We performed a comparison between Cortex XDR by Palo Alto Networks and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Overall, users of Cortex XDR by Palo Alto Networks give the product higher ratings because its deployment is easier, it has a great set of features, it is affordable, and the technical support is helpful.
"Microsoft Defender XDR is scalable."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The most valuable aspect is undoubtedly the exploration capability"
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"The most valuable feature is the network security."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"Stability is one of the features we like the most."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"The management capabilities, allow an IT organization to get quite a good picture of attempted cyber attacks."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"It has pretty much everything we need and works well within the Palo Alto ecosystem."
"The stability of this product is very good."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"We find the app control and its threat protection to be the best features."
"Sophos Intercept X is a complete endpoint solution."
"The base product and the anti-malware feature are most valuable."
"The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are valuable assets."
"The forensics within the solution are quite good. The ransomware mitigation is also impressive."
"It is one of the best in terms of technicality."
"Intercept X's smart prevention it's very good as so are its machine learning capabilities for troubleshooting channels and files."
"I like the way it goes beyond the office space. Being a cloud-based solution makes it very easy to manage your endpoints within the office. In this time of COVID, you can also very effectively manage people who are working from home."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"Sometimes, configurations take much longer than expected."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The mobile app support for Android and iOS is difficult and needs improvement."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"I would like to see them include NDR (Network Detection Response)."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"It has a performance hit on a local laptop. There's an agent installed and we are bothered a lot by it because it seems to be using a lot of computer resources."
"The performance offered by the product needs improvement."
"We are considering switching from this solution as a result of the closer integration needed between the firewall systems and the EDR."
"The detection and the AI capabilities should be improved upon."
"We had some initial problems with our deployment, and they were more around uninstalling Sophos Basic and installing Sophos Intercept X. We had some challenges with some of the uninstallation scripts. They can improve the deployment of Sophos Intercept X when there is already an existing Sophos version. They can also provide more information in the form of best practices and lessons learned from previous findings. A knowledge base with this type of information would be helpful."
"The tool should be made compatible with Linux and Microsoft operating systems."
"The initial setup was not very user-friendly."
"The endpoint detection and response (EDR) technology has room for improvement because the information that it gives us to resolve our problems is poor nowadays."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Intercept X Endpoint is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trellix Endpoint Security, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Bitdefender GravityZone EDR. See our Cortex XDR by Palo Alto Networks vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.