We performed a comparison between Cortex XDR by Palo Alto Networks and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Overall, users of Cortex XDR by Palo Alto Networks give the product higher ratings because its deployment is easier, it has a great set of features, it is affordable, and the technical support is helpful.
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"Microsoft Defender XDR is scalable."
"The product integrates security into one tool instead of having third-party security tools."
"The integration between all the Defender products is the most valuable feature."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"It's a nice product that's stable and scalable."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"It is easy to use."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"The behavior-based detection feature is valuable."
"The solution doesn't need a high level of technical training."
"The most valuable feature of the solution is that it is less hash-based than competitors."
"It does its job — it protects us from viruses. We don't really interact with it very much."
"Synchronization with the firewall is most valuable."
"Offers artificial intelligence, security metrics and a lot of information gathered to make decisions."
"The client isolation feature is a very effective feature."
"The most valuable features are ease of use and the GUI."
"This solution is easy to configure."
"It's a good antivirus software and has a lot of features. It now integrates with their on-premises firewall, which is perfect."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"At times, there may be delays in the execution of certain actions and their effects."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"Advanced attacks could use an improvement."
"The mobile app support for Android and iOS is difficult and needs improvement."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"Limited remote connection."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."
"I would like to see better protection, specifically to protect email applications."
"The solution should offer more dashboards and they should be better customized."
"A little bit more automation would be nice."
"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"Sophos Intercept X doesn't have its own firewall that utilizes the Windows Firewall or intrusion prevention."
"The majority of our systems are MacBooks and their solution release cycle is slow to endorsing or support the MacBook's latest OS or hardware platform. For example, when Sophos macOS Big Sur version 11 was released, it took them a while to support this version of OS. A similar situation occurred when the MacBook M1 hardware CPU was released. They have not fully supported the native M1 CPU to this day. They need to speed up the solutions release cycle."
"To be a perfect product, the price would have to be a bit better."
"The main real-time scanning takes most of the processing power of my notebook."
"I am not very satisfied with the product's reporting overall, and it needs improvement in this area."
"When I use a proxy, I can bypass Sophos, which is an area that needs improvement."
"The ADR functionalities feel like they aren't mature enough. It hasn't been a long time since Sophos has offered reproduction. Due to the fact that it's so young, it has fewer functionalities than other and more mature ADR solutions."
"The deployment part needs to be improved."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Intercept X Endpoint is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trellix Endpoint Security, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Bitdefender GravityZone EDR. See our Cortex XDR by Palo Alto Networks vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.