We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious."
"Integration is a key selling factor for Cisco security products. We have a Cisco Enterprise Agreement with access to Cisco Email Security, Cisco Firepower, Cisco Stealthwatch, Cisco Talos, Cisco Threat Grid, Cisco Umbrella, and also third-party solutions. This is key to our security and maximizing operations. Because we do have the Email Security appliance and it is integrated with Threat Response, we have everything tied together. Additionally, we are using the Cisco SecureX platform, as we were a beta test for that new solution. With SecureX, we are able to pull all those applications into one pane for visibility and maintenance. This greatly maximizes our security operations."
"The solution's integration capabilities are excellent. It's one of the best features."
"The most functional item that we use is the process to turn off the false flags that it causes."
"Has good RAM capacity for the power I need"
"The Application Guard and ByteGuard are useful features."
"The most valuable features are script blocking and macros within Word documents for stopping unwanted applications from running in the background."
"It is extremely simple to manage and deploy."
"The deployment of updates is easy."
"The solution is very quick at easily changing the levels of protection for each computer and the server."
"I find the actual overall endpoint malware protection the most valuable feature of CylancePROTECT."
"It really protects and does its job. It totally blocked every attack attempt, and no attack attempt was successful."
"It's a very easy-to-use product."
"They offer the whole package. Remote monitoring and management (RMM) is included with it, which is pretty nice. They also have Windows patching and third-party patching. It was easy to use for protection. The containment engine was pretty nice for securing our environment."
"The most valuable feature is the management of end-user machines."
"The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"Maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"The technical support is very slow."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"It should have better support for Windows and Mac."
"We would like to see secure integration and multi-factor authentication to be able to access the administration dashboard."
"It's a good solution but some features just need to be updated."
"Having worked with SentinelOne, Cylance is good, however, it probably needs to add a feature similar to SentinelOne's rollback functionality. With this feature, if you get infected, with a click, you can go back to the pre-infection state. If Cylance could add this functionality to their offering as well, that would be ideal."
"While you are working, you are finding these things that were supposed to be waived have come back to being blocked. That's frustrating."
"The product does not do a lot of reporting on what it is taking care of. Enhanced reporting would be a welcome improvement."
"I'd like them to do software distribution too, but they said that that's architecturally not at the product line."
"I would like to see them fix the alerting system so that the endpoint reporting is a bit more streamlined."
"The licensing fees are high. The company should work to try to lower them for the customer."
"They need to enhance the performance of the agents. Currently, the performance is going low when the agent starts a full scan. The agent is consuming a lot of resources while scanning. When there are a lot of documents to check, it slows down the endpoint. This is the only thing that worries me about Comodo, but this issue is also there in other products. It is missing DLP, and I know that they are working on adding some data loss prevention capabilities. They have added some capabilities, but these capabilities are not yet mature. I hope they will enhance these capabilities because it is important to prevent the data from going out from inside. We are protected from the outside, but we also have to be protected from the inside out."
"They need to just modernize the infrastructure with something that is next-generation. We have recently moved to SentinelOne. It had been doing good for us for a while, but we needed something modern with new technology."
"Their support is not very good because they are very late to reply."
"We have a license for 3,000 users and if we get up to 3,100 users, it doesn't stop working, but on the next renewal date you're supposed to go in there and add that extra 100 licenses. It's really good that they let you grow and expand and then pay for it. Sometimes, with other products, you overuse a license and they just don't work."
"Licensing fees are on a yearly basis and I am happy with the pricing."
"There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization."
"The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost."
"In our case, it is a straightforward annual payment through our Enterprise Agreement."
"Whenever you are doing the licensing process, I would highly advise to look at what other Cisco solutions you have in your organization, then evaluate if an Enterprise Agreement is the best way to go. In our case, it was the best way to go. Since we had so many other Cisco products, we were able to tie those in. We were actually able to get several Cisco security solutions for less than if we had bought three or four Cisco security solutions independently or ad hoc."
"We can know if something bad is potentially happening instantaneously and prevent it from happening. We can go to a device and isolate it before it infects other devices. In our environment, that's millions of dollars saved in a matter of seconds."
"Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection."
"I think that the price we are paying is good for what it is."
"The monthly fee is $55 USD per user."
"The product cost is about $5, per user, per month."
"We pay our license on a yearly basis and have just renewed for two years."
"It's not so heavily priced; rather, it's average and decent."
"This cost of the license is approximately $5 USD monthly per user."
"It was about 35 or 40 bucks per year for the endpoint."
"The price of this product should be lower."
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
BlackBerry® Protect is an artificial intelligence (AI) based endpoint protection platform (EPP) that prevents breaches and provides added controls for safeguarding against sophisticated cyberthreats—no human intervention, Internet connections, signature files, heuristics or sandboxes required.
Comodo Advanced Endpoint Protection (AEP) delivers patent-pending auto-containment, where unknown executables and other files that request runtime privileges are automatically run in a virtual contain that does not have access to the host system's resources or user data.
Blackberry Protect is ranked 15th in Endpoint Protection for Business (EPP) with 17 reviews while Comodo Advanced Endpoint Protection is ranked 35th in Endpoint Protection for Business (EPP) with 4 reviews. Blackberry Protect is rated 8.0, while Comodo Advanced Endpoint Protection is rated 7.2. The top reviewer of Blackberry Protect writes "An outstanding product that is pretty spot on and easy to deploy and use". On the other hand, the top reviewer of Comodo Advanced Endpoint Protection writes "Flexible, easy-to-use, and scales well". Blackberry Protect is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black CB Defense and Cybereason Endpoint Detection & Response, whereas Comodo Advanced Endpoint Protection is most compared with Sophos Intercept X, Symantec End-User Endpoint Security, CrowdStrike Falcon, SentinelOne and McAfee Endpoint Security. See our Blackberry Protect vs. Comodo Advanced Endpoint Protection report.
See our list of best Endpoint Protection for Business (EPP) vendors.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.