Cisco Secure Endpoint Reviews

I'm the Principal Architect of Cybersecurity at Logicalis. I've been working with Cisco for thirty-something years. I started out with the military, and then as an engineer, I worked with a large data center company. We build data centers all around the world, and then I moved to the partner space for about the past ten years and have been architecting and selling Cisco Security solutions.

A good use case for Cisco Secure Endpoint is threat hunting. It's the integration with Cisco SecureX and all the other Cisco technologies to really be able to look for, hunt, find things, see how they move through their network, and find out what actually happened.

I think a large benefit of using Secure Endpoint is the ability to offload the personnel. We have a crisis in the country where we have too many jobs and there are not enough people, and using something like Secure Endpoint and integrating the Cisco ecosystem allows us to pull in all of this data into a single place and offset those people that we have to have to do the job. It allows us to do some threat hunting and make good decisions with good tools, and it's affordable. 

Secure Endpoint has decreased our time to remediate by providing the tools and the integrations we need so we can quickly look across our entire network, look for those threats, and actually make good decisions. 

Cisco Secure Endpoint provides us the scale to quickly reduce the time to find out about an event by integrating into different platforms and providing threat intelligence specifically from Talos so we could quickly find these things. Where things used to take days, we can now do things in hours. 

Cisco Secure Endpoint does a great job of allowing us to take the individual endpoint assets, do an inventory, and know what the normal state is, so we can have a delta when things change, and we can look for consistencies. And when those things change, we get alerts. We can know what's happening with those boxes. The great part about it is I was able to eliminate lots of other features of doing inventory management and spreadsheets and see what's going on. It's also allowing us to integrate all of the other secure malware antivirus-type platforms that do a single platform. And do threat hunting with that.

Five out of five times, Secure Endpoint helps every customer I talk to improve their cybersecurity resilience. It provides integrations, it provides an affordable and easy-to-implement package where we can quickly talk to customers and work with them to get a solution in place. Logicalis does a great job of taking the package and not just installing it, but doing it in a way that a customer can understand how to use that platform afterward. 

I think the feature I find most valuable at Secure Endpoint is the ability to integrate into other products and to really dig deep into what's actually happening in the network. I know it's an endpoint product, but there are so many integrations. How we can find inventory, how we can see what's going on, and we can do an analysis of that endpoint, and see how things really move through the network.

One of the things that Cisco Secure Endpoint really needs is that it's not just Secure Endpoint, it's a point product, and I think we really need to move into solution-based selling, designing, and architecting. So that we're not worried about putting things on endpoints and selling 'x' amount of endpoints, but to provide a solution that covers all of the remote access and sell them as solutions that cover multiple things.

I've been using Cisco Secure Endpoint for about ten years. I began with the single standalone product and moved into more discovery. I used Cisco SecureX, to really utilize Secure Endpoint technology, Orbital, and all of that package to look for threats and hunt for different malware and things on the network. 

Cisco Secure Endpoint has been around for a long time. I see it only integrating more into Cisco's platform and product line. It'll be a cornerstone of a lot of the threat-hunting stuff that Cisco's working on at Cisco Secure.

We install Cisco Secure Endpoint. Our customers are in healthcare, manufacturing, and large enterprises anywhere from three hundred endpoints all the way up to multiple tens of thousands. I think Cisco SecurePoint does a great job of scalability, and really providing access to enterprises and companies of any size.

Cisco support is world-class in general. They do a great job. I don't think anyone else in the industry really compares in the responsiveness and the ability to help. A lot of companies, if you call them for help with the problem, they're going to tell you it's not their problem. Cisco at least will help. That goes a long way with a lot of people. 

I give Cisco support a ten out of ten. I think they're fabulous, and I've never had an issue.

Positive

Secure Endpoint is a great product. It provides integrations into so many of the Cisco ecosystems. One of the better things that I like about the product is that there is this whole ecosystem. I talk about XDR when I talk to my customers because I like to tell them to do outcome-driven selling or outcome-driven processes, and that outcome is XDR. I want to be able to have the customers that have some toolsets that they can look at their entire security infrastructure, the whole perspective, and get an outcome and know what's going on.

Secure Endpoint provides those integrations. We see things from Microsoft customers like Defender. It's a great product too. I think that it doesn't do as great a job right now integrating with other products, but it's all over the place. So it's one of those things where we have to figure out how it works. Most Windows boxes, even if you have Secure Endpoint on it, it also has Microsoft Defender on it as well. I think SecurePoint plays really well with that type of technology. 

I talked to a lot of customers and a lot of them get a good return on investment with Secure Endpoint. They're limited in the capacity of the manpower that they have in those resources, and Secure Endpoint allows them to do those integrations and not just deal with alert fatigue. It provides valuable information that they can make good actual decisions on.

Secure Endpoint has a great price model. It's easily available, there are different levels that can quickly be consumed. I think that being able to bundle it into the EA, and including those bundles will really enhance those cells and provide a lot more outcome.

I give Cisco your endpoint, a ten out of ten. It's a fabulous product. It is really to me one of the cornerstones of the Cisco Security Platform. When we talk about the six pillars of security, having a solid endpoint solution is one of those every single time.

We use a lot of Cisco products to integrate into our services for about 160 customers in healthcare, local government, and social housing.

We are using tons of Cisco products. Besides all types of firewalls, we are using IronPort for email. We are using a lot of networking products as well, in which security is also embedded. We also use the SecureX platform to leverage our security automation.

We have about 160 customers, and each of these customers has its own compliance, set of rules, and governance. So, the use cases might vary, but it's all about keeping them safe on all levels; on a technical level, on a tech framework level, and also on a personal level. We try to prevent our customers from doing things that they didn't intend to do as well. The use cases vary, and we embed them in all our services and also in our security operations center.

Most of the customers don't even know that they are more secure. It's like they expect to be secure, but the moment we have a big threat from the outside, they will see and they will know that we are far faster and better able to protect them and react to threats from the outside.

Cisco Secure has saved us time, especially the SecureX platform has helped us to automate certain processes and do analytics. That prevents us from taking each individual part of the logging. They have the intelligence in there to do the first check for us, and that saves a lot of time.

There is a reduction in operating expenditures but not only from the Secure perspective. Our full stack is based on Cisco, so we leverage the full integration part of that. We have our compute, we have our networking, and we have our security, and that makes it easier because you have less interfaces with different products.

From a technical perspective, I would rate it quite high for securing our infrastructure from end to end. From a behavioral perspective, in terms of the end customers leveraging it, there's still a little bit of work to do because we need to help the end customers to be more aware of what they're doing. On the endpoint for a user, they don't exactly see what is happening. From a visual perspective, you also want to have a feeling that you're safe or you get some tips or tricks to be safer, but for the most important part, which is the technical part, I would rate it very high. We really trust Cisco.

The best feature that we found most valuable, is actually the security product for the endpoint, formerly known as AMP. It has behavioral analytics, so you can be more proactive toward zero-day threats. I found that quite good.

I'm also a big fan of Talos, which provides us with a lot of insights to react faster. We also created our own toolset to embed Talos input to the Cisco products, which was not a native function, but it's being enhanced right now in the new Secure and SecureX platform.

On the firewall level, they were lagging a little bit behind, but they are running up again. I have full trust in the new 3000 series of firewalls where we would also be able to look more into the traffic that we're monitoring and get more security layers in our services. That would definitely be a big step.

We have been using Cisco since we started the company in 2002. At the time, it was not branded as such, but security is embedded in every Cisco product.

I'd rate them a nine out of ten because we still had to do things ourselves. After they had done them for us, if it was just one click on a button, then I would've given them a ten. 

Positive

We were using different products before, but we made a strategic choice to use the endpoint protection part. We're very happy with this part because it works on all types of devices and all types of endpoints—not only the user endpoint but also the networking endpoint and a lot of server platform endpoints as well. That was a primary reason, and obviously, the cost or OPEX was a part of the strategic choice to do so, but the most important part was that it had the behavior analytics part in there, so we could be more prepared for zero-day attacks.

I was only indirectly involved in its deployment. As a board, we do look at the choices that we are making, but the real firm choices are made by our chief technology officer, our corporate information security officer, and the people in the operations. However, at the board level, we always look into what are the benefits and what are the costs, so I was involved indirectly, but I was not the one who made the decision.

The deployment of Cisco Secure solutions is a little bit in the midst. Because we had such a big install base, we took a lot of time. It was a program of approximately one and a half years. For us, it was a tough project. Was it tough because of Cisco? I don't think so. It was tough because it was such a big install base.

We handled it as a project. At first, we had to explain to our customers that we are going to use another product and why. We had to do a lot of marketing and communication beforehand. We had to train our people and our resources. We had to fix our automation. We also had our implementation plan per customer because it does impact the performance at first because it has to get to know the infrastructure and it has to get to know the services. After that, it all worked out well, and we are continuing to do so because this is a never-ending project. There are still new releases and new features. It's embedded continuously in our organization now. It's sort of cyclic maintenance.

We do not measure that on a product basis. We have a growth rate with a company that lies between 15% to 30% each year in our services and profits. It definitely adds to that as well. It's year-on-year, so we're doing quite well, and it's partly because of Cisco.

It can always be cheaper.

We only had one real runner-up, and it was Microsoft Defender, which is also a good solution, but it's less integrated with our Cisco infrastructure.

Don't take it to light and implement it with your customer in mind, and don't only implement it as a technical project. It's all about mitigating risks for your customers, and it might not always be technical. 

Be aware that implementing such a new embedded technology might also cause an impact on performance. So, keep informing your customers about the benefits and say that it might be a little difficult at certain times, but when we're finished, they are far safer than they were ever before.

Open Line has a big customer base in healthcare, local government, logistics, and social housing. Societal responsibility is quite huge in the Netherlands. Cisco might also be aware of the impact that they have. They shouldn't just look at us as a managed services company or a partner; just be proud that their social reach in the Netherlands is so high. They're part of that as well. At certain times, I don't think they're aware of that. They can be far prouder than they are right now.

I'd rate Cisco Secure an eight out of ten because we have a high ambition level. Perhaps with the new Cisco 3100 series firewalls, we'll go up a little bit because that will also help us in a risk-based security approach.

We are delivering Cisco solutions and security services to more than 100 customers. We use AMP, which I believe is currently called Cisco Secure Endpoint. We use Umbrella, we use SecureX, we use Meraki, and we, of course, use firewalls. So, it's a very broad range of Cisco products. 

Cisco Secure solutions have improved our company in the sense that we are now moving towards being a managed service provider, which is doing what Cisco is telling about combining your network, your hosting, and your security together in one company so that you can deliver IT services in a carefree way for your customers. So, Cisco is helping us in creating that goal of carefree use of IT.

I'm very glad that for most customers, we have onboarded Cisco Secure Endpoint because it helps us a lot in solving and detecting ransomware. It's being done automatically, so you don't have to worry. It's removing that. Therefore, it is called an EDR solution. It takes care of detection and response, and it's being done automatically. In the case some handling is needed, we have a connection from Cisco Secure Endpoint towards SecureX and ServiceNow. So, we are bringing that very simply to our support engineers. If any handling is needed there, they automatically get a ticket, and they can act.

It has helped a lot in saving time because when you have an automated flow of tickets, a ticket is immediately handled by the support people. They can immediately act in ServiceNow and see what they have to do if something is detected where a manual action is still needed. There are, however, not many cases because AMP already handles a lot of responses automatically. 

We are saving a lot of money on our operational costs because people don't have to enter tickets anymore in the system. Secondly, a lot of response is being done automatically by AMP. That helps us a lot as well in saving costs because, in the past, somebody had to do it manually.

The most valuable feature at this moment is that Cisco AMP or Cisco Secure Endpoint solution is delivering a lot of things, and I always say to a lot of customers that if we didn't have Cisco AMP, we probably would have had ransomware somewhere. So, it's protecting us very well from a lot of hackers, malware, and especially ransomware.

We would like to see the protection from the start of the endpoint till the end. Nowadays, we see that working from home is quite important, so there's a need to protect the whole layer, not only the network of the customer. There is a change towards starting from the process on the endpoint and then protecting that towards the application and the data on the back end. You need to protect that whole layer, which means that you have to have something on your endpoints that can protect. Today, at the Cisco Live event, I heard that there will be an AnyConnect solution from Cisco that will help us in delivering the kinds of security solutions that customers currently want. In some cases, we use AnyConnect, but because SaaS is coming up, many of the solutions or many endpoints are using a browser to make the connection to any place, anytime, and anywhere, so you want to have a secure connection at the start. It should be on every endpoint. I've heard Cisco is developing that right now to have all endpoints, not only laptops, desktops, and tablets, but also mobile devices, connected and secure towards the application and the data at the end. We are using AnyConnect as a VPN solution, but not as a whole set, which is currently being developed by Cisco.

They can combine the platforms and the management tools so that they are a little bit simpler and easy to use.

The integration of the Cisco products for security could be better in the sense that not everything is integrated, and they aren't working together. In addition, not all products are multi-tenant, so you can't separate different customer environments from each other, which makes it a little bit hard for a managed service provider to deliver services to the customers.

The quality of the product should be on top. For instance, when they are being introduced, some firewalls have some bugs, and they are known bugs. So, going to the latest version of the firewall is not always the smartest thing to do. There could be an improvement to help us go to the most modern version.

Cisco's support for their solutions is very good, but it always depends on people. We have a good account manager or service manager from Cisco, and he is helping us a lot in getting the right people from Cisco to talk to, etc. So, it's good. It's a very good arrangement. 

I'd rate them between eight and nine. I don't think that the support organization has to change, but if the tools that you have to use and the management consoles you have to use are simpler, then the support can also be much simpler, and the support department from Cisco can easily support the partners as well.

Positive

I was involved in the implementation of Cisco AMP. When we did a changeover from the traditional antivirus to AMP, I was highly involved. It was an interesting journey, and in the end, we achieved what we wanted to achieve.

It was easy in a certain way, but if you are a managed service provider, you also need to have multi-tenancy. The multi-tenancy support is within Cisco AMP. If you want to implement it, it's not always easy because you cannot do some of the things, such as specifying the policies you want to use, from the top level. You have to do them separately in every tenant, but I've heard that they are going to change it.

We have indeed seen a return on investment for the Cisco Secure solution we have implemented. We've seen the benefits in terms of earning money, but also in terms of extending our services and turnover in many cases.

The pricing and licensing of the security solutions of Cisco are very good in comparison with the competitors, but sometimes, it's difficult to see all the discounts and other kinds of things. So, you have to be careful, but the pricing is good.

I was a part of the evaluation process to go from a traditional antivirus package to a new solution called endpoint detection and response. Of course, there are only two big players, Cisco and Microsoft, in that area. We had to discuss what to do and how to deal with it. Of course, many customers have Microsoft in their workplace, but we are offering Cisco at least for the endpoint service where we have the hosting center. If they want, we can deploy AMP on the endpoints as well. However, there's something to say about the fact that you have two different kinds of EDRs. On your end-user devices, you have Defender, and on your server, you have Cisco, which makes it even more strong.

Traditionally, Cisco comes from the infrastructure. The difference between Cisco and Microsoft security solutions is that Cisco is coming from the infrastructure part, and Microsoft is coming from the data part. What you see is that Microsoft developed its solution from information, from data, and Cisco is coming from the infrastructure. It is deeper in IT. The solutions are deeper, and therefore, they sometimes might be stronger if you are only looking at the top of what's in IT. That makes it a little bit different. So, it's not about who's better or who's stronger. In some cases, they are an addition to each other.

Cisco Secure was the right solution for us. Of course, that was also because of the cost. Because we were already working together with Cisco, we chose Cisco for our hosting center and for all of our services. If the customer wants to have it on their endpoints and user devices, they could use our Cisco solution as well. If they want to have Defender, we support that as well on the endpoints of the user. 

To those evaluating Cisco Secure solution, I'd advise understanding the roadmap and the architecture of Cisco very well and seeing how it can add things. I have to mention Microsoft solutions because there is an added value on top of the Microsoft solutions, and that's what you have to look for. 

Cisco Secure solutions are currently at the level of a seven out of ten, and that's based on the fact that some management consoles are not working together, and in some of the new products, there are still, for instance, some known bugs. That's an issue that could be improved, and they are working on that.

We saw this product with a partner. We installed it and configured it properly along with our antivirus solution. We monitor it almost every day to see what's going on. Up till now, we are very happy with the performance.

We check every day if there are any indicators of compromise, if there are any workstations that need particular attention, or if there are any peculiar or strange events.

The main benefit is that we have visibility on the network. With the combination of Cisco Secure Endpoint and our antivirus, we feel a little bit more secure. We have better monitoring of and overview of what's going on in the network.

It's reliable. It's doing most of the jobs for us, so we don't have to worry. We check it for just 15 minutes per day to be sure that everything is fine.

It doesn't save time, but we feel more confident that everything is okay on the network. It improves our security posture.

It's quite simple, and the advantage I see is that I get the trajectory of what happened inside the network, how a file has been transmitted to the workstation, and which files have got corrupted.

It's able to detect and help remediate threats. So far, my experience is very good. I trust this product. It's quite simple, fast, and reliable. The dashboard and reporting are also quite good.

In terms of features, I don't have any areas for improvement. It has a good interface. Its reporting is also good, and the updates are very frequent. Its price is okay for us, but it can always be better. There's always room for improvement when it comes to pricing.

We have been using this solution for more than a year and a half.

It's reliable. We haven't had any problems so far.

It's easy to scale.

It has been excellent so far. We don't have any problems. I'd rate them a nine out of ten.

Positive

It's the first time we are using this kind of product. We didn't use any other product previously. 

It was quite easy for us. It probably took us three days.

We have a lot of partners, but Netbull is our partner in Greece for Cisco Secure Endpoint.

Its price is fair for us.

We didn't evaluate other products. We had seen this product before. We discussed it with our partners, and we just went for it. Our main thought was to go with a product and brand that we can trust. All our core network is Cisco, so this was the product that came straight into our head.

I'd rate Cisco Secure Endpoint a nine out of ten. It's excellent.

It was our primary endpoint protection. 

The ability to respond rapidly, whether it was doing isolation or threat hunting, helped improve our security. Even when there were a few false positives, it was a good exercise for us to run through and determine what exactly was going on. It was definitely an improvement from what we were using before, which was Trend Micro. That tighter integration definitely helped.

In the time that I was there, we didn't really have any sufficiently major occurrence that did not turn out to be a false positive. But there was useful stuff coming up on the dashboard, where it showed the vulnerable applications. Being aware that those were in our environment, and what threat level they presented on that one to 10 scale, was helpful. It enabled us to say, "Hey, look, Firefox version 71 is still in our environment, and it's a 10. We need to contact that user and get them to upgrade, or remove it if they're using something else." That definitely allowed us to enhance our security posture.

That prioritization of threats, particularly on those vulnerable applications, meant we were able to take action using Microsoft Endpoint Manager. We could deploy applications with supersedence to get that old product off of the machines or upgraded. It definitely improved our situation.

Being able to do pretty immediate research through a simple right-click and threat-detect was very quick and invaluable in making a rapid assessment of what I might be looking at. And with the tighter integration with the Umbrella and Firepower products, when I got in touch with our infrastructure team, they were able to see what I was seeing and more. That was very eye-opening: Wow, look how much information we can get and how quickly we can get that information. We could start evaluating what our status was and what actions we needed to take.

Overall, the impact on our security was that the endpoints were that much safer than they were before, by eliminating those vulnerable applications. And in the event that there was something that appeared to be significant, we had the ability to isolate that device.

Also, Cisco Secure Endpoint, as far as I know, consolidated endpoint, cloud, and remote access agents into a single agent. When we bought the product, it was actually Cisco AMP, and then they went to Cisco Secure Endpoint and everything was managed through the cloud. With that change in the agent, I presume that was all moved to a more cloud-oriented situation.

I would say it improved our time to detection, but that's one of those things that is hard to document. I didn't spend a whole lot of time working with the Trend Micro product, but it seemed to me like it was probably an improvement of at least 30 minutes, which in today's world is forever.

I liked the ability to have a choice between the full scan and the flash scan.

There were also a couple of occasions where being able to isolate the machine on the network remotely was very helpful because, at that company, 80 percent of the workforce was remote.

Also, the integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful.

And in terms of simplifying cybersecurity, being able to have scheduled runs meant we were able to break our endpoints out into different groups. We chose to do different regions and different departments. It was very easy to

1. set up the groups up
2. copy the policies from one to the other.

Once you understood how to do it, it was really simple to create groups and group them together or apply them to each other. It took a little bit of a learning curve to get up to speed, but once we were up to speed, it was very user-friendly.

I also felt that remediating issues using Secure Endpoint was pretty easy. Most of the time, it was a matter of isolating the endpoint that we thought had an issue, running a full scan, confirming that there was no serious issue, and then getting the machine back online. In our case, we were pretty fortunate in that regard, but the remediation appeared to be very simple.

We were using a third-party help desk. One of the ways that they were fixing problems was to delete the client and then add the client back if there was an issue where the client had stopped communicating. Any improvement in the client communicating back to the server would be good, particularly for machines that are offline for a couple of weeks. A lot of our guys were working on a rotation where the machine might be offline for that long. They were also terrible about rebooting their machines, so those network connections didn't necessarily get refreshed. So, anything that could improve that communication would be good.

Also, an easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful. If you could say, "Okay, we've got these two machines. This one says it's not reporting and this one says it's been reporting. Obviously, somebody did a reinstall," it would help. That way you could get a more accurate device count, so you're not having an inflated number. Not that Cisco was going to come down on you and say, "Oh, you're using too many licenses," right away. But to have a much more accurate license usage count by being able to better dedupe the records would be good.

I also sent over a couple of other ideas to our technical rep. A lot of that had to do with the reporting options. It would be really nice to be able to do a lot more in the reporting. You can't really drill down into the reports that are there. The reporting and the need for the documentation to be updated and current would be my two biggest areas of complaint.

Also, there was one section when I was playing with the automation where it was asking for the endpoint type rather than the machine name. If I could have just put in the machine name, that would have been great. So there are some opportunities, when it comes to searching, to have more options. If I wanted to search, for example, by a Mac address because, for some reason, I thought there was a duplication and I didn't have the machine name, how could I pull it up with the Mac address?

When you're getting to that level, you're really starting to get into the ticky tacky. I would definitely put the reporting and documentation way ahead of that.

At the company where I used Cisco Secure Endpoint, I used it for about a year and a half. But I'm no longer there.

It definitely seemed very stable.

It looked like it was very scalable. We only had one Mac in the environment, so I can't really comment too much on the Mac side. But on the Windows side, it seemed good.

There were roughly 800 endpoints and almost all the machines were Dells, whether they were Precisions or Latitudes. There were also Toughbooks because that company was in the oil industry. It was all Windows 10. It was a relatively homogenous environment. There was some variation in which version of the OS people were on, but they were all Windows 10, and probably all 1909 or later.

I only had to use the solution's technical support a couple of times and they were really responsive.

Positive

We had previously used another product and then replaced that because we were very Cisco-centric. The idea was that switching to Secure Endpoint would give us better integration and thereby enhance our security posture.

We just pushed it out from the public cloud through, at that point, the Cisco AMP site. We set up groups and said, "Install these by this date, by this time." It was pretty straightforward.

The bigger portion for us was getting management to make decisions about how they wanted the policies to be done. How often did they want to do a full scan? How often did they want to do a flash scan? What exactly did they want the policies to be? But once they made those decisions, the configuration was super simple.

In terms of maintenance, going back to that issue of the duplication of entries, it did require some maintenance as far as making sure that the count was accurate. As we were onboarding and offboarding, we did not have an in-house CRM since we were using a third-party help desk. That meant we were not able to create an automation for the onboarding and offboarding of users. Removing those machines as they went offline was a manual process for us.

We did it ourselves.

When I got there, we did look at one or two others, but they had pretty much made the decision to go with Cisco by the time I arrived.

We had a very small IT team, so we didn't have a security team, per se, other than being able to rely upon Cisco for assistance if we saw something that we thought was major. We could have them, if need be, engage their team through the active threat detection. But luckily, everything that we ran into that looked like it might have been something major, turned out to be a false positive.

With the few false positives that we had, we were able to mobilize and react very quickly. We were able to involve Cisco pretty much right away, and start the threat-hunting routines and look at the virus total scores to determine if it was really a threat. How it entered the environment, et cetera.

I thought it was very easy to do an investigation to the point that I was involved as the endpoint manager and the administrator of the software. When it came to the real threat hunting, because I didn't have access to Umbrella and Firepower, once I detected something, it got handed off, to a large extent. I would do what I could on my end to isolate the endpoint and get the information over to the infrastructure team, and then they really ran with it.

I didn't notice it necessarily shutting down threats in advance so much as it threw alerts, but that may be because we did not have the automations and workflows configured to do that, by the time I left that company. That was something that we were looking into and playing with and developing.

Overall, I really liked the product. It was well done. If I had to say the few things that were lacking, I really would have liked the ability to drill deeper into the reporting. Also, the documentation available online didn't always seem to fit and could be kind of convoluted, and it was difficult to locate what you were looking for.

We rely on it for antivirus. There are probably three levels, and we have the bottom tier, the most basic one.

It is on Cisco's cloud. We have the client installed on all workstations, but we don't have a server.

It just gives me more insights into what threats are out there on the machines, so I can be more proactive.

Actionable alerts in the security console are helpful. With the security console, I immediately get to know about an issue. So, it has sped things up. It also gives you a way to research and see if an issue is spreading, so it has assisted quite a bit.

It definitely gives a starting point for investigating and mitigating threats. It has research tools, and we can run queries. I have used its Orbital Advanced Search feature. I have run quite a few queries to determine what is out on the network or on the devices that could be a threat. It could be something that is misconfigured or something that we don't want to have running. It is able to quickly run these queries.

I usually use the Orbital Advanced Search feature for groups. I use it to look for commonality for a threat thread, and it provides good visibility. I've never used it for just one endpoint.

Orbital Advanced Search helps in reducing the attack surface and investigating real-time data on endpoints. I've only used it a handful of times, and I was mostly looking for whether or not an update has been applied.

Orbital Advanced Search definitely saves time. I assume money goes right along with time. I don't have to go from desktop to desktop. I have 50 desktops, and if I'm looking for something in particular, it would take at least 15 to 20 minutes per desktop.

We use Cisco Umbrella. The integration when you use the SecureX console is really good to go from one to the other. I have pulled the endpoint and Cisco Umbrella into SecureX, so I just have one console. It was easy to integrate. They provided really good instructions. This integration just made things more convenient.

It simplifies endpoint protection, detection, and response workflows, especially for threat hunting. The way it is set up, with the console, I would get to know quickly that we have an issue. It increases operational efficiency because I don't have to go from desktop to desktop. I'm also proactive instead of reactive.

It has minimized security risks to our business. I've had several desktops where they have triggered an alert, and all I had to do was to go and clean that machine out before the problem spread. 

It allows us to focus on the incident instead of investigating the group, so we are more efficient. It has decreased our time to remediate because we're focusing on the machines we need to.

It has decreased our time to detect. I can't quantify the time, but in some of the older antiviruses, the user would say, "Okay, I've got a pop-up, and it has flagged this or that," and then you'd have to go look for it. With this, I know ahead of time, or I know when it happens. 

We use it as an antivirus. The audit logs are valuable. 

It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.

It is quite comprehensive in terms of endpoint protection. I haven't found anything where it was lacking in terms of the protection of our Windows machines.

While I've attended a lot of their training webinars, they were mostly high-level. They just say that these are the feature, and this is how you access them, but I would like to see more scenario-based information. They should provide us examples of how to resolve something when we see something happening. They should give us an example of the flow on how to resolve it.

In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through.

I have been using this solution for about a year. My company had it for about a year and a half before I joined.

II haven't had any issues with it except for a connector issue. They quickly put out a new one and got rid of the problem. So, it seems to be really stable, and they seem to be reactive when there is a problem.

It is good in terms of keeping the machines updated. It is easy to get it installed on the desktop and keep it updated. We have a little over 100 users. They are administrators, project managers, field supervisors, engineers, and sales and support staff, so we have quite a mix.

We have deployed it on all desktops and laptops currently. I am going to start looking at adding it to mobile devices. Currently, we only have Windows machines covered. We are working on getting it set up on the Mac mobile devices. So, eventually, we will have a lot more depth than we have now.

I never had to reach out to them. So far, I have been able to find the documentation that I needed.

I've only been with the company for a year. They had it when I got there, and we haven't changed anything since then.

I've used McAfee and Norton, and it does much better than them.

I wasn't involved in the initial setup. They did that before I joined the company.

Its maintenance is done by me. I'm the only IT person. It is not a large company, so it isn't a bad thing.

It is kind of hard to say what would have happened if you didn't have it. We've got a very stable environment, and it seems to be doing its job. So, I assume we're getting a return on investment.

The pricing was negotiated before I started, so I don't really know.

I would advise others to take a real hard look at it because it is a good solution for companies of our size. I like the fact that it is managed in the cloud. I don't have to maintain a server presence. It is easy to use. It was a bit of a learning curve to start with because I was completely unfamiliar with it. I just dug in there and figured it out. Its documentation is fairly good.

If you go through SecureX, everything is right there in terms of user access and device protection. This integration is nice, but so far, it hasn't really saved me any time. It may in the future.

I believe it makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform, but I never had to do that.

I would rate Cisco Secure Endpoint an eight out of 10.

The solution is easy to deploy and applies multi-factor authentication. 

The solution can be cheaper. 

I have been using Cisco Secure Endpoint for six years. 

The initial setup is straightforward.

It is an expensive solution. 

I rate the overall solution a nine out of ten. 

Emphasizing robust prevention and comprehensive security measures, it offers stable functionality. There are several valuable features including strong prevention and exceptional reporting capabilities.

The pricing policy could be more competitive, similar to Cisco's offerings. Cisco recently introduced the SecureX platform, where all the different platforms are consolidated. This means you need a single account to access all the platforms, simplifying the process. However, it can still be a bit frustrating because the access isn't straightforward. There are different links for logging in, and depending on which link you use, you might encounter issues with admin rights, even if you are an admin. It seems there are some access problems during the transition and migration process, which has affected my system as well.

For instance, we had the Cisco Mail gateway, and I used to have specific links to report and configure guardian and spam checks for emails. Now, all of these have also been moved to the SecureX platform, which doesn't always function smoothly when logging in. Sometimes, I still have to log in using my old links. It's a bit inconvenient, but that's how it is.

I have been using Cisco Secure Endpoint for the past two years. 

I would rate the stability nine out of ten. 

It is a scalable product and I would rate it eight out of ten. 

They have separate support departments for different products, and the experience can vary depending on the product. For instance, Cisco Meraki Support is notably excellent and quick. In contrast, the support for some other Cisco products may be slightly less effective or even more outstanding. They tend to be slow when responding to inquiries. Personally, I have had a good experience with Cisco.

Regarding maintenance, we receive the latest updates automatically. I handle tasks such as installing the updates, assigning licenses, and installing the agent. Additionally, I check for insights on the computers where the agent is installed. These insights provide reports on various aspects, such as the computer's Windows update status and whether the antivirus is on the latest version, among other things.

It is a subscription-based product. 

I would overall rate the product an eight out of ten and recommend it to fellow users.