12-22-2021 08:29 AM
Evaluating Cisco AMP, and I would like some community feedback on how you see this product stacking up against Defender ATP etc.
IMO:
AMP is lacking user logon monitoring. There is no analysis on this part. Failed logons to a server, creation of new accounts and so on, will not be detected. 2) Also the network connection monitoring is per default disabled for the server profile. Thats half the product, and it is not recommended for servers? Even when enabled it does not look for incoming connections, but only outbound. Because of this a externally initiated port scan is not registered. Same goes for inbound connections from malicious IPs. They are simply not traversing the engine. 3) Orbital (and addons)appears to give even more insight. Is it worth it or just garbage? Appears it only works on W10.
Maybe I got something wrong. Hope to get some feedback from active customers.
12-22-2021 08:58 AM
01-10-2022 05:17 AM - edited 01-10-2022 05:17 AM
Hello @miterkint ,
some infos from my side.
Hope this helps,
Greetings, Thorsten
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide