Syxsense was founded in 2012. In its own words, the company focuses on, "a cloud-native unified security and endpoint management (USEM) platform that reduces risk and complexity." In other words, their flagship product is an extremely versatile endpoint security platform.

At TechRadar, we always give credit where its due to security 'Goliaths' like Symanetc and Malwarebytes but also keep an eye out for the less well known 'Davids' who create products that put even the giants to shame.

The question remains though: is Syxsense's platform a Goliath to rank among the best endpoint protection software, or just garden variety?

Syxsense: Plans and pricing

When we visited Syxsense's pricing page, we were unsurprised to see that interested parties are encouraged to contact the company to request a quote. This is par for the course for many endpoint security platforms.

However, when we did set up a free trial of the platform, we discovered the 'Subscriptions' section of the cloud console actually does list costs per device. We are using these for the basis of this review but encourage readers to speak to Syxsense directly for an exact quote.

The most basic tier is called 'Syxsense Manage' and according to the cloud console costs $5 per device, per month. Benefits of the 'Manage' tier include basic device management, patch scans, remote control, the ability to isolate and reboot endpoints, as well as customizable dashboards and reporting features.

These features are what we'd expect to see in an EPP (Endpoint Protection Platform) but you'll need to subscribe to he next tier, 'Syxsense Secure', to actually detect and prevent threats effectively. This costs $8 per device, per month and includes all of the above plus a drag a drop workflow builder, the ability to set policies, vulnerability scans, file quarantine and threat alerts, as well as proof of HIPAA/PCI/SOX compliance. 

The highest priced tier, 'Syxsense Enterprise' is the one on which this review is based. According to the cloud console it costs $9 per device, per month. For their extra dollar subscribers benefit from all of the above perks in the first two tiers, plus zero trust, security remediation, mobile device management and an open API.

Interested parties can try out all Syxense features for free for 14 days on up to 50 devices and 50 mobile devices.

Syxsense: Features

Given that we had chosen to review 'Syxsense Enterprise', we were eager to find out more about the benefits it supposedly offers over other endpoint security platforms.

We'd noticed on the pricing page that Syxsense claim the platform employs 'Zero Trust'. This term gets bandied around a lot, even by security professionals so we wanted to be sure that the company meant. Luckily Syxsense maintain a dedicated page, explaining that the platform allows granular control over network access policies. This makes identification of users, as well as ringfencing apps much simpler, which aligns with the principles of 'zero trust'.

Syxsense also have a dedicated page, explaining their 'remediation' feature in more detail. In brief, this involves Syxsense Enterprise using real-time monitoring to identify which assets are vulnerable, how to fix them, and deploy those resolutions quickly and automatically from within the console, without users needing to do anything.

Something that did tickle us when researching Syxsense Enterprise was the 'Beers with Engineers' initiative - this essentially is a 'free lunch' in that the company offers a $25 gift card to representatives of certain companies who are interested in joining a virtual event to learn more about the console. 

As far as we know this offering of free food and refreshments to interested parties whilst they learn more about a platform is a first for the field of endpoint security but are sure that it goes over well with larger organizations. We were only sad to see that the offer of free food doesn't extend to reviewers!

Syxsense: Setup

If you opt for the 14-day free trial of Syxsense Enterprise, there's a registration form on the main website. The portal requires a valid business e-mail (in other words, one linked to a registered domain, not a 'free' e-mail provider.)

After entering your contact information, the website next asks you to create a subdomain e.g. ours was natedrake.syxsense.io, which you'll use to access the cloud console. On first login we were impressed to see that 2FA (two-factor authentication) is enabled by default, as we had to enter a code sent to our email address. This can also be done via Google Authenticator.

On first login to the cloud console the 'add device' option at the top left was easy to see. We were delighted to discover that agent software is cross-platform, with clients available for Windows, macOS, Linux, Android and iOS. 

We downloaded the Windows installer (in MSI format) and launched it. The progress bar appeared but then the installer seemed to exit. On checking the installed programs in Windows 11 we saw the 'Syxsense Responder' did indeed seem to be installed but there was no icon in the system tray.  

Upon logging in to the online cloud console we also saw our test endpoint 'Win11' listed but when we tried to run a remote scan to check for vulnerabilities, nothing happened. This was troubling, so we removed the 'Responder' software in Windows and reinstalled, with the same effect.

Syxsense: Interface

We've mentioned previously that the 'Add Device' option was easy to find in the online console. Indeed the left hand pane lists options like 'Devices', 'Users', and 'Reports' logically, accompanied by colorful icons.

As readers know, at TechRadar we place great stock in the main 'dashboard' of products and were impressed by the colorful graphics employed in Syxsense Enterprise. The resolution on our test machine's monitor (1280 x 720) resulted in quite an overcrowded screen but immediately became much neater when we switched to 1920x1080. 

We were particularly impressed by the 'Overview' section of 'Devices', which displays vital information in dedicated areas. For instance, 'Computer Health' contains information on detected and potential software vulnerabilities. The 'Current Activity' section towards the bottom of the screen lists tasks and their status.

While agent software is usually quite threadbare, we've never had to deal with an invisible one before. With other endpoint security platforms we've reviewed, there's usually a system tray icon which users can click to run scans and/or view any files in quarantine. We aren't sure if the absence of an agent window was by accident or design, but either way it's far better to have a way of informing endpoint users of tasks in progress. 

Syxsense: Performance

We've said previously that upon logging into the cloud console and seeing our test device was connected, we tried to run a vulnerability scan. In fact, we tried to do this four times. In each case the device's 'Current Activity' section said the scan had failed, though no specific reason was given.

This didn't bode well for our tests but we decided to continue anyway. When reviewing endpoint security platforms, our first test is always to try to download a fake computer virus, provided by the good people of EICAR.

We visited the website in the Microsoft Edge browser on our Windows 11 test machine, then downloaded the fake virus in compressed (ZIP) format. We were able to extract the file but the 'Responder' failed to respond and it fell to Microsoft Defender to block the virus. When we logged in to Syxsense cloud console we also saw no alert had been generated in the 'Reports' section. 

Our next test was to attempt to copy a real, new trojan virus to our test machines 'Downloads' folder. We do this when reviewing EPPs to check that they can detect threats based on a file's behavior, not just by comparing its signature to a database of known malware. We were able to copy the file into the folder and once again it was Microsoft Defender which ultimately quarantined it. Once again, the cloud console also failed to generate any alert to say the trojan had been detected.

Syxsense: Final verdict

Having criticized the Syxsense Enterprise platform for a lack of threat detection, we must praise the level of support from company staff. Shortly after signing up for a trial we received a voice message and email from one of the team to ask some questions. 

We feel sure that had we persevered and gone through the agent deployment steps again with a member of the team (or better yet attended 'Beers with Engineers'), we may have seen better results with installing both the client software and with detecting the malware files we used in our tests. We simply didn't have the time to do this but the target market for Syxsense Enterprise are organizations with IT Managers who are paid by the hour to resolve such issues. 

Still, the fact that agent deployment and basic threat detection doesn't work out of the box is a concern for us, no matter how 'unified' the platform's threat response is supposed to be when working correctly.

On the plus side, setting up the platform is very easy. The cloud console itself is well laid out and the process (if not the execution) of installing agent software on endpoint devices is a breeze. It's also good to find a platform that supports Linux endpoints, as well as mobile devices.

We encourage readers to take advantage of the free trial to see if they can succeed where we failed in test-piloting this endpoint security platform. 

We've featured the best cloud firewalls.

For the past 40 years Cisco has been wowing consumers with its dazzling range of technology and software products. 

In the company's own words, Cisco Secure Endpoint (formerly 'AMP for Endpoints') is 'built for resilience'. Cisco even makes the bold claim that the platform blocks more threats than any other security provider.

Despite Cisco's world-famous reputation, it takes more than impressive words to develop a reliable and powerful endpoint security platform. Is this really one of the best endpoint security software solutions and another jewel in Cisco's crown? 

Cisco Secure Endpoint: Plans and pricing

When it comes to brass tacks, we were unable find any specific pricing on Cisco's website, which asks interested parties to contact one of their sales representatives.

Cisco's License Comparison page, however, is much more forthcoming, detailing the three main tiers of the endpoint security platform.

The first, 'Secure Endpoint Essentials' includes access to Cisco's SecureX EDR (Endpoint Deployment and Response) platform. In brief, this allows managers to better manage and even automate responses to threats.

Subscribers also benefit from advanced endpoint protection using behavioral monitoring engines, as well as protection against fileless attacks and ransomware. Cisco also claims that all endpoints are continuously monitored for vulnerabilities.

The 'Essentials' tier also incorporates 'Dymanic Analysis' - in other words, the platform supports sandboxing of suspect files, as well as quick identification of software vulnerabilities. Managers can also isolate an endpoint with a single mouse click.

The next level tier 'Secure Endpoint Advantage' includes all of the above, plus 'Orbital Advanced Search'. Cisco claims this speeds up threat hunting, through using over 200 predefined threat hunting queries. Subscribers to the 'Advantage' tier can also access the 'Malware Analytics Cloud'. In the company's own words, this uses,  'advanced sandboxing techniques to perform in-depth dynamic file analysis and deep malware threat intelligence.'

The highest tier is Cisco Secure Endpoint Premier, which is also the basis of this review. It includes all the perks in the above two tiers, as well as 'Threat Hunting by Cisco'. Subscribers apparently benefit from 'integrated continuous hunting by elite Cisco threat hunters'. 

As this is the only benefit beyond the 'Advantage' tier, we would have preferred to see a pricing table, so organizations can decide if having Cisco help in threat hunting is worth paying for. 

Interested users can request a free 30-day trial of the platform without providing any payment information. The trial license supports up to 50 devices.

Cisco Secure Endpoint: Features

Unlike many endpoint security solutions we've reviewed, Cisco Secure Endpoint is truly cross-platform, supporting Windows, macOS, Linux, iOS and Android devices.

The company website includes an extensive datasheet on the main perks of the platform. Aside from being device agnostic, this includes an integrated 'file reputation' score. In simplest terms the platform maintains a database of every file it's scanned, allowing it to automatically block 'good' or 'bad' ones without intensive scanning.

Naturally this only applies to known threats, but Cisco Secure Endpoint also supports detection of polymorphic malware to stop bad actors from making small changes to viruses to avoid signature detection.

The platform also employs machine learning analysis to identify malicious files based on their behavior. 

Once threats are detected, as readers will learn, the platform is also capable of performing sandboxing and/or advanced forensics.

There's no dedicated firewall for endpoints but given the platform allows managers to set any number of network and application policies, it's likely that these can provide much the same protection. 

Cisco Secure Endpoint: Setup

As we mentioned, users can request a free trial of the platform. Upon registration, we were impressed to see that we had a choice of data center for trying out the cloud console: Americas, Europe and Asia Pacific. This is a first for the endpoint security platforms we've reviewed.

The website next requires users to sign in with or register a Cisco Security account. Clearly the company takes this seriously as upon providing our e-mail address, we were asked to set up multi-factor authentication. We did this by installing Duo on our iPhone 14 Pro Max but did see that other apps like Google Authenticator are supported.

On first login to the Secure Endpoint cloud console, we were immediately taken to the dashboard. 

At this stage, we should stress that users have two options. If you simply want to get a feel for how the platform operates in a real environment, you can choose to 'Enable Demo Data'. This fills your console with real data from actual malware infections, so is an excellent way to gain an overview of how it all fits together. 

There are also a number of 'demo computers' which provide a safe way to explore how the platform has responded to real world attacks in various ways, such as 'Command Line Capture', which shows how Cisco Secure Endpoint monitors and intercepts command line arguments as necessary. 

If, like the team at TechRadar, you prefer to run your own tests then you can also download a 'connector' (agent) from the main Dashboard for Windows, macOS or Linux. 

If you choose this, the console displays a helpful wizard which allows you to configure the connector to work with other security software. From here, you can also specify a proxy server if necessary before downloading the agent itself. 

The download and install of the 'Cisco Secure Client' took less than 60 seconds on our test machine. The agent immediately launched and prompted to run a 'Quick Scan'. When we examined the agent settings, we saw threat definitions were not current, so clicked to update them manually. 

Cisco Secure Endpoint: Interface

We've already touched on the main dashboard in the Cisco Secure Endpoint console, which provides an excellent overview of compromises, quarantined infections and compromised devices complete with helpful infographics.

Significant compromises are also listed below the main overview and can be clicked into, to provide more detailed information.

While we're talking overviews, there is actually a separate section of the console with that name. It also provides a broad brush summary of threats detected, quarantines, compromises etc. in number format, as well as helpful pie charts breaking down the threats by type.

It's not clear to us why there needs to be two sections listing much the same information in slightly different ways, but the interface itself is clear and colorful, so we aren't knocking off points.

The left hand pane contains other sections, with expandable menus. For instance the 'Analysis' section can be clicked to list options like 'Reports' and 'File Analysis'. This makes the console very simple to navigate and the main categories are logically arranged.

The agent (or 'Cisco Secure Client' as they call it) has a more basic interface but can display important statistics like the policies in place and detection engine, as well as update status. We were particularly impressed by the small scan window which nestles snugly into the bottom right of the desktop. 

Cisco Secure Endpoint: Performance

When testing endpoint security platforms, our first test is always to try to download a fake computer virus, provided by the good people of EICAR. We fired up our test machine running Windows 11 and tried to visit the EICAR website using Microsoft Edge. Edge tried to block the download of the virus in compressed (ZIP) format but when we insisted and told it to 'keep' the file the Cisco Secure Client stepped in to block it from downloading.

We next manually copied the file (again in ZIP) format onto the test machine's hard drive, only for it to be immediately detected and quarantined by the agent software.

Our next test was to try to copy a new, real computer virus that we'd caught in the wild into the machine's 'Downloads' folder. We do this to make sure that an endpoint security platform can detect threats based on a file's behavior, not just by comparing its signature against a database of known threats. Once again, Cisco Secure Endpoint didn't let us down - the file was immediately detected.

The Cisco Secure Client didn't show any kind of notification when detecting and quarantining files. However, when we logged into the 'Dashboard' or 'Overview' sections of the cloud console, we saw a detailed list of the quarantined files, with further information on the system resources they'd tried to compromise. 

Cisco Secure Endpoint: Final verdict

It's not often that we cannot find any fault with a product we review. True, it was something of a nuisance setting up a new authenticator app on an iPhone just to log in but this reflects on how seriously Cisco takes security. 

While the platform passed our tests with flying colors, we also know that Cisco Secure Endpoint is capable of much more, especially when combined with XSecure EDR. The sandboxing and advanced threat analysis features also mean this platform offers next level security.

Our only slight gripe (for which we're deducting half a star) is that Cisco hasn't provided a clearer pricing model for Secure Endpoint. Although this is common for endpoint security solutions, even a basic minimum price would help organizations device if this product is for them. 

We've listed the best cloud firewall.