We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The solution's integration capabilities are excellent. It's one of the best features."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"It is a very stable program."
"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious."
"If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that."
"Microsoft's technical support is fantastic."
"It is easy to use because it is already pre-installed in Windows 10. We don't have to do anything to configure it. You can also configure the firewall by using a group policy so that it can be easily adopted in an environment."
"The features I have found most valuable are the ransomware and malware protection. The solution detects malware live and whenever it detects suspicious activity, it quarantines it."
"The solution integrates very well with Windows applications and Microsoft endpoint products."
"Defender has very little impact on the end-user and the agent works quite well with a minimal impact on the client and server."
"The solution is highly scalable."
"Microsoft Defender can block some viruses or malware. So, it can protect my files. It can save files on Office 365 OneDrive. I use encryption for some files, then I can recover them from OneDrive."
"The fact that it's from Microsoft, you don't have many false positives, unlike products from other vendors might have."
"The most valuable features are the anti-ransomware engine, deep learning, web filtering, and the cloud manageability."
"It is very easy to set up and easy to use. It is also not resource-intensive."
"I consider the heuristics to be most valuable, the fact that the solution does not work solely on signatures."
"The pricing is fair. It's not too costly for our small organization."
"This solution is easy to configure."
"Anti-virus captures malicious threats and an aggressive next generation firewall."
"The most valuable features are ease of use and the GUI."
"Scalability is good."
"Maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"The technical support is very slow."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"I would like to see integration with Cisco Analytics."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"The solution could use improvement on the interface."
"It needs to improve the cybersecurity for lateral movements. For example, when a hacker tries to enter a machine, they try to get the password by doing a lateral movement."
"Auto recovery is the most important feature that we would need from this solution. For decryption, similar to Malwarebytes, there should be something to be able to recover the data up to the last normal status. Its ability to recover data to the last normal copy must not exceed 5 to 10 minutes."
"With increase of cyber threats and cybersecurity issues, I would recommend that the product be developed like an AI product with more features which can counter any threat in the coming eras."
"The central management console should be improved because it provides limited options to configure Windows Defender."
"It can be more secure."
"Its user interface (UI) can be improved. Currently, in the console, you have to dig down for certain things. They've got many different layers to get to things instead of having it all on the surface. You have to go three folds lower to get to specific functionality or click a particular option. It would be good if we can manage the console through menus and instead of three clicks, we can do things in one click. They need to change the UI and work on it in terms of a better user experience."
"Additional security would be beneficial."
"It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc."
"It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first."
"The after sales service and support could be improved."
"If we can lower the price, it will be fantastic because it will generate more revenue for us."
"The initial setup can be a bit challenging."
"The Data Loss Prevention module can be better. It should also have threat hunting capabilities."
"Needs more flexible reporting, particularly for medium to large size companies."
"They don't have the full stack of offerings as compared to the other competitive products that we see."
"Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection."
"The pricing and licensing are reasonable. The cost of AMP for Endpoints is inline with all the other software that has a monthly endpoint cost. It might be a little bit higher than other antivirus type products, but we're only talking about a dollar a month per user. I don't see that cost as being an issue if it's going to give us the confidence and security that we're looking for. We have had a lot of success and happiness with what we're using, so there's no point in changing."
"There is also the Cisco annual subscription plus my management time in terms of what I do with the Cisco product. I spend a minimal amount of time on it though, just rolling out updates as they need them and monitoring the console a couple of times a day to ensure nothing is out of control. Cost-wise, we are quite happy with it."
"Licensing fees are on a yearly basis and I am happy with the pricing."
"In our case, it is a straightforward annual payment through our Enterprise Agreement."
"There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization."
"The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost."
"Whenever you are doing the licensing process, I would highly advise to look at what other Cisco solutions you have in your organization, then evaluate if an Enterprise Agreement is the best way to go. In our case, it was the best way to go. Since we had so many other Cisco products, we were able to tie those in. We were actually able to get several Cisco security solutions for less than if we had bought three or four Cisco security solutions independently or ad hoc."
"The normal, standalone model, is not expensive, but the enterprise model that includes the bundle with email and some web protection, is a bit more expensive."
"Microsoft Defender is an expensive product in my country."
"When compared with other vendors, the pricing is very high."
"It is free."
"We sell this product as part of Office 365 and it is not expensive."
"There is no license needed, the solution comes with Microsoft Windows."
"It is built into Windows 10. If our clients are using Microsoft Defender, the cost goes away for them."
"There is not a license required for this particular solution."
"Intercept X for endpoints is around $35 per user per year. The server version is $95 per server per year."
"Compared to other solutions, such as CrowdStrike, we are most certainly happy with its pricing. We did a three year-business deal."
"You can pay monthly, but most of our customers choose annual subscriptions because they are less expensive."
"You are able to purchase more licenses for the number of devices or servers that you require. There are many other features available but our license does not include them, such as XDR, which is endpoint detection and response. We have not explored the new features as of yet but plan to in the coming future."
"Its cost is good."
"When you start going to the EDR technologies and the MTR, it is a little bit expensive. It's a very good technology, and obviously, you're going to pay for it, but the pricing could do a little bit of work."
"The price of this solution is reasonable."
"The price of this product should be reduced because it is a little high."
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
Sophos Intercept X stops the widest range of attacks with a unique combination of deep learning malware detection, exploit prevention, anti-ransomware, and more.
Microsoft Defender for Endpoint is ranked 3rd in Endpoint Protection for Business (EPP) with 73 reviews while Sophos Intercept X is ranked 8th in Endpoint Protection for Business (EPP) with 51 reviews. Microsoft Defender for Endpoint is rated 8.0, while Sophos Intercept X is rated 8.4. The top reviewer of Microsoft Defender for Endpoint writes "Enables ingestion of events directly into your SIEM/SOAR, but requires integration with all Defender products to work optimally". On the other hand, the top reviewer of Sophos Intercept X writes "Great reporting and good training with a pretty straightforward setup". Microsoft Defender for Endpoint is most compared with CrowdStrike Falcon, Symantec End-User Endpoint Security, Cortex XDR by Palo Alto Networks, SentinelOne and Malwarebytes, whereas Sophos Intercept X is most compared with CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne, Cortex XDR by Palo Alto Networks and Seqrite Endpoint Security. See our Microsoft Defender for Endpoint vs. Sophos Intercept X report.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.