No more typing reviews! Try our Samantha, our new voice AI agent.

Intercept X Endpoint vs N-able EDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Intercept X Endpoint
Ranking in Endpoint Detection and Response (EDR)
19th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
110
Ranking in other categories
Endpoint Protection Platform (EPP) (14th), ZTNA (13th), Managed Detection and Response (MDR) (13th), Extended Detection and Response (XDR) (15th), Ransomware Protection (4th)
N-able EDR
Ranking in Endpoint Detection and Response (EDR)
50th
Average Rating
7.6
Reviews Sentiment
7.1
Number of Reviews
4
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Intercept X Endpoint is 1.6%, down from 1.8% compared to the previous year. The mindshare of N-able EDR is 0.7%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Intercept X Endpoint1.6%
N-able EDR0.7%
Other94.1%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
AM
IT Head at Dee Development
Has struggled to detect major threats but has offered basic protection over time
Intercept X Endpoint could learn from CrowdStrike in terms of overall performance and filtering because performance is most important, especially these days as Windows is getting buggier and buggier, which puts a huge load on the PC, and even with the most advanced CPUs and everything in place, it still lags in performance in so many places, thanks to Windows' clumsy design of these collaboration suites that make it extremely heavy on PC's resources. The interface of Intercept X Endpoint is quite old-fashioned. The Sophos interfaces, including for Intercept X Endpoint, are quite bad actually; to be very honest, even in UTM boxes, they are not great at all. You can hardly see a very small portion of windows while it's creating the firewall rules, and we have been complaining about this for quite some time, but there hasn't been any improvement on those grounds. Intercept X Endpoint's anti-ransomware capabilities failed us during a bad attack, and just because of our own backup policies, we could restore our normal operations; otherwise, if we had to depend on this solution, we would have been long dead because the infection was so bad, it couldn't even detect the infection. Intercept X Endpoint cannot handle zero-day attacks; in my experience, last year, we had this major issue with a malware attack, and it happened just because of our backup policies that we were able to recover without any support from Sophos, which just told us they would charge us some 1 Crore in rupees. Intercept X Endpoint should improve their implementation; things will never be perfect for the new world. This new world is always facing new kinds of attacks and new ways to compromise the system. They need to learn fast, implement fast, and sometimes redesigning the solution is the solution—not just patchwork. There was a time we used to love Sophos because of its fresh design and innovative thought. In my experience, when technical companies are led by MBA professionals, they lose their shine on the technical part and become more dependent on target sales; it turns into a marketing-centric operation that loses the technical focus completely.
NM
Senior Operations Specialist at Tagit cc
Reporting effectiveness and advanced AI capabilities improve threat awareness while needing pricing simplification and licensing self-service
With pricing, they can improve by bundling their pricing because sometimes billing comes in a very long process. If they could bundle it as one solution and show the capabilities or features, they would be able to sell it more effectively, and as resellers, we could sell it to customers more easily. The technical support is responsive, but sometimes we experience limitations regarding the ability to add licensing. They could implement a self-service platform for assigning new licenses or ordering more. Currently, we depend on contacting someone who sends a new contract to sign through the process. They could change their licensing model, though I am not the right person to comment on functionality. On the reporting side, everything is covered.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The biggest positive impact I see from Cortex XDR by Palo Alto Networks is a significant reduction in the number of people required to manage it."
"Stability-wise, it is good; I did not hear about any issues in terms of stability, and Cortex XDR by Palo Alto Networks can be trusted completely."
"The policy configuration is great, the granularity of policies that are available is very helpful, it is straightforward to set up, and it has pretty much everything we need and works well within the Palo Alto ecosystem."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"Traps pays for itself within the first 16 months of a three-year subscription."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"The most valuable for us is the correlation feature."
"It is easy to use."
"It's a good antivirus software and has a lot of features. It now integrates with their on-premises firewall, which is perfect."
"The solution has very good usability."
"Very stable solution."
"The product efficiently prevents data leakages."
"The client isolation feature is a very effective feature."
"The setup was simple; it took us about one day to set up and configure the software."
"The most valuable features of Sophos Intercept X are the ease of use and the policy options that are simple to understand. Overall, the protection is good."
"Sophos Intercept X is a complete endpoint solution."
"The most valuable feature, which I can describe as the '360 vision' of the inventory device, provides a complete view of all the devices."
"It provides visibility and a storyline to track the virus or malware's activities, showing infected processes and changes made."
"We have been using this solution for quite some time, and the AI functionality is quite advanced; we are able to provide insights on different aspects and read the reports easily."
"The most valuable features are the rollback feature, it's important for us. The AI models and are good."
 

Cons

"I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response."
"The configuration could be simplified. I would like to see better protection, specifically to protect email applications."
"Cortex XDR by Palo Alto Networks is a strong tool, but it is true that digesting information sometimes makes the tool go a little bit slower."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution."
"In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex."
"Cortex XDR by Palo Alto Networks could improve its user interface, which is more complicated compared to competitors such as SentinelOne."
"If Palo Alto reduces the pricing slightly for their products, it would make them more scalable in markets such as India and globally for cybersecurity."
"Sophos Central does not provide all of the information that is available, so it requires us to take the additional step of retrieving details from the firewall."
"Should include additional integration."
"It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first."
"Intercept X could enhance its support services, particularly in terms of response time and resource allocation."
"The support on offer isn't ideal. In terms of the support on offer, for example, if there was a zero-day kind of attack or something, the turnaround time that Sophos offers is not acceptable."
"There are not any solutions that are a 10 out of 10. A 10 would be perfect protection with no impact on the performance of the device. This is not the case, there is some impact on the performance of the device."
"I'm not clear on what features need improvement. Everything is mostly fine."
"In my opinion, there have been significant developments in the product. In my opinion, I don’t have any suggestions as of now, however I can suggest a cost deduction which will be beneficial for all the parties. It will also relieve our budget and benefit our team."
"I would rate the scalability as seven out of ten. The capability is useful. Concerning the license, if I add one more device without a license, it will automatically subscribe to a license. I do not appreciate that."
"We have a lot of false positives we see in the dashboard. I think this is the only problem we are facing."
"With pricing, they can improve by bundling their pricing because sometimes billing comes in a very long process."
"I would like to see them add support for both Android and iOS smartphones."
 

Pricing and Cost Advice

"The pricing is a little high. It is per user per year."
"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"It has reasonable pricing for the use cases it provides to the company."
"Cortex XDR's pricing is ok."
"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"The tool's price is moderate."
"Its price depends on the scenario. It is very expensive, but it is not more expensive than other vendors. The price of Check Point and other vendors is much higher than Sophos."
"I have found the price of Sophos Intercept X to be reasonable."
"Intercept X for endpoints is around $35 per user per year. The server version is $95 per server per year."
"It's not bad, but compared to competitors, it's a little bit on the high side. The price could be more competitive."
"I would rate the price 7 out of 10, where 1 is most expensive and 10 is cheapest. Also, a little reduction in price can be a great move for Intercept X Endpoint."
"The price of this solution is a little high compared to competitors because they do not have a proper pricing structure."
"The solution requires an annual subscription."
"The pricing is quite expensive compared to the rest. I would rate the pricing a four out of ten; one is expensive, and ten is cheap."
"The pricing is average."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
904,054 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
11%
Comms Service Provider
9%
Construction Company
9%
Comms Service Provider
9%
Computer Software Company
9%
Manufacturing Company
8%
Manufacturing Company
20%
Comms Service Provider
14%
Transportation Company
11%
Healthcare Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business76
Midsize Enterprise21
Large Enterprise22
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
How does Crodwstrike Falcon compare with Sophos Intercept X?
I like that Crowdstrike Falcon allows me to easily correlate data between my firewalls. Its detection and machine lea...
What is your experience regarding pricing and costs for Sophos Intercept X?
Intercept X Endpoint has some impact on the budget. It is quite costly when measuring Intercept X Endpoint's protecti...
What needs improvement with Sophos Intercept X?
Intercept X Endpoint can be improved in several ways. Currently, it is only available on the cloud, and having it ava...
What needs improvement with N-able EDR?
With pricing, they can improve by bundling their pricing because sometimes billing comes in a very long process. If t...
What is your primary use case for N-able EDR?
We are using N-able EDR, but I think Sophos makes sense because of the environment we operate in. The localization an...
What advice do you have for others considering N-able EDR?
I am more focused on operations and procurement. The decision to use this solution was made before I joined the compa...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Sophos Intercept X
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Flexible Systems
Information Not Available
Find out what your peers are saying about Intercept X Endpoint vs. N-able EDR and other solutions. Updated: June 2026.
904,054 professionals have used our research since 2012.