"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"The solution's integration capabilities are excellent. It's one of the best features."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are valuable assets."
"It does its job — it protects us from viruses. We don't really interact with it very much."
"There are additional security features in Sophos Intercept X as well as proxy rules and settings that help us in minimizing the sites that our agents can go to, even after their work hours."
"The most valuable feature is the CryptoGuard in Sophos. In a case of a ransomware attack, this feature comes into action to protect us."
"The package we use also comes with spam filtering features, which are quite useful."
"The deployment is quick. It just depends on the environment and what you may be replacing."
"The pricing is fair. It's not too costly for our small organization."
"What I have found the most valuable about Sophos Intercept X is the ease of use with management administration and the solution's ability to stop exploits and ransomware."
"The solution offers good community support."
"Trend Micro Apex One has good features and is lightweight."
"I have found Trend Micro Apex One to be secure."
"It's easier to integrate Apex One than Kaspersky. It also performs well, and the customer feedback has been positive."
"The solution is stable and integrated into the system quite well."
"The management console is pretty good. We have a dashboard that shows us what stuff to log, different malicious links that people are trying to access and also if somebody was trying to connect something to the computer, to a USB port or something like that, and if this person is on the under control management. It shows that he tried and he got blocked."
"The product has proven to be very flexible over the years that we have had it."
"Offers great application control, vulnerability protection, and behavior monitoring."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"The GUI needs improvement, it's not good."
"The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"I would like to see integration with Cisco Analytics."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"This solution is not in the high ratings on many of the top review sites. This solution has to be near the top for me to continue using it."
"The technical support is the lone sore-point when dealing with this product."
"They don't have the full stack of offerings as compared to the other competitive products that we see."
"The choices offered for the on-premises and cloud-based platforms are the reverse of each other."
"Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."
"We've had difficulty with uninstalling the solution. When we try to uninstall an old version of the basic Sophos Antivirus, it doesn't seem to uninstall completely."
"I would like to have a built-in firewall, rather than having to integrate one."
"When we load Intercept X, it puts a load on the device. When it is scanning, it slows down the device. A system with basic specifications completely slows down till the scan is complete. They should improve this part."
"Whether the license is monthly or annual depends on the deal of the company."
"The policies tend to be a bit more complex to set up, so we do need some expertise in setting up the policies."
"It should have a single agent as competitors are offering."
"We're not sure if we're going to continue with those products or their products or we're going to switch to something else. That's why we stopped the immigration process. If we were going to replace another product, it's not really efficient to waste time on it moving patients and other clients."
"Apex One has some room for improvement on the agent side. I want to get more from the logs and those kinds of things. I want to see whether the agent has the proper updates or any issues with the machine itself."
"I would suggest making the on-prem and cloud versions easier to manage via Apex One Central, a centralized management platform for customers and agents."
"Trend Micro should make the agent lighter. When we run the scanning process, it consumes a lot of memory, and the performance is degraded. It is very invasive. It could be lighter. When we used Symantec, we didn't have this problem when we ran our scanning process. It worked like a charm. On the endpoints, it didn't feel like that the process is running, whereas, in Trend Micro Apex One, we can feel that the endpoint is running slow. Sometimes it even hangs. Scanning should be faster."
"The solution could use extra dashboards and offer more analytics."
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
Sophos Intercept X stops the widest range of attacks with a unique combination of deep learning malware detection, exploit prevention, anti-ransomware, and more.
Trend Micro Apex One™ protection offers advanced automated threat detection and response against an ever-growing variety of threats, including fileless and ransomware. Our cross-generational blend of modern techniques provides highly tuned endpoint protection that maximizes performance and effectiveness.
Sophos Intercept X is ranked 7th in Endpoint Protection for Business (EPP) with 54 reviews while Trend Micro Apex One is ranked 12th in Endpoint Protection for Business (EPP) with 50 reviews. Sophos Intercept X is rated 8.6, while Trend Micro Apex One is rated 8.2. The top reviewer of Sophos Intercept X writes "Great reporting and good training with a pretty straightforward setup". On the other hand, the top reviewer of Trend Micro Apex One writes "Antivirus and Malware scanning with reporting that allows you to report back with information". Sophos Intercept X is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Cortex XDR by Palo Alto Networks, Kaspersky Endpoint Security for Business and Webroot Business Endpoint Protection, whereas Trend Micro Apex One is most compared with Trend Micro Deep Security, Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks, CrowdStrike Falcon and Seqrite Endpoint Security. See our Sophos Intercept X vs. Trend Micro Apex One report.
See our list of best Endpoint Protection for Business (EPP) vendors.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.