques to prevent threats from compromising endpoints. This proactive approach ensures that threats are blocked before they can cause damage.
    • Advanced EDR and XDR Capabilities: The solution provides deep visibility into endpoint activity, enabling efficient detection, investigation, and remediation of threats. Extended Detection and Response (XDR) aggregates data across endpoints, emails, and cloud workloads, simplifying investigations and speeding up responses.
    • Automated Remediation: Cisco Secure Endpoint reduces incident response time significantly, up to 85% or even 97% in some cases, by automating threat responses and allowing for one-click isolation of infected hosts.
    • Integrated Threat Hunting: With SecureX Threat Hunting built in, the solution enables human-driven threat hunts that map to the MITRE ATT&CK framework, helping to identify sophisticated threats quickly.
    • Comprehensive Reporting and Visibility: The platform offers detailed reporting and a unified view of security events, providing actionable insights that help IT teams understand and address security incidents effectively.


    Who Would Benefit Most

    Cisco Secure Endpoint is particularly beneficial for organizations with a significant number of remote workers or those dealing with complex and distributed endpoint environments. Here are some key groups that would benefit:

    • Large Enterprises: Companies with extensive networks and numerous endpoints will appreciate the advanced threat detection, automated remediation, and integrated XDR capabilities that simplify security operations and reduce response times.
    • Organizations with Remote Workforces: Given the increased vulnerability of remote endpoints, Cisco Secure Endpoint’s cloud-delivered architecture and comprehensive protection features make it an ideal solution for ensuring the security of remote workers.
    • IT and Security Teams: Teams looking to enhance their security operations efficiency will benefit from the solution’s ability to boost SecOps effectiveness, eliminate complexity, and enhance staff productivity.


    Overall Recommendation

    Cisco Secure Endpoint is a highly recommended solution for any organization seeking advanced endpoint security. Here’s why:

    • Comprehensive Protection: It offers a holistic approach to endpoint security, combining prevention, detection, response, and ongoing support to protect against a wide range of threats.
    • Efficiency and Automation: The solution significantly reduces incident response times and enhances the efficiency of security operations, making it a valuable asset for IT and security teams.
    • Advanced Capabilities: With features like behavioral analytics, machine learning, and integrated threat hunting, Cisco Secure Endpoint provides a sophisticated defense mechanism against sophisticated threats.

    While there are some areas for improvement, such as enhanced integration with other security tools and better offline protection, the overall benefits and capabilities of Cisco Secure Endpoint make it a must-have for robust endpoint protection.

    Cisco Secure Endpoint (formerly AMP) Website
    Back to Detailed Reviews Main Page
    Scroll to Top