Intercept X Endpoint Reviews

We use it for all of its features, with the exception of mobile device management. We use it for DLP, malware protection, some forms of asset tracking, application blocking, and so forth.

It is deployed on-premises and on the cloud. We are using its latest version.

Malware protection and application blocking are absolutely great. The DLP and malware features are very helpful.

It is also very user-friendly, reliable, and scalable. It is easy to set up. We are also happy with its price and support.

Mobile device management is a challenging area, and it can be improved. Some areas in the DLP solution can also be improved. It has the DLP capability, but it is not an all-out DLP program. I would like to see them improve the DLP solution in terms of reporting and possibly network monitoring. Currently, they only do the reporting parts of it.

I have been using this solution for close to two years.

It is a very reliable solution.

It is very easily scalable. We have scaled it, and we had very minor problems in expanding it across the organizations and new acquisitions.

They provide a great response. They are available through email and phone calls. After you create a ticket, they will respond within 24 hours.

We've only used Symantec. Symantec is nowhere near this solution.

The initial setup was straightforward.

Our team did the deployment. We got the training from them, and we did the deployment ourselves.

Compared to other solutions, such as CrowdStrike, we are most certainly happy with its pricing. We did a three year-business deal.

I most certainly would recommend this solution. One of the recommendations would be to make sure that you have a plan and a dedicated team to be able to manage all of the functions that are in the Sophos solution.

I would rate Sophos Intercept X an eight out of ten.

The main use cases of this solution are for protection from ransomware and malware. Although we don't have EDR because of its high cost, we do have the capability to filter the website. Our use case is more about capturing crypto and the like that can encrypt files. I'm a system administrator and we are customers of Sophos. 

I've found that the most valuable feature is the anti-virus that captures malicious threats and the next generation firewall which is more aggressive in terms of not only looking for viruses, but also for SaaS and the movement of equipment. If something strange comes up we're automatically notified and it's either blocked or quarantined. It enables you to prevent future viruses and enables us to inform the user of malicious websites they have visited.

To date, we haven't had any incidents related to viruses or any types of attacks and we barely get any false positives. It's good to know that any malicious anti-virus detected is automatically blocked, although it makes things more difficult for our IT department.

There is an issue when deploying on cloud because it needs to be done manually. For an enterprise company that can have 10,000 or even 50,000 end users, it's a lot to deploy manually. An additional feature they might include would be the ability to control the lockdown on hardware; to control all the entry points such as a USB, a camera or any external storage. 

I've been using this solution for three years. 

I think this solution is stable. It doesn't allow you to do anything that may cause a problem. If you try to download something that is prone to hacking, the solution won't allow it. It's important to use the admin lock to prevent malicious programs being downloaded. It's good at preventing remote users from downloading malware. 

The solution is very scalable because they don't generally deal with small size office deployments of 10 or 15 users. The solution can scale to 100,000 or even up to 200,000 users.  

Initially we didn't have phone support, but now it's part of the enterprise portfolio which we have. We only use the support if we have an issue with the server. It's the benefit of the cloud, there are no concerns about the server whereas on-premise you need to synchronize your server or upgrade the new version to get those features.

We migrated from Symantec enterprise to Sophos and SentinelOne. The approach is the same for all of them. 

Initial setup for the cloud is very straightforward because it's managed by the company. It's just a matter of downloading the agent and installing to your end point. The on-premise implementation is more difficult, particularly if you're not familiar with it but the support is very helpful. I believe there's a way to roll out without the need to visit individual users. I believe they integrate with an active directory, and then post from there. Deployment time depends on availability of the user's desktop or and/or laptop. If it's on premise, you can push that one, it would take less than 15 minutes. To deploy in a company would take less than a month. 

If you start with the standard solution, move to Intercept X, and then go to the EDR version, it's almost double the price in comparison to other vendors. It's a choice for any company. Check Point's SandBlast, for example, has two payables but the additional payable includes encrypting your hard drive - not everyone needs that feature. 

This is a good product but it comes at a high price. As a result, I would rate this solution an eight out of 10.

The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are probably the biggest areas of the product that we employ. We also make use of web content filtering and application control as well.  

I would probably say that the DLP portion of the product is the most valuable for what we do. That just happens to be the side of the house I sit in. But the EDR alerting is also relevant when talking about valuable features.  

Refreshing the reports could be improved. It looks like sometimes when systems no longer exist those systems can still show up on the reporting.  

For example, if you spin up a virtual desktop and a virtual server, and then you change the name of that virtual server, what happens is Intercept X still maintains a record of the device by the old name. It does that even though it no longer exists in the system because the name has been changed. So, refreshing the data is probably something that needs to be addressed.  

I can not really address what I think needs to be added to the product right now because I still think our organization is focusing on learning what the product can do and discovering the capabilities. I have been so involved with it from the perspective of understanding what it does currently that I am still trying to figure out what else we would like to see.  

We have been using Sophos Intercept X for probably a little over six months now.  

We have about 1500 endpoints. That is a pretty good volume. While I do not know exactly how to rate it, the scalability is excellent from the standpoint of adding endpoints. We have not run across any issues with the scalability of it. I would tell you that it is very applicable to this company right now and certainly is up to the task of matching our needs.  

To this point-in-time, we have found that the technical support is very responsive. We can reach them by phone and by email, and we get answers to the issues and questions we bring up.  

I think the initial installation and setup were very straightforward.  

Once the rollout started, we had to incorporate 1500 devices — and that is just the desktops alone. It probably took about two months. The amount of time it took was because of the scale of resources dedicated to onboarding the solution. It was not because of distribution.  

We did not need to use an integrator or consultant for deployment. It was all done internally.  

We did evaluate other options before choosing Sophos. For example, we looked at Sentinel One. We also looked at a couple of different solutions like Trend Micro and CrowdStrike. Looking at those four seems to have been a good enough comparison of products in the category.  

My biggest bit of advice for people taking on Intercept X is to train your staff on all of the functions of that solution. There are a number of solutions within the one product and it is best to know how to use them all and if they apply to your circumstances.  

The biggest lesson we have learned from using Sophos is that the product can be a bit overwhelming with information and data. That is the situation where your training and your resources come into play.  

Make sure you have a complete plan to utilize the tool or you will have pieces that are just sitting there and nothing is happening to utilize them. There are a lot of capabilities that the solution has and you need to make the effort to discover them.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate Sophos Intercept X as probably about a nine-out-of-ten. It is not until you see other applications like CrowdStrike and do a comparison to see what they can do that you really have an idea of what applications in the category are capable of.  

We are a small consulting group. We are not really end-users but we sell to them. We are primarily recommending Sophos Central Intercept X as a client solution for endpoint security. They are going to be using it for the security apps, their desktops, and there is a server version as well. I would think that someone buying the server product would expect that to include endpoint security, including ransomware protection, advanced threat protection, and zero-day threat protection.  

Many of our users also use Sophos firewalls and the solutions integrate with each other nicely.  

I would say that the most valuable features are the cloud administration and the strength of the ransomware protection.  

The one thing that I think probably needs the most attention with this product is the technical support. Some of our customers are starting to complain about that.  

It is a good product, generally. I can not really give it any criticism or go on about missing or broken features. I have got nothing to say that needs improvement other than the support.  

We have been recommending Sophos to users for maybe four years. The proper product name is actually Sophos Central Intercept X Advanced.  

I do not know of any limitations having to do with the scalability of this product. We are a small company so the number of clients that we have is not that large. The total would be maybe around 10 clients. The number of endpoints under management for those clients that we are involved with is about 1000. I do not see that we are even close to any limitations in scaling this product with those numbers.  

The one thing that needs the most attention according to our customers is the product's technical support. We do not really hear anything about the product having larger issues but there have been a few comments on the gaps in tech support.  

The initial setup is probably straightforward but there are times when it could be difficult. We are about to do a project where we are going to have to replace a Symantec product. We will see how hard that is to do. The potential problems have more to do with a question of how difficult it is to remove Symantec completely than it is about installing Sophos. There is a tool from Sophos for doing a replacement. We had not used it before so we will get to see how well it works.  

The deployment is quick. It just depends on the environment. If you have a lot of remote sites, that could take more time. If you got to replace something, you never know how hard it is going to be because of how another product sets down its roots. There is a point where you have to just do as well as you can and then deal with issues if any arise.  

When we deploy it into client sites we are the integrators and consultants for the deployment. It deploys as you would expect and there are no surprises. Again, it could be hard to remove an existing solution.  

Intercept X for endpoints is around $35 per user per year. The server version is $95 per server per year.  

I would advise anybody who is using a Sophos firewall and is looking to migrate to another solution to give Intercept X the serious consideration it deserves because the Sophos firewall integrates well with the Intercept X solution and that is an advantage.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as a nine-out-of-ten.  

It provides a feature for scanning and analyzing endpoints, which is a value-add for our infrastructure. With the advancements in the Advanced Persistent Threats (APTs), Sophos Intercept X analyzes an APT and the behavior of the endpoints. It then gives us a detailed dashboard with more information about the endpoints and their security and risk level.

While deploying Sophos Intercept X, we identified a lot of vulnerability and risky endpoints that our previous solution didn't cover, which proved that this solution is the best.

It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc.

We have been using this solution for two years. 

It is stable.

It is scalable. We have 250 users in our company.

Sophos technical support is very helpful. There are many ways to contact them. When I worked with Cyberoam, in the console, you can directly contact technical support through chat. A consultant joins the chat, and you can give them the control to your appliance to verify the configuration and do other checks and troubleshooting for resolving your issue. This is a strong point in Sophos technologies.

We migrated from Kaspersky to Sophos Intercept X. While deploying Sophos Intercept X, we found a lot of vulnerability and risky endpoints that Kaspersky didn't cover.

The initial setup is not complex. The deployment and testing took us one month.

You start by deploying the server, and then you can install or deploy an endpoint. There are many ways to deploy endpoints. A roaming user can use just the email with the link, or the support team can move the endpoint or assist the user by phone. 

We had consultants. For implementation, I coordinated with a consultant from Atos and a consultant from Sophos. Atos is our infrastructure manager and service provider. 

Licensing is based on the number of users. They give a discount for editors who are considered as important members. From what I know, Sophos products are not expensive. If you have a license extension, you just need to contact the editor or partner to change the mode of licensing or extend the license to cover more people.

I would recommend using this solution. It is an antivirus and anti-ransomware solution. It has many functions and features. Antivirus is its major feature. The anti-ransomware module is its advanced function.

It has been a good solution so far. It has a very good score in NSS Labs, which is a laboratory that tries and tests all security solutions and gives them a scoring. Many other companies have also started to deploy this solution.

We plan to continue using Sophos solutions. I am in touch with new users, and they appreciate this solution. We have a meeting tomorrow with Sophos to share with our technology roadmap and choose the new technologies to deploy in our company. We will do a proper proof of concept of the solution to evaluate technical aspects, technical features, offerings, limitations, and strong points. 

I would rate Sophos Intercept X a nine out of ten. It is a good product.

The primary use case is basically having a synchronized perspective on what's going on between endpoints, firewalls, and whatever other types of preventative measures the customer has. 

The fewer panes of glass you've got to go to to try to investigate an event, the better off you are. If there's some automation that goes on within the fabric, or whatever you want to call it, this coordinated effort, then you're going to come out ahead as a small organization. Sophos has one pane of glass, so it gives good visibility. There's less time spent in front of the screen because I have confidence in the automation that's going on.

It's been pretty reliable. There's been a few times when it hasn't just taken care of problems. The automation is very convenient.

There's Sophos Central where the customer has a single pane of glass. You can manage everything. 

The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this.

It has a Linux version that's available. 

What I look for in dealing with small businesses, is for something that is not going to add to their staffing requirements significantly in terms of management. That's true with both Sophos as with Fortinet. 

There's great situational awareness within all the other components. If I have a workstation, usually they're just taking care of everything without me even knowing about it unless I go into the logs and see what's been cleaned up. I don't care if something gets cleaned up, I do care if something doesn't get cleaned up. My reporting is set to an on exception basis to ensure I don't have a firehose of information pointed at me to overwhelm me. Customers don't generally want to know every little thing that's happening on their network. What they want to know is if something has happened that puts their environment or their infrastructure in jeopardy. Sophos does this exceptionally well.

The pricing of the solution is quite good.

The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?" I see that all the time. That's a question I always have in the reports I give my customers. "Okay. So this happened last month. And as you can see, there were all these attacks knocking at the door, but none were allowed through." If someone got through, then I'm going to be concerned.

I've been working with this solution alongside a customer for two years now.

The stability is great. We've never had issues with its reliability. It doesn't crash or freeze. There aren't bugs or glitches. It protects us well.

The solution scales really well. They have great resources on hand for managing it within the cloud. I haven't found any issues with capacity. I've never heard of anyone ever having issues in that regard.

Typically we deal with small businesses. When I say "small business" I am referring to a company of around 250 people.

Technical support has been very, very good. They're reliable and knowledgable. We've been satisfied with the level of service provided. 

We also have experience with Fortinet. Fortinet has what they call their security fabric, which does about the same thing. Basically you have a number of different products, different solutions, and it's all under a single pane of glass and everything's coordinated so that any member or any component of that fabric or synchronized security is aware, has situational awareness of what other components are experiencing. If there's an attack that breaks out in one place, then there's going to be the opportunity for basically isolating that particular component so that it doesn't allow lateral movement.

I've used other solutions. The reason that I like Sophos is mostly due to the synchronized security and cloud management. Other solutions that I've dealt with have been point solutions. I've needed to figure out how to get that situational awareness between the different points. You have to do that. The name of the game these days is to evade the parameter. I have to not only protect the endpoint as if there was no firewall, but I also have to make sure that I've got as much intelligence going on about the state of my internal network so that everybody knows what's happening next door to them.

The initial setup was a piece of cake. It wasn't complex at all. It's very straightforward.

I can justify the pricing for customers and I can explain what they're doing from a pricing standpoint in terms of the different risks that they're handling. I'm all about risk management. Unfortunately, we lose awareness of that, the calculus that goes into that when nothing's going wrong. 

You have to ask: what are you trying to protect? What are you willing to spend to protect that, and what's your expected loss if something happens? You have to look at all things and then decide if the number is fair. I'd argue that it is.

We're partners with Sophos. We're a consulting company and we provide some managed services. Sophos products are some that I deploy and manage for my customers.

I don't have the EDR or any of the really sophisticated stuff. The client doesn't think that they have a need to go to another level. 

I don't have EDR or MTR deployed for the customer. I work primarily with small businesses. So sometimes it's kind of hard to get them to invest more than what they feel comfortable doing.

Other organizations should give it serious consideration if they are looking for a solution. The price point is not unreasonable and the management and the continued evolution that I see within the product means that they're not sitting on their haunches waiting for the next big thing. They're constantly moving forward, trying to keep abreast of what's going on. 

We're in an arms race when it comes to cybersecurity. When you look at SophosLabs out of the UK and the work that they're doing in their blogs like Naked Security and whatnot, they're constantly in the forefront, constantly trying to find different threats. It's impressive, to say the least. All of that percolates down into their product because that's what drives their product.

I'd rate the solution at eight out of ten. The solution is consistently showing me that it has a very effective rubric that it follows through on in terms of identifying and remediating, particularly in the area of ransomware. They can handle everything without having to have somebody get down in the weeds and recover things. I like the automation that it brings into the work that's done. That was the wow factor that drew me to them, to begin with.

I find the security heartbeat feature with synchronized security very useful. It's a very nice feature that allows you to basically switch off an endpoint. When an endpoint has got a virus or something like that, or it's infected or compromised, you can isolate it from the network, but only if you've got an XG Firewall as well. 

It also provides ease of use. It is the only antivirus that can recognize 25 out of the 36 ransomware and virus techniques that have been often used in terms of the behavior base using heuristics. It's beautiful, utterly amazing. No other antivirus can do that. 

The pricing could be a bit lower to match the normal retail pricing.

I have been using this solution for the last four months. Currently, I am using the latest version.

It's really scalable. We easily did 5,000 installations in six hours. It's good at scalability.

Some of our SMB clients have 20 users, and some have around 200 to 300 users. A big enterprise client has around 5,000 users.

I don't set these products up, but they look pretty straightforward and simple to set up. The deployment of 5,000 users happened in around six hours. The deployment was obviously automated a little bit.

When you start going to the EDR technologies and the MTR, it is a little bit expensive. It's a very good technology, and obviously, you're going to pay for it, but the pricing could do a little bit of work.

I would definitely recommend Sophos Intercept X. It's the number one product in my go-to-market strategy. 

I haven't used it so much, but from what I've seen and played around with, it's a brilliant product. It has already got everything. It does what it's supposed to do and does it better than anyone else out there. If you look at Gartner Quadrants, they are at number three in terms of leaders. The Microsoft Defender ATP is number one.

I would rate Sophos Intercept X a nine out of ten. It is a beautiful product, and I love it.

The malware detection is the key feature. It provides exploit prevention and rollback capabilities to counter ransomware attacks.

Pricing could be cheaper.

I have been using Intercept X Endpoint for over ten years.

It is stable for our customers.

Support is very responsive.

Positive

Kaspersky is currently only focused on government, whereas Sophos is focused on SMBs and mega enterprises.

The initial setup is easy and takes around five to ten minutes, depending on the network.

The pricing is a little bit higher than that of other solutions.

Some people are using AI technology to detect and regress malware.

It is easy to maintain. I recommend the solution.

Overall, I rate the solution a nine out of ten.