Intercept X Endpoint Reviews

We have split our operations into work at home and on-premise. We have over 2,000 or 3,000 work-at-home agents. Some of them do not connect to us via a virtual private network. They connect directly to our CRM clients. In order for us to ensure that we have visibility and to be able to protect our PCs, we are using Sophos Intercept X via the cloud.

We have been a client of Sophos for close to nine or ten years, and we have not been compromised with ransomware or anything like that during this period. The whole Sophos solution set has been very useful.

There are additional security features in Sophos Intercept X as well as proxy rules and settings that help us in minimizing the sites that our agents can go to, even after their work hours. 

We had some initial problems with our deployment, and they were more around uninstalling Sophos Basic and installing Sophos Intercept X. We had some challenges with some of the uninstallation scripts. They can improve the deployment of Sophos Intercept X when there is already an existing Sophos version. They can also provide more information in the form of best practices and lessons learned from previous findings. A knowledge base with this type of information would be helpful.

We've been a Sophos client for close to nine or ten years. We started using Sophos Intercept X last year.

After everything is deployed, I've not heard anything negative from my team. It seems stable. 

Given that it is a cloud implementation, Intercept X is very scalable.

We have about 6,000 or 7,000 users. The majority of them are customer service agents. We are using both Sophos Basic and Intercept X, and our plan is to migrate the rest of the nodes to Sophos Intercept X. However, our migration plan might change because we are getting a requirement for Cynet from our clients who use Cynet. They are about 4,000 in number. 

We are rather satisfied. It has not gone to that level where I have to escalate to Sophos Philippines for support. The only pain point that we had was related to the installation and deployment, given that we had to deploy outside of our network.

We had some initial problems with our deployment, and it was more around uninstalling Sophos Basic and installing Sophos Intercept X. 

Its setup was rather complex because we support different clients, and the configuration of the PCs of each client is different. If every PC is the same, the initial setup might be straightforward, but we support over 30 different campaigns, which makes it challenging. We were able to deploy it for 2,000 or 3,000 agents, but it was not as seamless as we wanted it to be. It ended up taking four or five months.

We had Sophos Philippines and a local partner of theirs to assist us in this whole process. Overall, the experience was positive, but it could have been better. We could have received some more assistance from Sophos, either Sophos Philippines or Sophos headquarters, in terms of script development. Some of the issues were resolved by my own engineers by tweaking some scripts.

I am not sure about the cost. I would guess it to be between $50 to $60 per license. This would be the cost of the overall subscription. There is no additional fee.

At this point, we are kind of positive about Sophos Intercept X. Our overall experience, after the deployment challenges, has been rather good.

I would rate Sophos Intercept X an eight out of ten.

We use it for all of its features, with the exception of mobile device management. We use it for DLP, malware protection, some forms of asset tracking, application blocking, and so forth.

It is deployed on-premises and on the cloud. We are using its latest version.

Malware protection and application blocking are absolutely great. The DLP and malware features are very helpful.

It is also very user-friendly, reliable, and scalable. It is easy to set up. We are also happy with its price and support.

Mobile device management is a challenging area, and it can be improved. Some areas in the DLP solution can also be improved. It has the DLP capability, but it is not an all-out DLP program. I would like to see them improve the DLP solution in terms of reporting and possibly network monitoring. Currently, they only do the reporting parts of it.

I have been using this solution for close to two years.

It is a very reliable solution.

It is very easily scalable. We have scaled it, and we had very minor problems in expanding it across the organizations and new acquisitions.

They provide a great response. They are available through email and phone calls. After you create a ticket, they will respond within 24 hours.

We've only used Symantec. Symantec is nowhere near this solution.

The initial setup was straightforward.

Our team did the deployment. We got the training from them, and we did the deployment ourselves.

Compared to other solutions, such as CrowdStrike, we are most certainly happy with its pricing. We did a three year-business deal.

I most certainly would recommend this solution. One of the recommendations would be to make sure that you have a plan and a dedicated team to be able to manage all of the functions that are in the Sophos solution.

I would rate Sophos Intercept X an eight out of ten.

We primarily use the solution as endpoint protection as well as for endpoint detection and response. It's like an EDR. It's basically used to prevent ransomware.

I would say that it's difficult to really say how it's improved our organization. We had never actually been hit by a ransomware attack prior to installing Sophos and never had Sophos tell us that we're experiencing one. That said, it's very important to be protected. Getting attacked would be a disaster.

We were looking for something that could sense ransomware attempts, to encrypt files, and cut off and reverse attacks as well as alert us to issues. That's what the Intercept X is designed to do. It's very good at security and protection. It offers very good reports.

The initial setup is simple.

The biggest feature that's on the server version that we're using, the EDR, is the ability to push data on threats that it's seeing over to another management platform, like a managed detection response service. It's nice that it's possible to do this and we don't have to pay so much attention to the alerts. They can for us.

It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first. Otherwise, it thinks you're a virus. It would be ideal if there was some sort of setting where you could warn the system it's just you in there doing routine maintenance.

I've used the solution over the last couple of years. However, I haven't used the product too heavily.

The stability is relatively good. We've had a few false alarms, however, there's nothing major that's happened so far. It seems free of bugs and glitches. It doesn't crash or freeze. It's good.

I haven't personally tried to scale anything. It's probably pretty scalable because you don't have an appliance. Appliances have limitations as they have a set size or capacity. It is a cloud-based console, therefore it can probably scale pretty well.

We have 80 people in our organization and everybody uses the product.

I'd rate technical support pretty high. I'd give them an eight out of ten. They're helpful. They are knowledgeable and responsive. We've been satisfied with the level of attention we get when we need them.

We didn't have anything previously for anti-ransomware. We just had the Kaspersky antivirus. However, it wasn't able to detect ransomware specifically. Therefore, we put Sophos Intercept X on to do that.

We've found the initial setup is pretty straightforward. It's not overly complex. We didn't have trouble setting everything up.

We're using the latest version of the solution.

We've got Sophos Intercept X on the notebook computers along with Kaspersky and then on the servers it's only Sophos EDR, which has both antivirus and Intercept X. All are bundled together.

The console's on the cloud and that's just installed on the clients, however, they all communicate with a self-hosted JIRA cloud console.

I'd advise those considering the solution to probably just go with the antivirus portion as well. That way, you've got it all under one console. We're juggling two consoles, Kaspersky and Sophos. It would be easier if everything was under one.

ON a scale from one to ten, I'd rate this product at a nine. We've been very happy with it.

We primarily use the solution for malware protection.

Without a doubt, this product has helped our organization. We've been deploying Sophos Firewall for probably 15 years now. We haven't had a lot of trouble, and prior to using the Sophos product, we were using a lot of Symantec products and occasionally some others. We have not had a lot of problems with infections. By that I mean, if we had three attacks over the 15 years I'd be kind of surprised, That's usually due to the fact that somebody was doing something stupid. Otherwise, we've been very well protected. Basically, if a lot of people are looking maliciously at any of our clients, they aren't getting very far.

The reporting is pretty good up on the Sophos side. We can see if anything's going on, at least from Sophos' perspective. 

The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer. 

Occasionally, we do get noticed, however, we don't always get noticed, and I sometimes wonder is that just due to the fact that our client computers are tough to get at? We also deploy the Sophos Firewall on client sites, and it's relatively difficult for a bad guy to get in there.

We've been happy with it and we've been happy with the training that Sophos has. They keep us up to date on any changes that the solution has.

I don't know how many infections this protected us from. It might be nice to have a view of what has come at us. You're blocking certain types of traffic. It's not malware per se. You would get a message for this, however, you never really know if this was really a bad guy or just some 16-year-old who knows computers.

There's always room for improvement in pricing. 

From a corporate perspective and from a customer perspective, switching is very difficult to do. It's not an easy task. 

The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them.

I would like to see a templated selection of items that ought to be implemented, that right out of the gate, you can just turn on. This is what we recommend for standard workstations that are running under normal circumstances. It's not that you can't have a template in there. You can create your own template and stuff like that, however, they haven't yet spent a whole lot of time figuring out if you're in the, I don't know, medical business and you need HIPAA and you need this and that, these are all the standard things you ought to deploy. It would be ideal if you could just flip the switch, and it turns them all on.

Also, after you've turned this stuff on in mass like that, you sometimes don't immediately know what the problem is if they all of a sudden can't talk to vendor X. Like in banking, they get a lot of offsite services. You should be able to say "Okay, so I blocked them somehow with one of these things. I don't know which one it is, Help me find it so I don't have to turn everything off." Otherwise, I've got to turn off the whole thing and switch them on one by one, which is time-consuming.

I've been dealing with the solution for a year and a half. The company has been deploying Sophos for 15 years or so.

Thinking back on it, we only ran into maybe one bug in the whole time we've used the product. One time, when we upgraded Windows, it wasn't compliant and I remembered that my business partner told me that he had to go to Sophos for help. They quickly resolved the problem.

We've had very few issues. A company should not fear installing it. It's pretty reliable.

Our clients are all small businesses generally. The solution seems to be quite easy to scale in the market that we serve, which would be up to a hundred or so users. We haven't had any problems, however, I haven't deployed it for 10,000 users -which would be a totally different thing. Therefore, while it scales well for small businesses, I can't speak to how it would scale at an enterprise-level.

We do work with a university, and we do some work with a couple of different school districts in the San Diego area. We do some consulting for all three of those. If they asked us to recommend a product, we do recommend a product like this and we help people out with that sort of thing.

Technical support could be faster. We can't really get a hold of them when we need to. They really need to improve their services.

Issues get resolved quick enough. However, there are just issues that cause a lot of unnecessary back and forth. For example, we had a client for who we had installed a temporary license for Intercept X, and then subsequent to that, when we tried to put on the real license, bought it, paid for it, got the key, tried to plug it in, that worked fine. However, all of a sudden it started telling us it was having problems with the temporary license, which was supposed to have been replaced. That was a back and forth. It really took us about two weeks to get that resolved with them. Not a huge problem, not causing alarms that people were getting in, that shouldn't get in, however, I kind of thought somebody would get back to me in a day or two. It didn't take them two weeks to get back to me, but there was a fair amount of back and forth about how to resolve this.

I would say that the quality of the support when you talk to them is very good. I would rate that a nine out of ten. That said, the lack of availability at times of support is concerning, particularly if we were to have an ongoing hack. Sophos now offers a service where they will jump in there for quite a large fee and mitigate everything quickly. However, when you already have bought a product that's supposed to be doing that same job, it seems strange they would charge you again to actually do the job.

Having talked to some of those guys on the tech side, they are extreme. Those guys on that side are super knowledgeable and they can jump in there quickly and check a lot of things way faster than I could ever do it, simply due to the fact that they're so much more familiar with the product and with the way that attacks run.

I don't see them every day so, even though I go to training and I watch it on the training and so forth, it's not something that I fiddle with all the time. I simply don't need to, which is great. It keeps me a step removed from it.

We previously used Symantec among other products.

Symantec has changed a lot over the last 10 years. They used to be a totally different company. We were not only concerned about the product and the quality of the product and the availability of support and all of these sorts of things at first. However, they were also beginning to fall behind in terms of their technical capabilities on their product, and then we also already had a relationship with Sophos because of the firewalls, so it was a natural transition away from Symantec.

We were deploying the UTMs or what they call the SG line, and they've subsequently come out with the XG line, and if you have their cloud-based management solution, you can manage the XG line of firewalls with Intercept X, and they can look at each other's data and make decisions, AI kinds of decisions, or just scripted decisions, based on what the other is finding. It's much more advanced.

The initial setup isn't too difficult. Once you learn it, it's pretty straightforward.

There is a learning curve, and if you haven't learned it, and I would assume this is the same with anybody's product, then you're not really sure what options you want to enable and not enable and so forth. If you turn on too much stuff, let's put it that way, your end user's computer ends up running slowly. You have to be smart about what you're doing.

It doesn't have every function that's out there in the universe. However, it's really quite good and it's a reasonable value for the money compared to some of the alternatives that I've seen. However, I'm not super familiar with the alternatives. I know their names, I kind of know what they do, I read the reviews on your site and others, and we're always looking at it, however, I haven't really studied them.

We're Sophos partners and resellers.

We always deploy the latest version of the solution. We deploy the Intercept X Advanced with EDR.

All the management is done through the cloud. Then there's a client piece you put on, on-premises. We do the management through the cloud and we put the client piece on the premises.

I like a lot of the things that Sophos is doing. They didn't have one this year, however, they have an annual conference, and one of the things they had done, this was right before they got bought by this other company, is they had hired a lot of really top talent. These guys, when I was at the conference for a few days, just listening to them talk, you're mesmerized with how sharp and bright these guys are and what they're adding into the program. Not to say that others aren't getting some of this stuff too, however, it was really impressive. You felt like they had it together. You trust that by sticking with these guys, you're absolutely going to have minimal, to no issues at all.

I'd recommend the solution. It's a really good product. I realized that there are other good products out there and it's not that other companies shouldn't take a look at other products. However, it works, it does what it's supposed to do, and, once you learn it, it's easy to manage and the link to the firewall is really good and a great idea. It's smart to implement a single plan across people's networks. It just makes a lot of sense.

Overall, I would rate the solution nine out of ten.

Our primary use case is endpoint protection.

The most valuable features are the anti-ransomware engine, deep learning, web filtering, and the cloud manageability.

I would like to have a built-in firewall, rather than having to integrate one. Having both a personal firewall and an endpoint firewall would be an improvement. It does have firewall monitoring capability but it is integrated with the Windows firewall. Having their own endpoint firewall would be better.

We have been working with Sophos Intercept X for about two weeks.

With respect to stability, given that we have only been using it for a couple of weeks, it is too early to tell. That said, we have not experienced any issues so far.

Scalability has not been a problem.

I have not had any issues, yet, that necessitated contacting technical support.

Prior to Sophos, we were using a product by Symantec. The first difference is the deep learning or machine learning aspect. The second is the cloud administration capabilities. They both support cloud but the administration is better in Sophos.

The initial setup is straightforward.

I find the pricing to be a little bit expensive, although it is acceptable, for now.

The suitability of this product depends on the company and its environment, but for a company like us, I recommend Sophos. 

I would rate this solution a nine out of ten.

The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are probably the biggest areas of the product that we employ. We also make use of web content filtering and application control as well.  

I would probably say that the DLP portion of the product is the most valuable for what we do. That just happens to be the side of the house I sit in. But the EDR alerting is also relevant when talking about valuable features.  

Refreshing the reports could be improved. It looks like sometimes when systems no longer exist those systems can still show up on the reporting.  

For example, if you spin up a virtual desktop and a virtual server, and then you change the name of that virtual server, what happens is Intercept X still maintains a record of the device by the old name. It does that even though it no longer exists in the system because the name has been changed. So, refreshing the data is probably something that needs to be addressed.  

I can not really address what I think needs to be added to the product right now because I still think our organization is focusing on learning what the product can do and discovering the capabilities. I have been so involved with it from the perspective of understanding what it does currently that I am still trying to figure out what else we would like to see.  

We have been using Sophos Intercept X for probably a little over six months now.  

We have about 1500 endpoints. That is a pretty good volume. While I do not know exactly how to rate it, the scalability is excellent from the standpoint of adding endpoints. We have not run across any issues with the scalability of it. I would tell you that it is very applicable to this company right now and certainly is up to the task of matching our needs.  

To this point-in-time, we have found that the technical support is very responsive. We can reach them by phone and by email, and we get answers to the issues and questions we bring up.  

I think the initial installation and setup were very straightforward.  

Once the rollout started, we had to incorporate 1500 devices — and that is just the desktops alone. It probably took about two months. The amount of time it took was because of the scale of resources dedicated to onboarding the solution. It was not because of distribution.  

We did not need to use an integrator or consultant for deployment. It was all done internally.  

We did evaluate other options before choosing Sophos. For example, we looked at Sentinel One. We also looked at a couple of different solutions like Trend Micro and CrowdStrike. Looking at those four seems to have been a good enough comparison of products in the category.  

My biggest bit of advice for people taking on Intercept X is to train your staff on all of the functions of that solution. There are a number of solutions within the one product and it is best to know how to use them all and if they apply to your circumstances.  

The biggest lesson we have learned from using Sophos is that the product can be a bit overwhelming with information and data. That is the situation where your training and your resources come into play.  

Make sure you have a complete plan to utilize the tool or you will have pieces that are just sitting there and nothing is happening to utilize them. There are a lot of capabilities that the solution has and you need to make the effort to discover them.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate Sophos Intercept X as probably about a nine-out-of-ten. It is not until you see other applications like CrowdStrike and do a comparison to see what they can do that you really have an idea of what applications in the category are capable of.  

We are a small consulting group. We are not really end-users but we sell to them. We are primarily recommending Sophos Central Intercept X as a client solution for endpoint security. They are going to be using it for the security apps, their desktops, and there is a server version as well. I would think that someone buying the server product would expect that to include endpoint security, including ransomware protection, advanced threat protection, and zero-day threat protection.  

Many of our users also use Sophos firewalls and the solutions integrate with each other nicely.  

I would say that the most valuable features are the cloud administration and the strength of the ransomware protection.  

The one thing that I think probably needs the most attention with this product is the technical support. Some of our customers are starting to complain about that.  

It is a good product, generally. I can not really give it any criticism or go on about missing or broken features. I have got nothing to say that needs improvement other than the support.  

We have been recommending Sophos to users for maybe four years. The proper product name is actually Sophos Central Intercept X Advanced.  

I do not know of any limitations having to do with the scalability of this product. We are a small company so the number of clients that we have is not that large. The total would be maybe around 10 clients. The number of endpoints under management for those clients that we are involved with is about 1000. I do not see that we are even close to any limitations in scaling this product with those numbers.  

The one thing that needs the most attention according to our customers is the product's technical support. We do not really hear anything about the product having larger issues but there have been a few comments on the gaps in tech support.  

The initial setup is probably straightforward but there are times when it could be difficult. We are about to do a project where we are going to have to replace a Symantec product. We will see how hard that is to do. The potential problems have more to do with a question of how difficult it is to remove Symantec completely than it is about installing Sophos. There is a tool from Sophos for doing a replacement. We had not used it before so we will get to see how well it works.  

The deployment is quick. It just depends on the environment. If you have a lot of remote sites, that could take more time. If you got to replace something, you never know how hard it is going to be because of how another product sets down its roots. There is a point where you have to just do as well as you can and then deal with issues if any arise.  

When we deploy it into client sites we are the integrators and consultants for the deployment. It deploys as you would expect and there are no surprises. Again, it could be hard to remove an existing solution.  

Intercept X for endpoints is around $35 per user per year. The server version is $95 per server per year.  

I would advise anybody who is using a Sophos firewall and is looking to migrate to another solution to give Intercept X the serious consideration it deserves because the Sophos firewall integrates well with the Intercept X solution and that is an advantage.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as a nine-out-of-ten.  

It provides a feature for scanning and analyzing endpoints, which is a value-add for our infrastructure. With the advancements in the Advanced Persistent Threats (APTs), Sophos Intercept X analyzes an APT and the behavior of the endpoints. It then gives us a detailed dashboard with more information about the endpoints and their security and risk level.

While deploying Sophos Intercept X, we identified a lot of vulnerability and risky endpoints that our previous solution didn't cover, which proved that this solution is the best.

It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc.

We have been using this solution for two years. 

It is stable.

It is scalable. We have 250 users in our company.

Sophos technical support is very helpful. There are many ways to contact them. When I worked with Cyberoam, in the console, you can directly contact technical support through chat. A consultant joins the chat, and you can give them the control to your appliance to verify the configuration and do other checks and troubleshooting for resolving your issue. This is a strong point in Sophos technologies.

We migrated from Kaspersky to Sophos Intercept X. While deploying Sophos Intercept X, we found a lot of vulnerability and risky endpoints that Kaspersky didn't cover.

The initial setup is not complex. The deployment and testing took us one month.

You start by deploying the server, and then you can install or deploy an endpoint. There are many ways to deploy endpoints. A roaming user can use just the email with the link, or the support team can move the endpoint or assist the user by phone. 

We had consultants. For implementation, I coordinated with a consultant from Atos and a consultant from Sophos. Atos is our infrastructure manager and service provider. 

Licensing is based on the number of users. They give a discount for editors who are considered as important members. From what I know, Sophos products are not expensive. If you have a license extension, you just need to contact the editor or partner to change the mode of licensing or extend the license to cover more people.

I would recommend using this solution. It is an antivirus and anti-ransomware solution. It has many functions and features. Antivirus is its major feature. The anti-ransomware module is its advanced function.

It has been a good solution so far. It has a very good score in NSS Labs, which is a laboratory that tries and tests all security solutions and gives them a scoring. Many other companies have also started to deploy this solution.

We plan to continue using Sophos solutions. I am in touch with new users, and they appreciate this solution. We have a meeting tomorrow with Sophos to share with our technology roadmap and choose the new technologies to deploy in our company. We will do a proper proof of concept of the solution to evaluate technical aspects, technical features, offerings, limitations, and strong points. 

I would rate Sophos Intercept X a nine out of ten. It is a good product.