Cisco Secure Endpoint Reviews

We deployed Cisco Secure Endpoint for our customers two to three years back. The use case was to secure their endpoints and servers by deploying the EDR.

Cisco Secure Endpoint is very good in machine learning, which allows it to secure offline contents even if not connected to the internet. We haven't encountered a single breach after it's deployed. It controls USB devices and has a separate antivirus solution called Tetra, providing security even for real-time, day-zero attacks through its strong Talos threat intelligence platform.

Cisco Secure Endpoint lacks features like DLP which other vendors offer. XDR is new, so integration capabilities with third-party tools need improvement. The forensic capabilities need enhancement, especially for deep forensic data collection.

We have been working with Cisco Secure Endpoint for almost four years or more.

The solution is pretty stable. We have not encountered any problems, so I would rate it as a seven for stability.

Cisco Secure Endpoint is definitely scalable. One of our customers has around 6,000 agents deployed. I would rate scalability as a seven.

Cisco has good technical support, especially considering these are newer solutions compared to traditional routing and switching products. However, the standard of their support has declined over the years. I feel that the response time could be quicker.

Neutral

The setup is not complex; it is pretty easy. The solution is cloud-based, providing straightforward installation and deployment.

Cisco is aggressive in pricing, making it competitive and sometimes even cheaper than other good products like CrowdStrike, Microsoft Defender, or SentinelOne.

Cisco Secure Endpoint is a standard solution, but future users should be well aware of the threat hunting capabilities and how to configure policies. Being clear on these can help in easily deploying the solutions. I would rate Cisco Secure Endpoint as seven out of ten.

We use Cisco Secure Endpoint primarily as a security measure for our internal teams. It's used for internal endpoint protection.

With Cisco Secure Endpoint, we now have visibility over what is happening on the endpoint side. We previously did not have any endpoint visibility, however, with this, we have clear insights across our endpoints.

The threat detection visibility and analytics data on the endpoint are very valuable. They allow us to easily drill down and see what has occurred on specific endpoints, which is immensely useful.

Previously, there were options to uninstall the agent without a password if you had admin access, and this could be improved. It may require a password for uninstalling clients, which would be helpful (if it doesn't already).

We have been using Cisco Secure Endpoint for almost two years now.

Cisco Secure Endpoint is a stable product. We haven't encountered any significant issues, and everything seems to be looking good.

The solution is very scalable. It seamlessly allows us to add actions on the dashboard without the need for additional servers.

Whenever we escalate or send an email, Cisco's support team responds promptly and continues to follow up until the issue is resolved.

Positive

We previously did not have any endpoint visibility.

The initial setup was straightforward because it is cloud-delivered. Agent installation can be done in a couple of minutes, although fine-tuning takes more time.

Our internal team handles technical support and maintenance. We don't rely on any third-party help.

Since implementing Cisco Secure Endpoint, we have significantly improved visibility into endpoint activities, which is now very useful.

I am not entirely sure about the exact licensing cost. It ranges from 2,000 to 2,500 INR annually.

We also use other vendors for certain entities.

I would recommend using Cisco Secure Endpoint for its integrated approach, covering endpoint, network security, and even cloud security, making it easier to manage all from a single platform.

I'd rate the solution nine out of ten.

My company uses Cisco Secure Endpoint for its endpoint security and firewall.

The most valuable feature of the solution is that it protects our endpoint devices, especially the running ones, and it is useful since we have chosen the cloud version of Cisco Secure Endpoint.

Integration and dashboard are areas with certain shortcomings in Cisco Secure Endpoint.

I would like Cisco Secure Endpoint to have a better dashboard and integration with different software solutions in future releases.

I have been using Cisco Secure Endpoint for around four years. I am using the solution's latest version. I am an end user of the product.

Stability-wise, I rate the solution a nine out of ten.

There are no issues or drops in the solution's performance.

Scalability-wise, I rate the solution a seven out of ten.

Around 400 people in my company use the solution, most of whom are security administrators.

The solution's technical support was helpful. We haven't needed any support for four years now. Whenever we contacted support, we used to get a quick response, especially when it was for some issues related to the firewall or the upgrading part of the firmware. I rate the technical support a nine out of ten.

Positive

We use a different product for DNS. I have previously used Fortinet. I use Cisco for our data center, while I use Fortinet since it provides an SD-WAN solution.

The solution is deployed on Cisco Cloud, which is a private cloud.

My company opts for an annual subscription model to pay for the solution's licensing cost. It is a product that is priced reasonably. 

I rate the pricing a five or six on a scale of one to ten, where one is expensive, and ten is cheap.

I chose Cisco Secure Endpoint from a security standard and integration perspective. I believe Cisco is the business leader and is a highly scalable solution.

The vendor from Cisco takes care of the maintenance. We need three people to take care of the tool in case of crashes. From the dashboard, we come to know about everything related to the endpoint. You can take action unless it is not the physical hardware to which something wrong has happened, especially if something wrong happens to the operating system.

I would definitely recommend the solution to those planning to use it.

To provide endpoint protection, I feel the product should be speedy enough to detect malicious programs and trojans. There are a lot of tools that are not acting as signature-based but as behavior-based antivirus. Cisco Secure Endpoint is required, especially if the customers don't have a sandbox.

Overall, I rate the product an eight out of ten.

I'm working in a wholesale industry company. We are present in around 16 European countries and my company has around 5,000 employees. I have been using Cisco products since 2007, and in this company for around three years now.

I am using Cisco Secure Endpoint for around 6,000 endpoints, and I also use Cisco Secure Email, ESA product. It's a cloud-based solution from Cisco. I'm using Cisco Malware Analytics and Sandbox. I use Cisco SecureX to integrate all of these and monitor all these ecosystems from Cisco Secure.

Our use cases for using Cisco Secure products are to increase defenses, machine learning, to integrate all these solutions from the backend, do single dashboard threat hunting, do few clicks incident response, have visibility across the entire architecture, and more. We are happily using Cisco and have various different use cases.

We have backend integrations, front-end visibility, and then incidence response with a single click.

Cisco has definitely improved our organization a lot. In terms of business, our company feels safer. We actually switched from legacy signature-based solutions to threat intelligence-based and machine learning-based solutions, which is Cisco Secure. This has improved our security significantly, from 10% of signature-based technology security to 99.9% of the current one which we are running. We were happy.

The threat-based solution, the machine learning-based solution moving towards AI, the ecosystem visibility, and the single click of threat hunting and incident response, were the few major reasons to switch from legacy security to the latest one.

The implementation of Cisco Secure Endpoint has had a significant impact on reducing the operating expenditures of our organization. The savings amount to approximately half a million to a million euros every year. We don't need a lot of different solutions that collect all these threat logs, correlate them, and then automate them for incidents. We already have this with Cisco SecureX, more or less. Cisco is also saving on the FTE side, we need fewer resources to do threat hunting and incidence response.

We save approximately half a million to a million Euros every year with Cisco solutions. 

Cisco is good in terms of threat intelligence plus machine learning-based solutions, but we feel Cisco is lagging behind in using artificial intelligence in its systems. Today, Cisco is more than enough to protect us from the threats, or the evolving threats, using threat hunt, threat intelligence, and machine learning. We feel that in a couple of years, Cisco will lag behind if Cisco does not improve in artificial intelligence.

All these tools I am mentioning from Cisco need to be improved with AI so that it can reduce man-hours so that fewer resources need to monitor and respond. But AI is self-learning, taking self-defense, reducing the response time a lot, and also detecting not only threats and machine learning-based but abnormality-based. 

It's a little different than behavior-based protection, which currently Cisco has. AI models should keep learning and then attacking internet response immediately on top of that. We feel that Cisco needs to work a lot on the AI side, rather than sitting on threat intelligence teams, or machine learning. It is enough for today, but it will not be enough tomorrow.

Cisco has the world's number one, very well-designed support. I have worked as a partner and as a customer of Cisco Security Solutions. They are just one call away. 

That was also one of the top six major criteria to select Cisco Secure Ecosystem. We just call, talk to the support engineer, and then he is ready to solve the call within a few minutes, depending on the severity of the issue.

If you consider the top two vendors in the world, they do not provide this level of support. Even Microsoft and Apple do not. I rank Cisco support as the global leader in support. I would rank it around nine to 9.5.

I really feel that Cisco is doing a great job in after-sale support.

I think Cisco needs to do a little more on the training side before bringing the support team on board.

Positive

We evaluated three vendors in each domain We found that Cisco offers enterprise-grade security solutions. Other vendors may be good in specific niche markets, but they do not offer an ecosystem and backend integration with other solutions that allow for a single pane of glass for threat hunting and incident response.

There are a lot of API integrations and evaluations of different threat resources. We were focused on not only switching from the legacy Email Security solutions and the endpoint solutions, the main point was to get an ecosystem of security, where we have end-to-end protection and a single dashboard for visibility, incident response, and threat hunting. Cisco was offering that at an enterprise grade, and the competition was a little lagging behind on enterprise-grade security solutions.

For example, in EDR you can take the top two EDR solutions in the world. They don't have an ecosystem. If you take the top two global leading email security gateways, they also don't have an ecosystem. For firewalls, you can take the visibility from the SecureX side. They are good in their market segment, but when we need an ecosystem, they are not. Any top two domains did not prodive us with the ecosystem.

If Gartner says it's 60 euros per hour for an engineer to do an investigation on a threat, we are saving thousands of hours per FTE per year, because we can run a query and find all these results within seconds. We can block it within minutes, immediately reducing the mean time to detect and mean time to response from 270 average days to 270 seconds. 

On the licensing side, it has good pricing. On the ecosystem side, we don't need to go with the niche player and pay them a lot higher than Cisco is charging us. So in these two or three segments, we are saving costs. But in terms of ROI, for three years we never got ransomware. Even a single incident can cost us millions. We are a wholesale industry from B2B, so we pick from the factories, deliver a route to the businesses, and if we don't deliver, they will not have masks to wear during Corona. We are critical for the supply chain, and that definitely would cost us millions.

So far, Cisco has saved all these costs in business disruptions, the restore cost, and then it has the lowest price possible on the security ecosystem. All these factors have enabled us to have a great ROI from the Cisco ecosystem.

Pricing and licensing is good. Little tweaks are required. For example, on Email Security solutions, someone can send a maximum of 200 files per day to the Sandbox for sandboxing, which is not enough for 5,000 email boxes, or more. We were forced to buy more. A little redesign on the Email Security Gateway license is required.

When it comes to the tiers, like basic tier, premium, and enterprise, that's really, according to the needs of the segments. If it's a small company, it can go with a basic license, a bigger one bigger needs more requirements and can go with the premium license tiers. Those things are really very well-designed.

We are more than happy with the pricing structure of Cisco.

I rate Cisco Secure Endpoint an eight out of ten.

I chose a rating of eight out of ten for Cisco Secure Endpoint because it does not provide pure AI-based detection or AI-based learning, which is a core reason for my rating. While Cisco's current support is excellent, it may not be the same in the future. Additionally, there is a lack of visibility from Cisco about its AI-based security solutions. We are working with other vendors who excel in AI and are augmenting them with Cisco solutions in certain segments. However, we hope to see Cisco improve in the AI-based security space in the future, even though we don't have any insight into any AI-based security projects that Cisco may be working on.

We recommend the solution to our customers. The solution is used to identify the malicious content in a network. We install an agent. If any malicious content enters the laptop, the agent communicates with the AMP cloud. The AMP cloud validates everything.

The product provides sandboxing options like file reputation and file analysis.

We must install an agent on every laptop. We do not know how to do it for the network. We shouldn’t have to install agents individually if it's a corporate network. The product does not provide options like tunnel creation or virtual appliances. If there are 2000 users and only one network administrator, installing the agent on every laptop will be time-consuming.

I have been using the solution for four months.

The tool is stable.

The tool is scalable. I recommend the solution to small and large businesses.

The support is great. Other OEMs take time to provide support for configuration and technical issues. However, Cisco’s support is really fast.

Positive

We also use Cisco Umbrella. Secure Endpoint is for the security at an endpoint level. Umbrella secures the DNS traffic.

The implementation is easy. The deployment can be completed within two hours on average. The time taken for deployment depends on the corporate network.

Pricing is a big issue. Some customers find the price reasonable. Some customers do not agree with the price.

Talos is a major feature. We have STC access. We are pushing our partners and customers to purchase Cisco Umbrella and Cisco Secure Endpoint. Usually, customers are not aware of the product. They tell us that they already have an antivirus solution. We must educate them about the difference between antivirus solutions and Cisco Secure Endpoint. Overall, I rate the product a nine out of ten.

I'm the Principal Architect of Cybersecurity at Logicalis. I've been working with Cisco for thirty-something years. I started out with the military, and then as an engineer, I worked with a large data center company. We build data centers all around the world, and then I moved to the partner space for about the past ten years and have been architecting and selling Cisco Security solutions.

A good use case for Cisco Secure Endpoint is threat hunting. It's the integration with Cisco SecureX and all the other Cisco technologies to really be able to look for, hunt, find things, see how they move through their network, and find out what actually happened.

I think a large benefit of using Secure Endpoint is the ability to offload the personnel. We have a crisis in the country where we have too many jobs and there are not enough people, and using something like Secure Endpoint and integrating the Cisco ecosystem allows us to pull in all of this data into a single place and offset those people that we have to have to do the job. It allows us to do some threat hunting and make good decisions with good tools, and it's affordable. 

Secure Endpoint has decreased our time to remediate by providing the tools and the integrations we need so we can quickly look across our entire network, look for those threats, and actually make good decisions. 

Cisco Secure Endpoint provides us the scale to quickly reduce the time to find out about an event by integrating into different platforms and providing threat intelligence specifically from Talos so we could quickly find these things. Where things used to take days, we can now do things in hours. 

Cisco Secure Endpoint does a great job of allowing us to take the individual endpoint assets, do an inventory, and know what the normal state is, so we can have a delta when things change, and we can look for consistencies. And when those things change, we get alerts. We can know what's happening with those boxes. The great part about it is I was able to eliminate lots of other features of doing inventory management and spreadsheets and see what's going on. It's also allowing us to integrate all of the other secure malware antivirus-type platforms that do a single platform. And do threat hunting with that.

Five out of five times, Secure Endpoint helps every customer I talk to improve their cybersecurity resilience. It provides integrations, it provides an affordable and easy-to-implement package where we can quickly talk to customers and work with them to get a solution in place. Logicalis does a great job of taking the package and not just installing it, but doing it in a way that a customer can understand how to use that platform afterward. 

I think the feature I find most valuable at Secure Endpoint is the ability to integrate into other products and to really dig deep into what's actually happening in the network. I know it's an endpoint product, but there are so many integrations. How we can find inventory, how we can see what's going on, and we can do an analysis of that endpoint, and see how things really move through the network.

One of the things that Cisco Secure Endpoint really needs is that it's not just Secure Endpoint, it's a point product, and I think we really need to move into solution-based selling, designing, and architecting. So that we're not worried about putting things on endpoints and selling 'x' amount of endpoints, but to provide a solution that covers all of the remote access and sell them as solutions that cover multiple things.

I've been using Cisco Secure Endpoint for about ten years. I began with the single standalone product and moved into more discovery. I used Cisco SecureX, to really utilize Secure Endpoint technology, Orbital, and all of that package to look for threats and hunt for different malware and things on the network. 

Cisco Secure Endpoint has been around for a long time. I see it only integrating more into Cisco's platform and product line. It'll be a cornerstone of a lot of the threat-hunting stuff that Cisco's working on at Cisco Secure.

We install Cisco Secure Endpoint. Our customers are in healthcare, manufacturing, and large enterprises anywhere from three hundred endpoints all the way up to multiple tens of thousands. I think Cisco SecurePoint does a great job of scalability, and really providing access to enterprises and companies of any size.

Cisco support is world-class in general. They do a great job. I don't think anyone else in the industry really compares in the responsiveness and the ability to help. A lot of companies, if you call them for help with the problem, they're going to tell you it's not their problem. Cisco at least will help. That goes a long way with a lot of people. 

I give Cisco support a ten out of ten. I think they're fabulous, and I've never had an issue.

Positive

Secure Endpoint is a great product. It provides integrations into so many of the Cisco ecosystems. One of the better things that I like about the product is that there is this whole ecosystem. I talk about XDR when I talk to my customers because I like to tell them to do outcome-driven selling or outcome-driven processes, and that outcome is XDR. I want to be able to have the customers that have some toolsets that they can look at their entire security infrastructure, the whole perspective, and get an outcome and know what's going on.

Secure Endpoint provides those integrations. We see things from Microsoft customers like Defender. It's a great product too. I think that it doesn't do as great a job right now integrating with other products, but it's all over the place. So it's one of those things where we have to figure out how it works. Most Windows boxes, even if you have Secure Endpoint on it, it also has Microsoft Defender on it as well. I think SecurePoint plays really well with that type of technology. 

I talked to a lot of customers and a lot of them get a good return on investment with Secure Endpoint. They're limited in the capacity of the manpower that they have in those resources, and Secure Endpoint allows them to do those integrations and not just deal with alert fatigue. It provides valuable information that they can make good actual decisions on.

Secure Endpoint has a great price model. It's easily available, there are different levels that can quickly be consumed. I think that being able to bundle it into the EA, and including those bundles will really enhance those cells and provide a lot more outcome.

I give Cisco your endpoint, a ten out of ten. It's a fabulous product. It is really to me one of the cornerstones of the Cisco Security Platform. When we talk about the six pillars of security, having a solid endpoint solution is one of those every single time.

It was our primary endpoint protection. 

The ability to respond rapidly, whether it was doing isolation or threat hunting, helped improve our security. Even when there were a few false positives, it was a good exercise for us to run through and determine what exactly was going on. It was definitely an improvement from what we were using before, which was Trend Micro. That tighter integration definitely helped.

In the time that I was there, we didn't really have any sufficiently major occurrence that did not turn out to be a false positive. But there was useful stuff coming up on the dashboard, where it showed the vulnerable applications. Being aware that those were in our environment, and what threat level they presented on that one to 10 scale, was helpful. It enabled us to say, "Hey, look, Firefox version 71 is still in our environment, and it's a 10. We need to contact that user and get them to upgrade, or remove it if they're using something else." That definitely allowed us to enhance our security posture.

That prioritization of threats, particularly on those vulnerable applications, meant we were able to take action using Microsoft Endpoint Manager. We could deploy applications with supersedence to get that old product off of the machines or upgraded. It definitely improved our situation.

Being able to do pretty immediate research through a simple right-click and threat-detect was very quick and invaluable in making a rapid assessment of what I might be looking at. And with the tighter integration with the Umbrella and Firepower products, when I got in touch with our infrastructure team, they were able to see what I was seeing and more. That was very eye-opening: Wow, look how much information we can get and how quickly we can get that information. We could start evaluating what our status was and what actions we needed to take.

Overall, the impact on our security was that the endpoints were that much safer than they were before, by eliminating those vulnerable applications. And in the event that there was something that appeared to be significant, we had the ability to isolate that device.

Also, Cisco Secure Endpoint, as far as I know, consolidated endpoint, cloud, and remote access agents into a single agent. When we bought the product, it was actually Cisco AMP, and then they went to Cisco Secure Endpoint and everything was managed through the cloud. With that change in the agent, I presume that was all moved to a more cloud-oriented situation.

I would say it improved our time to detection, but that's one of those things that is hard to document. I didn't spend a whole lot of time working with the Trend Micro product, but it seemed to me like it was probably an improvement of at least 30 minutes, which in today's world is forever.

I liked the ability to have a choice between the full scan and the flash scan.

There were also a couple of occasions where being able to isolate the machine on the network remotely was very helpful because, at that company, 80 percent of the workforce was remote.

Also, the integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful.

And in terms of simplifying cybersecurity, being able to have scheduled runs meant we were able to break our endpoints out into different groups. We chose to do different regions and different departments. It was very easy to

1. set up the groups up
2. copy the policies from one to the other.

Once you understood how to do it, it was really simple to create groups and group them together or apply them to each other. It took a little bit of a learning curve to get up to speed, but once we were up to speed, it was very user-friendly.

I also felt that remediating issues using Secure Endpoint was pretty easy. Most of the time, it was a matter of isolating the endpoint that we thought had an issue, running a full scan, confirming that there was no serious issue, and then getting the machine back online. In our case, we were pretty fortunate in that regard, but the remediation appeared to be very simple.

We were using a third-party help desk. One of the ways that they were fixing problems was to delete the client and then add the client back if there was an issue where the client had stopped communicating. Any improvement in the client communicating back to the server would be good, particularly for machines that are offline for a couple of weeks. A lot of our guys were working on a rotation where the machine might be offline for that long. They were also terrible about rebooting their machines, so those network connections didn't necessarily get refreshed. So, anything that could improve that communication would be good.

Also, an easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful. If you could say, "Okay, we've got these two machines. This one says it's not reporting and this one says it's been reporting. Obviously, somebody did a reinstall," it would help. That way you could get a more accurate device count, so you're not having an inflated number. Not that Cisco was going to come down on you and say, "Oh, you're using too many licenses," right away. But to have a much more accurate license usage count by being able to better dedupe the records would be good.

I also sent over a couple of other ideas to our technical rep. A lot of that had to do with the reporting options. It would be really nice to be able to do a lot more in the reporting. You can't really drill down into the reports that are there. The reporting and the need for the documentation to be updated and current would be my two biggest areas of complaint.

Also, there was one section when I was playing with the automation where it was asking for the endpoint type rather than the machine name. If I could have just put in the machine name, that would have been great. So there are some opportunities, when it comes to searching, to have more options. If I wanted to search, for example, by a Mac address because, for some reason, I thought there was a duplication and I didn't have the machine name, how could I pull it up with the Mac address?

When you're getting to that level, you're really starting to get into the ticky tacky. I would definitely put the reporting and documentation way ahead of that.

At the company where I used Cisco Secure Endpoint, I used it for about a year and a half. But I'm no longer there.

It definitely seemed very stable.

It looked like it was very scalable. We only had one Mac in the environment, so I can't really comment too much on the Mac side. But on the Windows side, it seemed good.

There were roughly 800 endpoints and almost all the machines were Dells, whether they were Precisions or Latitudes. There were also Toughbooks because that company was in the oil industry. It was all Windows 10. It was a relatively homogenous environment. There was some variation in which version of the OS people were on, but they were all Windows 10, and probably all 1909 or later.

I only had to use the solution's technical support a couple of times and they were really responsive.

Positive

We had previously used another product and then replaced that because we were very Cisco-centric. The idea was that switching to Secure Endpoint would give us better integration and thereby enhance our security posture.

We just pushed it out from the public cloud through, at that point, the Cisco AMP site. We set up groups and said, "Install these by this date, by this time." It was pretty straightforward.

The bigger portion for us was getting management to make decisions about how they wanted the policies to be done. How often did they want to do a full scan? How often did they want to do a flash scan? What exactly did they want the policies to be? But once they made those decisions, the configuration was super simple.

In terms of maintenance, going back to that issue of the duplication of entries, it did require some maintenance as far as making sure that the count was accurate. As we were onboarding and offboarding, we did not have an in-house CRM since we were using a third-party help desk. That meant we were not able to create an automation for the onboarding and offboarding of users. Removing those machines as they went offline was a manual process for us.

We did it ourselves.

When I got there, we did look at one or two others, but they had pretty much made the decision to go with Cisco by the time I arrived.

We had a very small IT team, so we didn't have a security team, per se, other than being able to rely upon Cisco for assistance if we saw something that we thought was major. We could have them, if need be, engage their team through the active threat detection. But luckily, everything that we ran into that looked like it might have been something major, turned out to be a false positive.

With the few false positives that we had, we were able to mobilize and react very quickly. We were able to involve Cisco pretty much right away, and start the threat-hunting routines and look at the virus total scores to determine if it was really a threat. How it entered the environment, et cetera.

I thought it was very easy to do an investigation to the point that I was involved as the endpoint manager and the administrator of the software. When it came to the real threat hunting, because I didn't have access to Umbrella and Firepower, once I detected something, it got handed off, to a large extent. I would do what I could on my end to isolate the endpoint and get the information over to the infrastructure team, and then they really ran with it.

I didn't notice it necessarily shutting down threats in advance so much as it threw alerts, but that may be because we did not have the automations and workflows configured to do that, by the time I left that company. That was something that we were looking into and playing with and developing.

Overall, I really liked the product. It was well done. If I had to say the few things that were lacking, I really would have liked the ability to drill deeper into the reporting. Also, the documentation available online didn't always seem to fit and could be kind of convoluted, and it was difficult to locate what you were looking for.

We have a complete Cisco environment; we use Cisco Firepower, Cisco ACI, and many of their other products. We have many of their top solutions from the network to the data center server.

The solution improved the effectiveness of our security. Before Cisco Secure Endpoint, we used Trend Micro Deep Security for our virtualized environment, but it didn't allow us to track all the malicious events. We can follow them with Cisco, which is a positive change for us. 

Cisco Secure Endpoint enables us to stop a threat before it spreads across our system. This is a massive improvement for us, as we couldn't follow threats and respond to them as rapidly when we used other solutions. 

I appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us.

The Cisco Secure Endpoint dashboard gives a clear view of everything occurring across the environment, making it straightforward to track and solve threats. This direct approach to threats simplifies cyber security, a capability we didn't have from other solutions; it's instrumental. The dashboard is clean and user-friendly. 

The solution helps prioritize threats as it presents them as low or high-priority, which informs our approach to dealing with them. We can focus on the more severe threats first and protect the integrity of our system. This avoids the problem of having 40 or 50 alerts and not knowing where to start; threat prioritization gives us a starting point. 

CSE reduced our time to detection, mainly due to the excellent dashboard that gives a clear view of threats developing in real-time. One member of staff monitoring the console can block threats almost immediately and set and customize notification preferences. Once the product is correctly configured, we can stop any threats almost as soon as they arise. This requires some time at first, as the agent deployment isn't easy, so starting in the audit mode for the initial configuration is good. 

When we first installed the solution, we faced significant issues, as the server needs to be rebooted when the agent upgrades. This isn't easy in a production environment, and we relayed our concerns about this problem to Cisco.

The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product.

However, Cisco has improved its product, and version 7.1 ended the need to reboot machines for updates. It's also more stable than before, though I still think they have a lot of work to make this a genuinely stable product. Cisco Secure Endpoint is a developing solution, but they need to do more. It doesn't match up to the offerings from CrowdStrike, FireEye, and perhaps Carbon Black.

We have been using the solution for two and a half years. 

For stability, I would rate the product an eight out of ten as there has been significant improvement. If this were a year or two ago, the rating would be five or six. Now it's stable.

I want the ability to deploy the solution without using third-party tools. I'm not too fond of that, so I would rate the solution a seven out of ten for scalability.

Cisco support is excellent, we need to open a support case, and they are very helpful and responsive. Initially, when we had issues during deployment, we opened too many cases, but that was part of our learning process.

Positive

We tried Microsoft ATP and previously used Trend Micro Apex One. We used Trend Micro Deep Security in our VMware environment, which is a hypervisor-level anti-malware. Still, we removed it because it blocked our VM migrations, which significantly impacted our production ecosystem. We had to use DRS to migrate our VMs, and when they don't migrate, that results in an overloaded hypervisor server using all the CPU and RAM. That has a knock-on effect on the other systems and applications, degrading their functions, which is not what we want from an anti-malware solution. Thus, we moved to Cisco Secure Endpoint; we already had a strong connection with Cisco because we use many of their products. It is an affordable offering compared to the competitors, such as Windows Defender ATP.

The initial deployment was more complex because the agent behavior was unstable. There is the potential for the agent to block legitimate files on a production server, so we deployed and spent significant time configuring in audit mode. In our case, the production environment is used by developers, so there can be executables that aren't signed in the environment. I'd say deploying in audit mode first to make these configurations and exemptions specific to requirements is essential before activating the agent and leaving it to work.

We initially deployed the solution manually for testing, and then we used Microsoft SCCM to mass deploy to over 3000 digital machines.

Our deployment is 90% on-premise and 10% in the Azure cloud, and we're looking to move more into the cloud. We have a different internal environment for internal use, the on-premise part, and it's a big environment with over 3000 machines. We don't have a dedicated customer space, which we plan to resolve.

Our deployment was slow initially because we weren't sure about the solution. Our line manager was seriously considering removing it in favor of Microsoft ATP. The reboot to update issue was a significant concern, making us question the tool's viability. Automation like SCCM makes the deployment very fast, but it can take anywhere from two weeks to two months to configure the exclusions, notification settings, and dashboard. Learning the solution, using file analysis, the tracking grid, and all the features and tools takes time. CSE isn't an immediate solution.

A Cisco partner helped us with the system integration, and two members from Cisco's security team followed the deployment to help us get it started. 

I don't have the details, but I would say the solution gives us an ROI.

The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market. 

I would rate this solution an eight out of ten as we are in a Cisco environment. Without that, it would be a seven out of ten.  

Our biggest challenge was the initial deployment, which required using SCCM or other automated tools like Ansible, Puppet, or Chef. We spent a long time in the audit phase, as the configurations we made didn't integrate well into our environment, causing stability issues.

We started using SecureX, but we're at the beginning of understanding and fully implementing its capabilities; we need to learn more. We like the integration of Cisco Secure Endpoint with other Cisco products like Firepower NGFW, ISE, and more. We use a proxy as we have another company acting as our SOC; they receive threat alerts and relay them to us.

I'm satisfied with the solution, and I recommend it to those with other Cisco products. I wouldn't suggest it to those who don't have them.

Cisco Secure Endpoint requires some knowledge of security and malware. An understanding of heuristics, exploits, and living-off-the-land attacks is essential. I would advise any organization to acquire this knowledge if it doesn't exist in their staff pool before implementing and deploying the solution in a production environment. The solution taught me to take things one step at a time.

I use the solution in my company to protect our Windows and Mac devices.

The most valuable features of the solution are its ease of use, simple management of dashboards, and constant updates.

It cannot currently block URLs over websites. From an improvement perspective, I want the tools to have the ability to block URLs over websites from a threat prevention point of view so that everything stays protected.

The product needs to offer better integration capabilities.

I have been using Cisco Secure Endpoint for two and a half years.

It is a totally stable solution. Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

Around 20 to 30 people use the product in my company.

The product is used extensively in my company.

The plan to increase the solution usage depends on the company's decision.

The product's initial setup phase was very simple.

The solution is deployed on the cloud model.

In terms of the time needed for the deployment process, my company requires one or two hours to upgrade the tool on our twenty machines.

One or two people who are engineers are required to deploy and maintain the solution.

The return on investment is fine. My company only looks at how the product can offer security.

You must make monthly payments towards the licensing charges attached to the product. There are no extra charges apart from the standard licensing fees associated with the product.

In the past, I have used ESET and Symantec in my company. The protection offered by Cisco is much better than that offered by ESET and Symantec.

I never used the tool's threat-hunting capability to see its impact on our company's security posture.

I have integrated Cisco Secure Endpoint with other security tools from Cisco, and I see that it has been great.

I recommend the product to those who plan to use it.

The product is reliable and stable. It also provides up-to-date security based on ongoing trends.

The benefits from the use of the product revolves around the fact that it helps our company to be secured, especially in a scenario where constant attacks happen on other companies.

If I consider the current trends in the cybersecurity world, I can say that the product offers main features that provide functionalities of an anti-virus solution.

I rate the overall tool a nine out of ten.

Emphasizing robust prevention and comprehensive security measures, it offers stable functionality. There are several valuable features including strong prevention and exceptional reporting capabilities.

The pricing policy could be more competitive, similar to Cisco's offerings. Cisco recently introduced the SecureX platform, where all the different platforms are consolidated. This means you need a single account to access all the platforms, simplifying the process. However, it can still be a bit frustrating because the access isn't straightforward. There are different links for logging in, and depending on which link you use, you might encounter issues with admin rights, even if you are an admin. It seems there are some access problems during the transition and migration process, which has affected my system as well.

For instance, we had the Cisco Mail gateway, and I used to have specific links to report and configure guardian and spam checks for emails. Now, all of these have also been moved to the SecureX platform, which doesn't always function smoothly when logging in. Sometimes, I still have to log in using my old links. It's a bit inconvenient, but that's how it is.

I have been using Cisco Secure Endpoint for the past two years. 

I would rate the stability nine out of ten. 

It is a scalable product and I would rate it eight out of ten. 

They have separate support departments for different products, and the experience can vary depending on the product. For instance, Cisco Meraki Support is notably excellent and quick. In contrast, the support for some other Cisco products may be slightly less effective or even more outstanding. They tend to be slow when responding to inquiries. Personally, I have had a good experience with Cisco.

Regarding maintenance, we receive the latest updates automatically. I handle tasks such as installing the updates, assigning licenses, and installing the agent. Additionally, I check for insights on the computers where the agent is installed. These insights provide reports on various aspects, such as the computer's Windows update status and whether the antivirus is on the latest version, among other things.

It is a subscription-based product. 

I would overall rate the product an eight out of ten and recommend it to fellow users.