Download our in-depth report: The Ultimate Guide to IT Security Vendors
See the complete list of top 10 Endpoint Detection and Response solutions.
Company description: Cisco began as a networking pioneer more than 30 years ago, then became a major player in storage before moving into other areas of IT including security. It trades on NASDAQ as CSCO.
Product description: Cisco AMP (Advanced Malware Protection) for Endpoints provides visibility, context and control to prevent attacks, and if malware gets in, detects it and responds before damage can be done. Cisco's team of threat researchers continuously feeds threat intelligence into AMP for Endpoints. It uses a framework of complementary detection engines, including one-to-one signatures, fuzzy fingerprinting, machine learning and an AV detection engine. A sandbox automatically analyzes unknown files against over 700 behavioral indicators to detect malicious files, block and quarantine.
Markets and use cases: It is especially strong in banking, finance, government, healthcare, education, retail, and manufacturing.https://o1.qnsr.com/log/p.gif?;n=203;c=204650406;s=9477;x=7936;f=201801171513530;u=j;z=TIMESTAMP;a=20392955;e=i
Agents: An agent (connector) is deployed on Mac, Windows, Android and Linux (CentOs and RedHat) for laptops/desktops, Windows Server, Linux Server, smartphones and tablets. AMP for Endpoints also delivers agentless detection if a host does not (or cannot) have an agent installed. Using Cisco's Cognitive Threat Analytics (CTA) technology, AMP inspects web proxy logs to uncover things like memory-only malware and infections that live in a web browser only.
Applicable metrics: 14 integrated detection techniques. 1.5 unique malware samples per day, and 20 billion threats blocked per day. Rapid detection capabilities and a 100% score from NSS Labs for malware, exploit and evasion detection.
Security qualifications: HIPAA, PCI
Intelligence: Adaptive intelligence engines, automation for detection and response, and machine learning are built into the inspection engine that looks at incoming files onto the endpoint.
Delivery: Cloud (software as a service), private cloud or an on-premises appliance
Pricing: Pricing is dependent on subscription term of 1, 3, or 5 years, and then based on a tiered model of # of endpoints protected. For instance, the price per user could be different if the organization chooses a 1-year subscription and protects 500 endpoints vs. a 3-year subscription and 50,000 users. The longer the subscription term and the more endpoints protected, the lower the cost per user.