"The room for improvement would be on event notifications. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."
You don't want to be spending time working out how to block something. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want.
It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. It allows for research into a threat, and you can chart your progress on how you're resolving it." "The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform.
It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP." "It is extensive in terms of providing visibility and insights into threats. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. This greatly maximizes our security operations." "The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great." "Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer.
With SecureX, we are able to pull all those applications into one pane for visibility and maintenance. Additionally, we are using the Cisco SecureX platform, as we were a beta test for that new solution. Because we do have the Email Security appliance and it is integrated with Threat Response, we have everything tied together. This is key to our security and maximizing operations. We have a Cisco Enterprise Agreement with access to Cisco Email Security, Cisco Firepower, Cisco Stealthwatch, Cisco Talos, Cisco Threat Grid, Cisco Umbrella, and also third-party solutions.
This is what makes the solution a valuable tool as far as I'm concerned." "If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that." "It is a very stable program." "Integration is a key selling factor for Cisco security products. You still have the ability to manage and remediate things. No matter where the device is, AMP has still got coverage on it and is protecting it. You get protection and reporting with it. AMP will work anywhere in the world, as long as it has an Internet connection.
You don't have to be VPNed into the environment for AMP to work. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. "One of the best features of AMP is its cloud feature.