Intercept X Endpoint Reviews

We were recently the target of a ransomware attack and we used this product to clean it from our environment. Our in-place endpoint protection is just signature-based and it was not able to identify which device had passed the malware.

I am in charge of monitoring at this time.

Once we installed Intercept X, it was able to detect and remove malware that could not be found by the simple endpoint security solution.

The most valuable feature is the behavioral, non-signature-based threat detection.

We like Sophos Central, where you have access to a security console. It provides you with information such as recommendations on what to do next. Using this, we were able to trace the affected devices, which were then cleaned. If new alerts are given then we know which devices are still affected and we can take the appropriate action.

Sophos Central also shows us which alerts have not yet been attended to, which is nice.

Sophos Central does not provide all of the information that is available, so it requires us to take the additional step of retrieving details from the firewall. It would be more productive if the information between Sophos products were automatically correlated and updated in Sophos Central.

When there is an event generated by either the firewall or Intercept X, and the originating IP address is the same, these should be merged into a single event rather than two. Automatically correlating these events would save us time.

We began using Sophos Intercept X a few days ago.

We use Intercept X on a daily basis and it is quite stable.

My impression is that this product is scalable.

We have only deployed Intercept X at one hospital, which has about 300 people that it protects. We have approximately six hospitals for which we are recommending its use.

We have only dealt with the sales team in the Philippines. Our concerns were commercial in nature, for the most part, rather than technical.

Prior to Intercept X, we were using the signature-based endpoint protection by Sophos. Our license was just recently up for renewal and we are in the process of upgrading to Intercept X.

In my previous company, we were using Cisco AMP. The beauty of Sophos Intercept X is that it does both signature-based on behavioral threat protection in one agent. With some other solutions, you have to install a different product for each approach.

The initial setup is very simple. We were able to install it in a few minutes and then it automatically begins detection. Completing the initial scan involves rebooting the computer a couple of times, so it takes a little while to complete and clean out the malware if it is there.

The interface is very user-friendly and we were able to deploy and operate it ourselves.

Our company does not have 24/7 monitoring, so we are now looking at a managed SOC that we can subscribe to. Ideally, this type of service will give recommendations, above simply alerting us to problems.

We were able to eliminate the ransomware using the one-month, full-featured trial license. Our intention now is to upgrade our systems to the full product. We were given a corporate rate.

Our licensing includes local support for each of our offices, nationwide. This something that we like.

Overall, this is a good product that seems to address our concerns and I can recommend it.

I would rate this solution a nine out of ten.

The primary use case is basically having a synchronized perspective on what's going on between endpoints, firewalls, and whatever other types of preventative measures the customer has. 

The fewer panes of glass you've got to go to to try to investigate an event, the better off you are. If there's some automation that goes on within the fabric, or whatever you want to call it, this coordinated effort, then you're going to come out ahead as a small organization. Sophos has one pane of glass, so it gives good visibility. There's less time spent in front of the screen because I have confidence in the automation that's going on.

It's been pretty reliable. There's been a few times when it hasn't just taken care of problems. The automation is very convenient.

There's Sophos Central where the customer has a single pane of glass. You can manage everything. 

The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this.

It has a Linux version that's available. 

What I look for in dealing with small businesses, is for something that is not going to add to their staffing requirements significantly in terms of management. That's true with both Sophos as with Fortinet. 

There's great situational awareness within all the other components. If I have a workstation, usually they're just taking care of everything without me even knowing about it unless I go into the logs and see what's been cleaned up. I don't care if something gets cleaned up, I do care if something doesn't get cleaned up. My reporting is set to an on exception basis to ensure I don't have a firehose of information pointed at me to overwhelm me. Customers don't generally want to know every little thing that's happening on their network. What they want to know is if something has happened that puts their environment or their infrastructure in jeopardy. Sophos does this exceptionally well.

The pricing of the solution is quite good.

The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?" I see that all the time. That's a question I always have in the reports I give my customers. "Okay. So this happened last month. And as you can see, there were all these attacks knocking at the door, but none were allowed through." If someone got through, then I'm going to be concerned.

I've been working with this solution alongside a customer for two years now.

The stability is great. We've never had issues with its reliability. It doesn't crash or freeze. There aren't bugs or glitches. It protects us well.

The solution scales really well. They have great resources on hand for managing it within the cloud. I haven't found any issues with capacity. I've never heard of anyone ever having issues in that regard.

Typically we deal with small businesses. When I say "small business" I am referring to a company of around 250 people.

Technical support has been very, very good. They're reliable and knowledgable. We've been satisfied with the level of service provided. 

We also have experience with Fortinet. Fortinet has what they call their security fabric, which does about the same thing. Basically you have a number of different products, different solutions, and it's all under a single pane of glass and everything's coordinated so that any member or any component of that fabric or synchronized security is aware, has situational awareness of what other components are experiencing. If there's an attack that breaks out in one place, then there's going to be the opportunity for basically isolating that particular component so that it doesn't allow lateral movement.

I've used other solutions. The reason that I like Sophos is mostly due to the synchronized security and cloud management. Other solutions that I've dealt with have been point solutions. I've needed to figure out how to get that situational awareness between the different points. You have to do that. The name of the game these days is to evade the parameter. I have to not only protect the endpoint as if there was no firewall, but I also have to make sure that I've got as much intelligence going on about the state of my internal network so that everybody knows what's happening next door to them.

The initial setup was a piece of cake. It wasn't complex at all. It's very straightforward.

I can justify the pricing for customers and I can explain what they're doing from a pricing standpoint in terms of the different risks that they're handling. I'm all about risk management. Unfortunately, we lose awareness of that, the calculus that goes into that when nothing's going wrong. 

You have to ask: what are you trying to protect? What are you willing to spend to protect that, and what's your expected loss if something happens? You have to look at all things and then decide if the number is fair. I'd argue that it is.

We're partners with Sophos. We're a consulting company and we provide some managed services. Sophos products are some that I deploy and manage for my customers.

I don't have the EDR or any of the really sophisticated stuff. The client doesn't think that they have a need to go to another level. 

I don't have EDR or MTR deployed for the customer. I work primarily with small businesses. So sometimes it's kind of hard to get them to invest more than what they feel comfortable doing.

Other organizations should give it serious consideration if they are looking for a solution. The price point is not unreasonable and the management and the continued evolution that I see within the product means that they're not sitting on their haunches waiting for the next big thing. They're constantly moving forward, trying to keep abreast of what's going on. 

We're in an arms race when it comes to cybersecurity. When you look at SophosLabs out of the UK and the work that they're doing in their blogs like Naked Security and whatnot, they're constantly in the forefront, constantly trying to find different threats. It's impressive, to say the least. All of that percolates down into their product because that's what drives their product.

I'd rate the solution at eight out of ten. The solution is consistently showing me that it has a very effective rubric that it follows through on in terms of identifying and remediating, particularly in the area of ransomware. They can handle everything without having to have somebody get down in the weeds and recover things. I like the automation that it brings into the work that's done. That was the wow factor that drew me to them, to begin with.

I find the security heartbeat feature with synchronized security very useful. It's a very nice feature that allows you to basically switch off an endpoint. When an endpoint has got a virus or something like that, or it's infected or compromised, you can isolate it from the network, but only if you've got an XG Firewall as well. 

It also provides ease of use. It is the only antivirus that can recognize 25 out of the 36 ransomware and virus techniques that have been often used in terms of the behavior base using heuristics. It's beautiful, utterly amazing. No other antivirus can do that. 

The pricing could be a bit lower to match the normal retail pricing.

I have been using this solution for the last four months. Currently, I am using the latest version.

It's really scalable. We easily did 5,000 installations in six hours. It's good at scalability.

Some of our SMB clients have 20 users, and some have around 200 to 300 users. A big enterprise client has around 5,000 users.

I don't set these products up, but they look pretty straightforward and simple to set up. The deployment of 5,000 users happened in around six hours. The deployment was obviously automated a little bit.

When you start going to the EDR technologies and the MTR, it is a little bit expensive. It's a very good technology, and obviously, you're going to pay for it, but the pricing could do a little bit of work.

I would definitely recommend Sophos Intercept X. It's the number one product in my go-to-market strategy. 

I haven't used it so much, but from what I've seen and played around with, it's a brilliant product. It has already got everything. It does what it's supposed to do and does it better than anyone else out there. If you look at Gartner Quadrants, they are at number three in terms of leaders. The Microsoft Defender ATP is number one.

I would rate Sophos Intercept X a nine out of ten. It is a beautiful product, and I love it.

We use Intercept X Advanced along with Sophos EDR (Enhanced Data Detection and Response).  

We use it for our servers and clients as advanced protection. It is not just a simple virus scanning product.  

We use it to work with clients and it is installed on five servers. At this time we have only installed it at one customer site. But we plan to continue to expand.  

The most valuable part of the solution in our use case is client isolation. It is a good feature.  

What I think Sophos can improve is with the data-loss feature, especially when it comes to using USB sticks and USB hard disks. The feature blocks access to these USB sticks and disks and there seems to be no immediate workaround for that. Our customer was not satisfied with the feature. We actually ended up having to deactivate this feature because it is too aggressive and could not meet the client's needs.  

We started using Sophos Intercept X in December of 2019.  

We have not had a problem at all with the stability.  

It is easy to scale this product. As far as the typical organization size that it fits, I would say it is suited for smaller and medium-sized companies. We have not yet installed it at a large customer site, so I cannot answer about large or enterprise companies specifically.  

To this point, I have not had a need to use Sophos support for Intercept X specifically.  

I have used Sophos support for other products that we use. Sophos support for XG is okay if it is just regarding questions about the product. I did not have any problems with them in getting a good answer to questions about the product or installations. But when it comes to device defects, then it can take four to six weeks to get a solution. In that case, the support is really not satisfactory. It does not satisfy me and it is really unacceptable.  

We did use other solutions in the past, including Trend Micro, Symantec, and Kaspersky. The main difference between Sophos Intercept X and the other products is the client reservation feature. I believe that is a standalone point for Sophos as it is the only product that has it. It allows particular hosts to always use the same IP address which is sometimes desirable.  

The administration of Trend Micro is one thing which I like about that product. It is very easy to use. I would say that Trend Micro is better than Sophos on that point.  

We switched to Sophos because we are selling Sophos firewalls already. The Sophos Intercept X product works better with these firewall solutions than other virus scanning products from different vendors. We decided to keep to the same vendor for a more unified solution.  

We started to work with Sophos Endpoint Protection originally and we are on Bonfire XG as well. It is convenient to expand out working with the brand as a partner.  

The initial setup for the product is not simple. It is medium to complex to install and setup.  

After deploying it takes only me and the customer team for maintenance. Really one person can do it. So there is just one person at my company and I have communication with one colleague at the customer site.  

We did not need outside help from a vendor to handle the deployment. I did it myself and we are a partner with Sophos.  

Advice that I would have for people considering using virus scanning is that I, personally, would not use Sophos Endpoints. That is the simplest edition of the Sophos virus protection product line. I would use Intercept X Advanced as the entry-level product as the other, simpler product, is not robust enough to provide acceptable protection for businesses in my estimation.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Sophos Intercept X as a seven. First, I never give a ten because every product can be improved. Second, I subtract two points because of my experience with the data loss feature and how it behaves with USB drives.  

We primarily use the solution for endpoint protection. 

The endpoint protection capabilities are great. 

The security on offer is pretty good. We are happy with it. 

I love the threat management on offer.

Their AI is quite good.

We haven't had any issues with stability so far.

Sophos has a central management dashboard, which I'm happy about.

The installation process is very straightforward. 

I'm mostly quite happy with the solution. I haven't had any issues with it. 

From the firewall side, from the Intercept X to endpoint protection, everything is there, so there's nothing much that I can complain about.

The solution can be expensive, although we do see the value in it.

I've used the solution for over a year now. 

The stability has been good. There are no bugs or glitches. it doesn't crash or freeze. It's reliable. 

We have over 200 employees on the solution currently. I haven't had any issues with scaling. 

I'm quite happy with the level of support on offer. 

We've used also AVG. We've used it in quite a few different places for different systems.

I found the implementation process sot be easy. It wasn't a problem at all. I did not find it to be overly complex or difficult. 

We have administrators and managers that can handle any technical stuff. 

We were able to handle the setup ourselves, in-house. We didn't need any integrator or consultant assistance. 

We have paid for three years of licensing. 

It is expensive, however, for what you getting out of it, from the firewall side and to endpoint protection, everything seems to be worth it.

I'd recommend the solution to other users and organizations. I'd rate it at a ten out of ten. 

The base product and the anti-malware feature are most valuable.

It consumes a lot of resources, and something needs to be done for that.

We use Intercept X Advance in our company, and this is the third year.

It is stable.

It is scalable. We have around 2,500 users. For its maintenance, there are just two or three people.

I never faced any issues.

We were using Symantec. It was on-premises. There was an issue with the company, and I faced an issue with their support. So, I had to switch. I wanted something on the cloud.

It was easy. On the client-side, it hardly takes 15 minutes.

Its price is reasonable.

They have to take care of the resource part. I would rate it a nine out of 10.

Our primary use cases for Sophos Intercept X are endpoint protection, corporate enterprise endpoint protection, EDR, and endpoint detection and response. And if you add the Sophos MTR to Sophos Intercept X, you could do managed threat response, as well. 

What I have found the most valuable about Sophos Intercept X is the ease of use with management administration and the solution's ability to stop exploits and ransomware. Sophos Intercept X has great exploit prevention capabilities.

Sophos Intercept X doesn't have its own firewall that utilizes the Windows Firewall or intrusion prevention.

I have been using Sophos Intercept X for four or five years.

Sophos Intercept X is stable. The cloud console they have been creating for a while is both stable and robust.

Sophos Intercept X is definitely scalable for all enterprises, from small to large.

I do not engage with Sophos Intercept X's technical support too often. I would say that they are okay. They are certainly not the best out there or the worst, so they are good.

The initial setup is straightforward in terms of the ability to integrate with an active directory and add users and put them into a default profile. You have to do a bit of learning to know which additional settings to activate sometimes, but the default settings are a good start.

I would say that Sophos Intercept X is comparable to other solutions out there, but it is a premium business product. The pricing reflects that.

If you are using other Sophos technology, it is worth it to take a look at Sophos Intercept X because of the integration and XDR technology capabilities.

One of the best use cases involves synchronized security staff, which allows us to manage both the firewall and the anti-virus features from the cloud. They work in tandem with each other. So, if there is any threat detected by the endpoint, it communicates information concerning this change to the firewall. For that particular client, at the firewall, it can update all other endpoints into the network to check if the same threat is visible on any other machine. Then, corrective action can be taken collectively with a single click.

We have not encountered any issues involving the solution. A point in its favor is that it has not slowed down our systems, such as occurred with McAfee, Symantec or even Quick Heal. This has been a positive experience for us. Also, the synchronized security, in which things work with each other, provides us with a pretty automated remediation methodology which cuts down on much of the manual steps and workload. 

At present, the solution meets the needs of our business scale. Perhaps in the future, as we grow and face increased challenges, there would be a need to explore other options. 

We've been using Sophos Intercept X for around six months.

The solution is pretty stable. 

The solution is, indeed, scalable. As a cloud-based solution, it is all about scalability. 

We have yet to encounter a situation in which we had a need to call tech support. 

The solution is pretty straightforward and very easy to configure.

Installation took no more than two or three minutes. 

We, ourselves, are system integrators and we have a staff of around seven people, consisting of eight engineers and a person who is responsible for the accounts, meaning the support staff. 

One can pay for the license annually, or at two and five year intervals. 

The solution is cloud-based.

I would absolutely recommend this solution to others. So far, so good. 

There are roughly 25 people making use of the solution in our organization. 

I rate Sophos Intercept X as a ten out of ten.