We performed a comparison between Intercept X Endpoint and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The product integrates security into one tool instead of having third-party security tools."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"Its most significant advantage lies in its affordability."
"Sophos Intercept X is a very effective solution and its being cloud-based is a benefit. Wherever my users are, I can apply policies to them. In the era of mobility, when users are out of the office or they're in different locations, it doesn't matter."
"This solution offers very good performance and it has great features."
"The most valuable feature is the behavioral, non-signature-based threat detection."
"The most valuable features of Sophos Intercept X are the ease of use and the policy options that are simple to understand. Overall, the protection is good."
"Sophos Intercept X has a host of valuable features, including its anti-malware feature, which we considered key."
"The initial setup is pretty straightforward."
"One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it."
"The most valuable features are ease of use and the GUI."
"The main thing I like about it is that it has an EDR."
"Wazuh has very flexible and robust features."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"The configuration assessment and Pile integrity monitoring features are decent."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"It has efficient SCA capabilities."
"Wazuh is simple to use for PCI compliance."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"We are considering switching from this solution as a result of the closer integration needed between the firewall systems and the EDR."
"They need to focus on their SLA or technical support. They also need to focus on their UI. They should also improve their content filtering tool and update it so that correct categories are there. Sometimes, when I want to block an online gaming website, it is not shown under the correct category. It is shown under another category. They need to review their content filtering tool on a bi-weekly or monthly basis and update the sites and categories. This will be really helpful for them."
"Intercept X could enhance its support services, particularly in terms of response time and resource allocation."
"It's a bit heavy on the computers. So once you install it, the computer slows down. It is a resource-intensive solution."
"There is some issue with the reporting and refreshing information on resources that have been eliminated."
"The technical support is the lone sore-point when dealing with this product."
"It consumes a lot of resources, and something needs to be done for that."
"This product does not handle USB drives well."
"The deployment is a bit complex."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"While it is scalable, it can suffer from reduced latencies."
"Wazuh is missing many things that a typical SIEM should have."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
Intercept X Endpoint is ranked 8th in Extended Detection and Response (XDR) with 101 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Intercept X Endpoint is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Panda Adaptive Defense 360, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our Intercept X Endpoint vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.