We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"It doesn't impact the devices. It is an agent-based solution, and we see no performance knock on cell phones. That was a big thing for us, especially in the mobile world. We don't see battery degradation like you do with other solutions which really drain the battery, as they're constantly doing things. That can shorten the useful life of a device."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"The most valuable feature is signature-based malware detection."
"It is a very stable program."
"If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that."
"The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious."
"In most cases, the solution's ability to detect in the MITRE framework, and its ability to be able to detect attacks in any one of seven or eight different areas of the life cycle of an attack is very useful."
"The deployment of updates is easy."
"The solution is very quick at easily changing the levels of protection for each computer and the server."
"It provides good insight into the programs, applications, or websites that may need attention."
"The most functional item that we use is the process to turn off the false flags that it causes."
"The solution is extremely scalable. It's got the hybrid functionality, it's got the system functionality and cloud functionality as well."
"You can manage all the threats and everything from a centralized dashboard."
"The non-daily requirement to update signatures is the most valuable feature. From a functional point of view, it is pretty spot on. For instance, we compared an algorithm from five years ago to today's algorithm, and it was 98% accurate. It has the ability to detect and mitigate. In the industrial environment that we work in, there's what we call OT versus IT. You are IT Central, but this is OT. Generally, we don't have the same level of skillset as IT individuals or IT professionals have. This particular product doesn't require you to be a computer scientist to be able to understand its proprietary algorithm and to be able to deploy, use, and work within it. It integrates well with a robust SIEM or SOAR solution, and it plays nice with others. We use other detection solutions like CyberX or site provision with Cisco, and it plays nice. That's one of the things we really liked about it."
"It integrates well with the cloud; for example, AWS, and Google Cloud Provider."
"Some of the main features of this solution are it is reliable and can be used in small to large size businesses."
"The initial setup was straightforward and we didn't have any problem with it."
"The traceback feature in XDR is amazing. You can trace back an attack. You can playback where an attack actually occurred and see how the attacker moved. We can easily show this to management, and it makes it easy to make them understand and convince them, which is the best thing."
"We like the Smart protection and the Virtual patching."
"The most valuable feature of this solution is the virtual path function, which is the reason we chose to implement it."
"The customer service/technical support for this solution is very fast."
"The solution is quite secure."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"I would like to see integration with Cisco Analytics."
"The GUI needs improvement, it's not good."
"The user interface is outdated."
"It's a good solution but some features just need to be updated."
"The product does not do a lot of reporting on what it is taking care of. Enhanced reporting would be a welcome improvement."
"While you are working, you are finding these things that were supposed to be waived have come back to being blocked. That's frustrating."
"The initial deployment was quite complicated."
"It could have integration with industrial base HMIS or Human Machine Interfaces Solutions. This is the industrial environment where you have a control center for all the automation that's happening, whether it is oil, gas, or chemical manufacturing. They often have to set up a computer at the back and watch the other stuff to get alerts. In these autonomous or on-premises environments, they often don't have access to email readily. Integration with other industrial solutions, such as HMIS, will allow them to communicate and get an alert that something has been found. This way, they can react to it sooner than having somebody watch the screen and keep checking the screen. Rockwell has its own suite. Similarly, Honeywell has its own suite. There's also an independent HMI/historian solution provider out there called VTSCADA. We actually get asked if we can get it to show up on a screen, which is difficult. Getting those alerts to work within an industrial environment would be a huge plus."
"I would like to see them fix the alerting system so that the endpoint reporting is a bit more streamlined."
"The OPTICS component could be made more user-friendly with respect to giving people more information."
"I would like to see an EDR function for the servers, as that would be useful for us."
"The licensing structure could improve."
"The product isn't very user-friendly."
"Another issue is if I want to suggest this solution to a customer, we won't get the pricing immediately, which is a major problem."
"Requires simplification, a fair amount of trouble shooting required."
"The situation with the currency in Turkey makes this solution a little bit on the expensive side, and if it were lowered then it would be more competitive."
"The setup is fairly complex. The deployment took around two months."
"They need to build in a central console because central integration is not very good right now."
"Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection."
"There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization."
"The pricing and licensing are reasonable. The cost of AMP for Endpoints is inline with all the other software that has a monthly endpoint cost. It might be a little bit higher than other antivirus type products, but we're only talking about a dollar a month per user. I don't see that cost as being an issue if it's going to give us the confidence and security that we're looking for. We have had a lot of success and happiness with what we're using, so there's no point in changing."
"Whenever you are doing the licensing process, I would highly advise to look at what other Cisco solutions you have in your organization, then evaluate if an Enterprise Agreement is the best way to go. In our case, it was the best way to go. Since we had so many other Cisco products, we were able to tie those in. We were actually able to get several Cisco security solutions for less than if we had bought three or four Cisco security solutions independently or ad hoc."
"The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost."
"There is also the Cisco annual subscription plus my management time in terms of what I do with the Cisco product. I spend a minimal amount of time on it though, just rolling out updates as they need them and monitoring the console a couple of times a day to ensure nothing is out of control. Cost-wise, we are quite happy with it."
"Licensing fees are on a yearly basis and I am happy with the pricing."
"In our case, it is a straightforward annual payment through our Enterprise Agreement."
"It's not so heavily priced; rather, it's average and decent."
"The product cost is about $5, per user, per month."
"This cost of the license is approximately $5 USD monthly per user."
"We pay our license on a yearly basis and have just renewed for two years."
"I think that the price we are paying is good for what it is."
"The monthly fee is $55 USD per user."
"There is a license for this solution and there are extra features you can purchase."
"It is a very expensive solution. It would be nice if they lower its price. Its license is based on the machines."
"We are paying approximately $50,000 each month, it's definitely expensive."
"It's more expensive than other solutions, such as Sophos and Kaspersky, as an endpoint solution."
"The solution is considerably cheaper than other similar solutions."
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
BlackBerry® Protect is an artificial intelligence (AI) based endpoint protection platform (EPP) that prevents breaches and provides added controls for safeguarding against sophisticated cyberthreats—no human intervention, Internet connections, signature files, heuristics or sandboxes required.
The Trend Micro Cloud and Data Center Security solution protects applications and data and prevents business disruptions, while helping meet regulatory compliance. Whether you are focused on securing physical virtual, cloud, or hybrid environments, Trend Micro provides the advanced server security you need with the Trend Micro™ Deep Security™ platform.
Blackberry Protect is ranked 16th in Endpoint Protection for Business (EPP) with 17 reviews while Trend Micro Deep Security is ranked 1st in Virtualization Security with 16 reviews. Blackberry Protect is rated 8.0, while Trend Micro Deep Security is rated 8.4. The top reviewer of Blackberry Protect writes "An outstanding product that is pretty spot on and easy to deploy and use". On the other hand, the top reviewer of Trend Micro Deep Security writes "Each and every IP connecting to the server gets scanned so we can block whichever IPs do not belong to us at the firewall". Blackberry Protect is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black CB Defense and Cybereason Endpoint Detection & Response, whereas Trend Micro Deep Security is most compared with Trend Micro Apex One, CrowdStrike Falcon, Symantec End-User Endpoint Security, Carbon Black CB Defense and Sophos EPP Suite.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.