We performed a comparison between Intercept X Endpoint and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"The most valuable aspect is undoubtedly the exploration capability"
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"It provides a feature for scanning and analyzing endpoints, which is a value-add for our infrastructure. With the advancements in the Advanced Persistent Threats (APTs), Sophos Intercept X analyzes an APT and the behavior of the endpoints. It then gives us a detailed dashboard with more information about the endpoints and their security and risk level. While deploying Sophos Intercept X, we identified a lot of vulnerability and risky endpoints that our previous solution didn't cover, which proved that this solution is the best."
"The most valuable features are the anti-ransomware engine, deep learning, web filtering, and the cloud manageability."
"The pricing is fair. It's not too costly for our small organization."
"One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it."
"The key factor that attracted me to Sophos Intercept X was the multi-platform. I have multiple clients that have mixed environments of Mac and Windows. I am able to deliver a standard solution, regardless of the platform."
"This is really good because it's applicable to zero-day threats."
"The deployment is quick. It just depends on the environment and what you may be replacing."
"The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this."
"Wazuh is simple to use for PCI compliance."
"If they support a solution, it is easy to do an integration."
"The MITRE ATT&CK correlation is most valuable."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"Its cost-effectiveness is the most valuable aspect."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Wazuh has very flexible and robust features."
"At times, there may be delays in the execution of certain actions and their effects."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"There are not any solutions that are a 10 out of 10. A 10 would be perfect protection with no impact on the performance of the device. This is not the case, there is some impact on the performance of the device."
"I'm not clear on what features need improvement. Everything is mostly fine."
"The Data Loss Prevention module can be better. It should also have threat hunting capabilities."
"The pricing could be a bit lower to match the normal retail pricing."
"Stability-wise, we had issues with some clients which had to be dealt with manually. The issue was with that installation part."
"Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."
"I would like to have a built-in firewall, rather than having to integrate one."
"The main real-time scanning takes most of the processing power of my notebook."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"Its configuration process is time-consuming."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
Intercept X Endpoint is ranked 8th in Extended Detection and Response (XDR) with 101 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Intercept X Endpoint is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Panda Adaptive Defense 360, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our Intercept X Endpoint vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.