We just raised a $30M Series A: Read our story

Sophos Intercept X OverviewUNIXBusinessApplication

Sophos Intercept X is the #5 ranked solution in our list of EDR tools. It is most often compared to Microsoft Defender for Endpoint: Sophos Intercept X vs Microsoft Defender for Endpoint

What is Sophos Intercept X?

Sophos Intercept X stops the widest range of attacks with a unique combination of deep learning malware detection, exploit prevention, anti-ransomware, and more.

Sophos Intercept X is also known as Intercept X.

Sophos Intercept X Buyer's Guide

Download the Sophos Intercept X Buyer's Guide including reviews and more. Updated: October 2021

Sophos Intercept X Customers
Flexible Systems
Sophos Intercept X Video

Pricing Advice

What users are saying about Sophos Intercept X pricing:
  • "You can pay monthly, but most of our customers choose annual subscriptions because they are less expensive."
  • "We were able to eliminate the ransomware using the one-month, full-featured trial license."

Sophos Intercept X Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
EA
President at a tech vendor with 1-10 employees
Reseller
Top 5
Great reporting and good training with a pretty straightforward setup

Pros and Cons

  • "The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer."
  • "The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them."

What is our primary use case?

We primarily use the solution for malware protection.

How has it helped my organization?

Without a doubt, this product has helped our organization. We've been deploying Sophos Firewall for probably 15 years now. We haven't had a lot of trouble, and prior to using the Sophos product, we were using a lot of Symantec products and occasionally some others. We have not had a lot of problems with infections. By that I mean, if we had three attacks over the 15 years I'd be kind of surprised, That's usually due to the fact that somebody was doing something stupid. Otherwise, we've been very well protected. Basically, if a lot of people are looking maliciously at any of our clients, they aren't getting very far.

What is most valuable?

The reporting is pretty good up on the Sophos side. We can see if anything's going on, at least from Sophos' perspective. 

The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer. 

Occasionally, we do get noticed, however, we don't always get noticed, and I sometimes wonder is that just due to the fact that our client computers are tough to get at? We also deploy the Sophos Firewall on client sites, and it's relatively difficult for a bad guy to get in there.

We've been happy with it and we've been happy with the training that Sophos has. They keep us up to date on any changes that the solution has.

What needs improvement?

I don't know how many infections this protected us from. It might be nice to have a view of what has come at us. You're blocking certain types of traffic. It's not malware per se. You would get a message for this, however, you never really know if this was really a bad guy or just some 16-year-old who knows computers.

There's always room for improvement in pricing. 

From a corporate perspective and from a customer perspective, switching is very difficult to do. It's not an easy task. 

The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them.

I would like to see a templated selection of items that ought to be implemented, that right out of the gate, you can just turn on. This is what we recommend for standard workstations that are running under normal circumstances. It's not that you can't have a template in there. You can create your own template and stuff like that, however, they haven't yet spent a whole lot of time figuring out if you're in the, I don't know, medical business and you need HIPAA and you need this and that, these are all the standard things you ought to deploy. It would be ideal if you could just flip the switch, and it turns them all on.

Also, after you've turned this stuff on in mass like that, you sometimes don't immediately know what the problem is if they all of a sudden can't talk to vendor X. Like in banking, they get a lot of offsite services. You should be able to say "Okay, so I blocked them somehow with one of these things. I don't know which one it is, Help me find it so I don't have to turn everything off." Otherwise, I've got to turn off the whole thing and switch them on one by one, which is time-consuming.

For how long have I used the solution?

I've been dealing with the solution for a year and a half. The company has been deploying Sophos for 15 years or so.

What do I think about the stability of the solution?

Thinking back on it, we only ran into maybe one bug in the whole time we've used the product. One time, when we upgraded Windows, it wasn't compliant and I remembered that my business partner told me that he had to go to Sophos for help. They quickly resolved the problem.

We've had very few issues. A company should not fear installing it. It's pretty reliable.

What do I think about the scalability of the solution?

Our clients are all small businesses generally. The solution seems to be quite easy to scale in the market that we serve, which would be up to a hundred or so users. We haven't had any problems, however, I haven't deployed it for 10,000 users -which would be a totally different thing. Therefore, while it scales well for small businesses, I can't speak to how it would scale at an enterprise-level.

We do work with a university, and we do some work with a couple of different school districts in the San Diego area. We do some consulting for all three of those. If they asked us to recommend a product, we do recommend a product like this and we help people out with that sort of thing.

How are customer service and technical support?

Technical support could be faster. We can't really get a hold of them when we need to. They really need to improve their services.

Issues get resolved quick enough. However, there are just issues that cause a lot of unnecessary back and forth. For example, we had a client for who we had installed a temporary license for Intercept X, and then subsequent to that, when we tried to put on the real license, bought it, paid for it, got the key, tried to plug it in, that worked fine. However, all of a sudden it started telling us it was having problems with the temporary license, which was supposed to have been replaced. That was a back and forth. It really took us about two weeks to get that resolved with them. Not a huge problem, not causing alarms that people were getting in, that shouldn't get in, however, I kind of thought somebody would get back to me in a day or two. It didn't take them two weeks to get back to me, but there was a fair amount of back and forth about how to resolve this.

I would say that the quality of the support when you talk to them is very good. I would rate that a nine out of ten. That said, the lack of availability at times of support is concerning, particularly if we were to have an ongoing hack. Sophos now offers a service where they will jump in there for quite a large fee and mitigate everything quickly. However, when you already have bought a product that's supposed to be doing that same job, it seems strange they would charge you again to actually do the job.

Having talked to some of those guys on the tech side, they are extreme. Those guys on that side are super knowledgeable and they can jump in there quickly and check a lot of things way faster than I could ever do it, simply due to the fact that they're so much more familiar with the product and with the way that attacks run.

I don't see them every day so, even though I go to training and I watch it on the training and so forth, it's not something that I fiddle with all the time. I simply don't need to, which is great. It keeps me a step removed from it.

Which solution did I use previously and why did I switch?

We previously used Symantec among other products.

Symantec has changed a lot over the last 10 years. They used to be a totally different company. We were not only concerned about the product and the quality of the product and the availability of support and all of these sorts of things at first. However, they were also beginning to fall behind in terms of their technical capabilities on their product, and then we also already had a relationship with Sophos because of the firewalls, so it was a natural transition away from Symantec.

We were deploying the UTMs or what they call the SG line, and they've subsequently come out with the XG line, and if you have their cloud-based management solution, you can manage the XG line of firewalls with Intercept X, and they can look at each other's data and make decisions, AI kinds of decisions, or just scripted decisions, based on what the other is finding. It's much more advanced.

How was the initial setup?

The initial setup isn't too difficult. Once you learn it, it's pretty straightforward.

There is a learning curve, and if you haven't learned it, and I would assume this is the same with anybody's product, then you're not really sure what options you want to enable and not enable and so forth. If you turn on too much stuff, let's put it that way, your end user's computer ends up running slowly. You have to be smart about what you're doing.

What's my experience with pricing, setup cost, and licensing?

It doesn't have every function that's out there in the universe. However, it's really quite good and it's a reasonable value for the money compared to some of the alternatives that I've seen. However, I'm not super familiar with the alternatives. I know their names, I kind of know what they do, I read the reviews on your site and others, and we're always looking at it, however, I haven't really studied them.

What other advice do I have?

We're Sophos partners and resellers.

We always deploy the latest version of the solution. We deploy the Intercept X Advanced with EDR.

All the management is done through the cloud. Then there's a client piece you put on, on-premises. We do the management through the cloud and we put the client piece on the premises.

I like a lot of the things that Sophos is doing. They didn't have one this year, however, they have an annual conference, and one of the things they had done, this was right before they got bought by this other company, is they had hired a lot of really top talent. These guys, when I was at the conference for a few days, just listening to them talk, you're mesmerized with how sharp and bright these guys are and what they're adding into the program. Not to say that others aren't getting some of this stuff too, however, it was really impressive. You felt like they had it together. You trust that by sticking with these guys, you're absolutely going to have minimal, to no issues at all.

I'd recommend the solution. It's a really good product. I realized that there are other good products out there and it's not that other companies shouldn't take a look at other products. However, it works, it does what it's supposed to do, and, once you learn it, it's easy to manage and the link to the firewall is really good and a great idea. It's smart to implement a single plan across people's networks. It just makes a lot of sense.

Overall, I would rate the solution nine out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Mike Parsons
Senior CyberSecurity Architect and Mentor at BlueTeamAssess LLC
Real User
Top 20
Reliable, scalable and very simple to set up

Pros and Cons

  • "The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this."
  • "The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?""

What is our primary use case?

The primary use case is basically having a synchronized perspective on what's going on between endpoints, firewalls, and whatever other types of preventative measures the customer has. 

How has it helped my organization?

The fewer panes of glass you've got to go to to try to investigate an event, the better off you are. If there's some automation that goes on within the fabric, or whatever you want to call it, this coordinated effort, then you're going to come out ahead as a small organization. Sophos has one pane of glass, so it gives good visibility. There's less time spent in front of the screen because I have confidence in the automation that's going on.

What is most valuable?

It's been pretty reliable. There's been a few times when it hasn't just taken care of problems. The automation is very convenient.

There's Sophos Central where the customer has a single pane of glass. You can manage everything. 

The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this.

It has a Linux version that's available. 

What I look for in dealing with small businesses, is for something that is not going to add to their staffing requirements significantly in terms of management. That's true with both Sophos as with Fortinet. 

There's great situational awareness within all the other components. If I have a workstation, usually they're just taking care of everything without me even knowing about it unless I go into the logs and see what's been cleaned up. I don't care if something gets cleaned up, I do care if something doesn't get cleaned up. My reporting is set to an on exception basis to ensure I don't have a firehose of information pointed at me to overwhelm me. Customers don't generally want to know every little thing that's happening on their network. What they want to know is if something has happened that puts their environment or their infrastructure in jeopardy. Sophos does this exceptionally well.

The pricing of the solution is quite good.

What needs improvement?

The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?" I see that all the time. That's a question I always have in the reports I give my customers. "Okay. So this happened last month. And as you can see, there were all these attacks knocking at the door, but none were allowed through." If someone got through, then I'm going to be concerned.

For how long have I used the solution?

I've been working with this solution alongside a customer for two years now.

What do I think about the stability of the solution?

The stability is great. We've never had issues with its reliability. It doesn't crash or freeze. There aren't bugs or glitches. It protects us well.

What do I think about the scalability of the solution?

The solution scales really well. They have great resources on hand for managing it within the cloud. I haven't found any issues with capacity. I've never heard of anyone ever having issues in that regard.

Typically we deal with small businesses. When I say "small business" I am referring to a company of around 250 people.

How are customer service and technical support?

Technical support has been very, very good. They're reliable and knowledgable. We've been satisfied with the level of service provided. 

Which solution did I use previously and why did I switch?

We also have experience with Fortinet. Fortinet has what they call their security fabric, which does about the same thing. Basically you have a number of different products, different solutions, and it's all under a single pane of glass and everything's coordinated so that any member or any component of that fabric or synchronized security is aware, has situational awareness of what other components are experiencing. If there's an attack that breaks out in one place, then there's going to be the opportunity for basically isolating that particular component so that it doesn't allow lateral movement.

I've used other solutions. The reason that I like Sophos is mostly due to the synchronized security and cloud management. Other solutions that I've dealt with have been point solutions. I've needed to figure out how to get that situational awareness between the different points. You have to do that. The name of the game these days is to evade the parameter. I have to not only protect the endpoint as if there was no firewall, but I also have to make sure that I've got as much intelligence going on about the state of my internal network so that everybody knows what's happening next door to them.

How was the initial setup?

The initial setup was a piece of cake. It wasn't complex at all. It's very straightforward.

What's my experience with pricing, setup cost, and licensing?

I can justify the pricing for customers and I can explain what they're doing from a pricing standpoint in terms of the different risks that they're handling. I'm all about risk management. Unfortunately, we lose awareness of that, the calculus that goes into that when nothing's going wrong. 

You have to ask: what are you trying to protect? What are you willing to spend to protect that, and what's your expected loss if something happens? You have to look at all things and then decide if the number is fair. I'd argue that it is.

What other advice do I have?

We're partners with Sophos. We're a consulting company and we provide some managed services. Sophos products are some that I deploy and manage for my customers.

I don't have the EDR or any of the really sophisticated stuff. The client doesn't think that they have a need to go to another level. 

I don't have EDR or MTR deployed for the customer. I work primarily with small businesses. So sometimes it's kind of hard to get them to invest more than what they feel comfortable doing.

Other organizations should give it serious consideration if they are looking for a solution. The price point is not unreasonable and the management and the continued evolution that I see within the product means that they're not sitting on their haunches waiting for the next big thing. They're constantly moving forward, trying to keep abreast of what's going on. 

We're in an arms race when it comes to cybersecurity. When you look at SophosLabs out of the UK and the work that they're doing in their blogs like Naked Security and whatnot, they're constantly in the forefront, constantly trying to find different threats. It's impressive, to say the least. All of that percolates down into their product because that's what drives their product.

I'd rate the solution at eight out of ten. The solution is consistently showing me that it has a very effective rubric that it follows through on in terms of identifying and remediating, particularly in the area of ransomware. They can handle everything without having to have somebody get down in the weeds and recover things. I like the automation that it brings into the work that's done. That was the wow factor that drew me to them, to begin with.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Sophos Intercept X. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
543,089 professionals have used our research since 2012.
Ashis Das
Hybrid Cloud Engineer at a tech services company with 51-200 employees
Real User
Top 20
Good web filtering with an excellent central console and the capability to scale

Pros and Cons

  • "The package we use also comes with spam filtering features, which are quite useful."
  • "The initial setup can be a bit challenging."

What is our primary use case?

We primarily brought on the solution to replace Symantec's product, as Symantec was purchased by Broadcom. The company in question has a lot of stuff, and 40 users, and is a pure Windows environment. They don't do anything on Mac or Linux, for example.

What is most valuable?

So far, the solution has been working quite well.

Sophos offers a manuscript response. 

The product has three tiers that you can choose from when you buy. The highest is a Managed Threat Response. We chose the middle range, which offers Intercept X and is more than just Malware protection.

This solution is a kind of Next-Gen anti-virus.

The product has some web filtering, which blocks people from going to websites they shouldn't be going to. 

It supports the Windows 10 server platform. 

The solution offers a centralized view of the status of protection, via a central console for users to check the status or the health of the endpoints.

So far, the solution has met all our expectations. It's blocked malicious websites effectively and stopped people from going to places online that they shouldn't be going to. It's automatic. We simply took the default settings and we were finding people right away that were going to illicit sites, and we were able to see that easily in the console.

The package we use also comes with spam filtering features, which are quite useful.

What needs improvement?

We're still new to the solution. We haven't come across any weakness yet. There aren't features that are missing.

The initial setup can be a bit challenging.

For how long have I used the solution?

I just deployed the solution a few weeks ago. It's quite new at this point. We've had it now for a little over a month.

What do I think about the stability of the solution?

The solution is extremely stable. It doesn't crash or freeze. There aren't bugs and glitches. It's kept us safe. Nothing has gotten through. It's reliable.

What do I think about the scalability of the solution?

Currently, the company only has 40 users, and therefore there are no scalability issues so far. However, it's a cloud-based centralized console, so that will help with scaling in the future if the company decides to expand. It wouldn't be hard to do. It's completely achievable.

How are customer service and technical support?

Technical support is okay. I'd give them higher scores if I didn't have to contact them about the initial console setup. That said, they were helpful. Their service so far has been about average.

Which solution did I use previously and why did I switch?

We previously used Symantec.

We switched solutions for a few reasons. The first one is that Symantec was bought by Broadcom and there were some unknowns about what would happen with the product. Support typically gets worse when Broadcom buys a product, and we wanted to step away on the off-chance that could happen in the near future. 

We were also looking to consolidate and to find a replacement but to also get something that had spam protection and something that was easily obtainable for a small business. Sophos ultimately could hit all those checkmarks.

How was the initial setup?

The initial setup with the centralized console was a little bit challenging. It wasn't complex per se, however, due to the fact that the instructions weren't clear, you can get stuck at certain points. I opened up a case for support, and at that point, I was able to get under the console. You could say the onboarding of additional administrators was a challenge. The centralized console was also a bit difficult.

After that, the implementation was pretty easy. You simply remove the old one, add the new one, and then, with the new one, you could send the user an email link, or you could send them a path to where the software is. 

What's my experience with pricing, setup cost, and licensing?

I do not know the exact costs offhand, however, it's my understanding that their pricing is listed publicly on their site and would be easy to find. Sophos seemed surprised that their pricing was public. They were shocked that I could just Google it and it came up.

There are extra add-ons you can purchase over and above this product. The add-ons cost a bit more, however, they offer extra security advantages.

What other advice do I have?

We are a reseller.

We deployed the latest version of the solution. I don't have the version number on hand, however.

It's a good product to consider if a company is looking to also do spam filtering. What Sophos has as well as a firewall, and it'll give a company a little bit of tighter integration, and that's good. Having those additional security tools as add-ons is an excellent option. We personally haven't gotten their firewall yet, however, it is nice that that is an option.

I would rate the solution at an eight out of ten. Overall, in the short amount of time we've used it, we've had a positive experience.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
ZE
Pre-sales manager at National Information Technology Company
Real User
Top 10
Complete solution, scales well, is reliable, has competitive pricing, and has excellent technical support

Pros and Cons

  • "It is one of the best in terms of technicality."
  • "If we can lower the price, it will be fantastic because it will generate more revenue for us."

What is our primary use case?

It's an endpoint, which means it's an antivirus that you must install on your server, laptop, or customer PC. As a result, it can be on-premises for Windows or Linux. You can also install this endpoint if you host a server on that cloud.

This is a sophisticated antivirus with numerous features. It has AI, (Artificial Intelligence), it can stop viruses, malware, and ransomware, as well as protect the PC you are using, the server you are using, and all of your workstations.

Intercept X has versions, such as Intercept X, Intercept X Advanced, and Intercept X Advanced with XDR. It requires a long technical explanation, but in brief, it can protect you from being attacked or hacked, because it protects the OS, your operating system, from being compromised. 

What is most valuable?

It's a complete antivirus solution that has everything in it.

It is one of the best in terms of technicality.

What needs improvement?

If we can lower the price, it will be fantastic because it will generate more revenue for us.

For how long have I used the solution?

We have been working with  Sophos Intercept X for the past eight years.

What do I think about the stability of the solution?

Sophos Intercept X is a stable product.

What do I think about the scalability of the solution?

It's a scalable product. You can deploy 100, or you can deploy one, or even 1,000. It is very scalable. 

We have 30 customers and each customer has a different number of users. Some clients have hundreds of Intercept X, some have 50, and yet others have 10. As a result, it is dependent on the company. It depends on the number of computers they have. We have a wide range. One of the clients has 800 users, which is a ministry.

How are customer service and support?

I don't have any issues with the technical support. 

Both the Dubai and UAE teams regularly check in with us to see how we're doing and if we require any assistance. They are constantly monitoring the GCC region. They are doing an excellent job.

Which solution did I use previously and why did I switch?

We have other solutions such as Kaspersky, and Heimdal.

How was the initial setup?

The setup is simple and straightforward. However, you must have at least an operating system that supports it, if not the most latest version of Windows. I don't mean XP or Vista, but something that is already supported, because Microsoft doesn't even support all of the operating systems. As a result, you won't be able to use it on Windows XP or Windows 7. It must be a current operating system, such as Mac, Linux, or Windows.

If you have a small environment, you need one person to maintain it. If you have a large environment, you need two or three. It really depends on when you want to complete it. If for example, you have a building and you want to build it in one year, you will need 20 to 40 people to maintain it. 

If you have a building that you want to be built within 10 years, you can have two to maintain it. It all depends on the environment, the customer, and the deadline set for the project's completion.

What's my experience with pricing, setup cost, and licensing?

It is an annual subscription, rather than a monthly one. It's paid annually.

You can pay monthly, but most of our customers choose annual subscriptions because they are less expensive.

It could be less expensive. We would be grateful because there are cheaper antivirus solutions and cheaper endpoint solutions on the market, but they do not have the same features. We defend Sophos to our customers and explain why they should choose Sophos.

There are also products that are more expensive on the market. Sophos is not the cheapest, and it is not the most expensive. It's in the middle.

What other advice do I have?

We deploy all Sophos products.

I would definitely recommend Sophos Intercept and Sophos Intercept X, as well as Sophos Intercept X Advanced and other variants to our customers, this is what we do. We do this for current customers who do not have Sophos and show them the difference and benefits.

Sophos Intercept X is managed from the cloud. Today, 10 years back, seven years back, or eight years back, you had to have a server to control the Intercept X.

We haven't had any issues. We have other antivirus solutions, but this is the best-selling product so far. 

Many customers who had been hacked had abandoned their previous antivirus, and we deployed Sophos Intercept Advanced with XDR for them, including ministries and the public sector in Kuwait.

Because everything is in the cloud, you can manage your deployed Intercept X from a single console. As a result, my score is 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
FZ
Network Administrator at a tech services company with 51-200 employees
Reseller
Top 5
Not just another simple virus-scanning product, but it does not handle removable USB drives well

Pros and Cons

  • "It is not just a simple virus scanning product. It handles more advanced needs."
  • "This product does not handle USB drives well."

What is our primary use case?

We use Intercept X Advanced along with Sophos EDR (Enhanced Data Detection and Response).  

We use it for our servers and clients as advanced protection. It is not just a simple virus scanning product.  

We use it to work with clients and it is installed on five servers. At this time we have only installed it at one customer site. But we plan to continue to expand.  

What is most valuable?

The most valuable part of the solution in our use case is client isolation. It is a good feature.  

What needs improvement?

What I think Sophos can improve is with the data-loss feature, especially when it comes to using USB sticks and USB hard disks. The feature blocks access to these USB sticks and disks and there seems to be no immediate workaround for that. Our customer was not satisfied with the feature. We actually ended up having to deactivate this feature because it is too aggressive and could not meet the client's needs.  

For how long have I used the solution?

We started using Sophos Intercept X in December of 2019.  

What do I think about the stability of the solution?

We have not had a problem at all with the stability.  

What do I think about the scalability of the solution?

It is easy to scale this product. As far as the typical organization size that it fits, I would say it is suited for smaller and medium-sized companies. We have not yet installed it at a large customer site, so I cannot answer about large or enterprise companies specifically.  

How are customer service and technical support?

To this point, I have not had a need to use Sophos support for Intercept X specifically.  

I have used Sophos support for other products that we use. Sophos support for XG is okay if it is just regarding questions about the product. I did not have any problems with them in getting a good answer to questions about the product or installations. But when it comes to device defects, then it can take four to six weeks to get a solution. In that case, the support is really not satisfactory. It does not satisfy me and it is really unacceptable.  

Which solution did I use previously and why did I switch?

We did use other solutions in the past, including Trend Micro, Symantec, and Kaspersky. The main difference between Sophos Intercept X and the other products is the client reservation feature. I believe that is a standalone point for Sophos as it is the only product that has it. It allows particular hosts to always use the same IP address which is sometimes desirable.  

The administration of Trend Micro is one thing which I like about that product. It is very easy to use. I would say that Trend Micro is better than Sophos on that point.  

We switched to Sophos because we are selling Sophos firewalls already. The Sophos Intercept X product works better with these firewall solutions than other virus scanning products from different vendors. We decided to keep to the same vendor for a more unified solution.  

We started to work with Sophos Endpoint Protection originally and we are on Bonfire XG as well. It is convenient to expand out working with the brand as a partner.  

How was the initial setup?

The initial setup for the product is not simple. It is medium to complex to install and setup.  

After deploying it takes only me and the customer team for maintenance. Really one person can do it. So there is just one person at my company and I have communication with one colleague at the customer site.  

What about the implementation team?

We did not need outside help from a vendor to handle the deployment. I did it myself and we are a partner with Sophos.  

What other advice do I have?

Advice that I would have for people considering using virus scanning is that I, personally, would not use Sophos Endpoints. That is the simplest edition of the Sophos virus protection product line. I would use Intercept X Advanced as the entry-level product as the other, simpler product, is not robust enough to provide acceptable protection for businesses in my estimation.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Sophos Intercept X as a seven. First, I never give a ten because every product can be improved. Second, I subtract two points because of my experience with the data loss feature and how it behaves with USB drives.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
CG
Manager of Information Security at a healthcare company with 1,001-5,000 employees
Real User
Top 5
Excelling in this competitive product category with more features than users put to task

Pros and Cons

  • "The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are valuable assets."
  • "Scalability is good."
  • "Technical support is responsive and adept."
  • "There is some issue with the reporting and refreshing information on resources that have been eliminated."

What is our primary use case?

The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are probably the biggest areas of the product that we employ. We also make use of web content filtering and application control as well.  

What is most valuable?

I would probably say that the DLP portion of the product is the most valuable for what we do. That just happens to be the side of the house I sit in. But the EDR alerting is also relevant when talking about valuable features.  

What needs improvement?

Refreshing the reports could be improved. It looks like sometimes when systems no longer exist those systems can still show up on the reporting.  

For example, if you spin up a virtual desktop and a virtual server, and then you change the name of that virtual server, what happens is Intercept X still maintains a record of the device by the old name. It does that even though it no longer exists in the system because the name has been changed. So, refreshing the data is probably something that needs to be addressed.  

I can not really address what I think needs to be added to the product right now because I still think our organization is focusing on learning what the product can do and discovering the capabilities. I have been so involved with it from the perspective of understanding what it does currently that I am still trying to figure out what else we would like to see.  

For how long have I used the solution?

We have been using Sophos Intercept X for probably a little over six months now.  

What do I think about the scalability of the solution?

We have about 1500 endpoints. That is a pretty good volume. While I do not know exactly how to rate it, the scalability is excellent from the standpoint of adding endpoints. We have not run across any issues with the scalability of it. I would tell you that it is very applicable to this company right now and certainly is up to the task of matching our needs.  

How are customer service and technical support?

To this point-in-time, we have found that the technical support is very responsive. We can reach them by phone and by email, and we get answers to the issues and questions we bring up.  

How was the initial setup?

I think the initial installation and setup were very straightforward.  

Once the rollout started, we had to incorporate 1500 devices — and that is just the desktops alone. It probably took about two months. The amount of time it took was because of the scale of resources dedicated to onboarding the solution. It was not because of distribution.  

What about the implementation team?

We did not need to use an integrator or consultant for deployment. It was all done internally.  

Which other solutions did I evaluate?

We did evaluate other options before choosing Sophos. For example, we looked at Sentinel One. We also looked at a couple of different solutions like Trend Micro and CrowdStrike. Looking at those four seems to have been a good enough comparison of products in the category.  

What other advice do I have?

My biggest bit of advice for people taking on Intercept X is to train your staff on all of the functions of that solution. There are a number of solutions within the one product and it is best to know how to use them all and if they apply to your circumstances.  

The biggest lesson we have learned from using Sophos is that the product can be a bit overwhelming with information and data. That is the situation where your training and your resources come into play.  

Make sure you have a complete plan to utilize the tool or you will have pieces that are just sitting there and nothing is happening to utilize them. There are a lot of capabilities that the solution has and you need to make the effort to discover them.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate Sophos Intercept X as probably about a nine-out-of-ten. It is not until you see other applications like CrowdStrike and do a comparison to see what they can do that you really have an idea of what applications in the category are capable of.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
EG
IT Manager at a construction company with 201-500 employees
Real User
Top 5Leaderboard
Excellent at capturing malicious threats together with an aggressive next generation firewall

Pros and Cons

  • "Anti-virus captures malicious threats and an aggressive next generation firewall."
  • "Deployment on cloud needs to be carried out manually."

What is our primary use case?

The main use cases of this solution are for protection from ransomware and malware. Although we don't have EDR because of its high cost, we do have the capability to filter the website. Our use case is more about capturing crypto and the like that can encrypt files. I'm a system administrator and we are customers of Sophos. 

What is most valuable?

I've found that the most valuable feature is the anti-virus that captures malicious threats and the next generation firewall which is more aggressive in terms of not only looking for viruses, but also for SaaS and the movement of equipment. If something strange comes up we're automatically notified and it's either blocked or quarantined. It enables you to prevent future viruses and enables us to inform the user of malicious websites they have visited.

To date, we haven't had any incidents related to viruses or any types of attacks and we barely get any false positives. It's good to know that any malicious anti-virus detected is automatically blocked, although it makes things more difficult for our IT department.

What needs improvement?

There is an issue when deploying on cloud because it needs to be done manually. For an enterprise company that can have 10,000 or even 50,000 end users, it's a lot to deploy manually. An additional feature they might include would be the ability to control the lockdown on hardware; to control all the entry points such as a USB, a camera or any external storage. 

For how long have I used the solution?

I've been using this solution for three years. 

What do I think about the stability of the solution?

I think this solution is stable. It doesn't allow you to do anything that may cause a problem. If you try to download something that is prone to hacking, the solution won't allow it. It's important to use the admin lock to prevent malicious programs being downloaded. It's good at preventing remote users from downloading malware. 

What do I think about the scalability of the solution?

The solution is very scalable because they don't generally deal with small size office deployments of 10 or 15 users. The solution can scale to 100,000 or even up to 200,000 users.  

How are customer service and technical support?

Initially we didn't have phone support, but now it's part of the enterprise portfolio which we have. We only use the support if we have an issue with the server. It's the benefit of the cloud, there are no concerns about the server whereas on-premise you need to synchronize your server or upgrade the new version to get those features.

Which solution did I use previously and why did I switch?

We migrated from Symantec enterprise to Sophos and SentinelOne. The approach is the same for all of them. 

How was the initial setup?

Initial setup for the cloud is very straightforward because it's managed by the company. It's just a matter of downloading the agent and installing to your end point. The on-premise implementation is more difficult, particularly if you're not familiar with it but the support is very helpful. I believe there's a way to roll out without the need to visit individual users. I believe they integrate with an active directory, and then post from there. Deployment time depends on availability of the user's desktop or and/or laptop. If it's on premise, you can push that one, it would take less than 15 minutes. To deploy in a company would take less than a month. 

What's my experience with pricing, setup cost, and licensing?

If you start with the standard solution, move to Intercept X, and then go to the EDR version, it's almost double the price in comparison to other vendors. It's a choice for any company. Check Point's SandBlast, for example, has two payables but the additional payable includes encrypting your hard drive - not everyone needs that feature. 

What other advice do I have?

This is a good product but it comes at a high price. As a result, I would rate this solution an eight out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
EA
IT Infrastracture Consultant at a healthcare company with 201-500 employees
Consultant
Top 20
Behavioral-based protection that is user-friendly and easy to deploy

Pros and Cons

  • "The most valuable feature is the behavioral, non-signature-based threat detection."
  • "When there is an event generated by either the firewall or Intercept X, and the originating IP address is the same, these should be merged into a single event rather than two."

What is our primary use case?

We were recently the target of a ransomware attack and we used this product to clean it from our environment. Our in-place endpoint protection is just signature-based and it was not able to identify which device had passed the malware.

I am in charge of monitoring at this time.

How has it helped my organization?

Once we installed Intercept X, it was able to detect and remove malware that could not be found by the simple endpoint security solution.

What is most valuable?

The most valuable feature is the behavioral, non-signature-based threat detection.

We like Sophos Central, where you have access to a security console. It provides you with information such as recommendations on what to do next. Using this, we were able to trace the affected devices, which were then cleaned. If new alerts are given then we know which devices are still affected and we can take the appropriate action.

Sophos Central also shows us which alerts have not yet been attended to, which is nice.

What needs improvement?

Sophos Central does not provide all of the information that is available, so it requires us to take the additional step of retrieving details from the firewall. It would be more productive if the information between Sophos products were automatically correlated and updated in Sophos Central.

When there is an event generated by either the firewall or Intercept X, and the originating IP address is the same, these should be merged into a single event rather than two. Automatically correlating these events would save us time.

For how long have I used the solution?

We began using Sophos Intercept X a few days ago.

What do I think about the stability of the solution?

We use Intercept X on a daily basis and it is quite stable.

What do I think about the scalability of the solution?

My impression is that this product is scalable.

We have only deployed Intercept X at one hospital, which has about 300 people that it protects. We have approximately six hospitals for which we are recommending its use.

How are customer service and technical support?

We have only dealt with the sales team in the Philippines. Our concerns were commercial in nature, for the most part, rather than technical.

Which solution did I use previously and why did I switch?

Prior to Intercept X, we were using the signature-based endpoint protection by Sophos. Our license was just recently up for renewal and we are in the process of upgrading to Intercept X.

In my previous company, we were using Cisco AMP. The beauty of Sophos Intercept X is that it does both signature-based on behavioral threat protection in one agent. With some other solutions, you have to install a different product for each approach.

How was the initial setup?

The initial setup is very simple. We were able to install it in a few minutes and then it automatically begins detection. Completing the initial scan involves rebooting the computer a couple of times, so it takes a little while to complete and clean out the malware if it is there.

What about the implementation team?

The interface is very user-friendly and we were able to deploy and operate it ourselves.

Our company does not have 24/7 monitoring, so we are now looking at a managed SOC that we can subscribe to. Ideally, this type of service will give recommendations, above simply alerting us to problems.

What's my experience with pricing, setup cost, and licensing?

We were able to eliminate the ransomware using the one-month, full-featured trial license. Our intention now is to upgrade our systems to the full product. We were given a corporate rate.

Our licensing includes local support for each of our offices, nationwide. This something that we like.

What other advice do I have?

Overall, this is a good product that seems to address our concerns and I can recommend it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Sophos Intercept X Report and get advice and tips from experienced pros sharing their opinions.