We use Sophos Intercept X to protect the endpoint devices in our organization, such as PCs and MacBooks.
Useful web filtering, effective URL sanity checks, and excellent support
Pros and Cons
- "The most valuable feature of Sophos Intercept X is a web filtering and URL sanity checks. Overall the solution is well balanced with all its features."
- "The majority of our systems are MacBooks and their solution release cycle is slow to endorsing or support the MacBook's latest OS or hardware platform. For example, when Sophos macOS Big Sur version 11 was released, it took them a while to support this version of OS. A similar situation occurred when the MacBook M1 hardware CPU was released. They have not fully supported the native M1 CPU to this day. They need to speed up the solutions release cycle."
What is our primary use case?
How has it helped my organization?
Sophos Intercept X is a full package. It's more than only an antivirus solution to find the malicious code. We also use it to filter malicious websites and detect applications that have been outlined in our corporate policy.
What is most valuable?
The most valuable feature of Sophos Intercept X is a web filtering and URL sanity checks. Overall the solution is well balanced with all its features.
What needs improvement?
The majority of our systems are MacBooks and their solution release cycle is slow to endorsing or support the MacBook's latest OS or hardware platform. For example, when Sophos macOS Big Sur version 11 was released, it took them a while to support this version of OS. A similar situation occurred when the MacBook M1 hardware CPU was released. They have not fully supported the native M1 CPU to this day. They need to speed up the solutions release cycle.
The majority of our systems are Apple-based, this issue is more noticeable on the Apple platforms.
Buyer's Guide
Intercept X Endpoint
April 2025

Learn what your peers think about Intercept X Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Sophos Intercept X for approximately two years.
What do I think about the stability of the solution?
The stability or performance of Sophos Intercept X is good. However, sometimes users have needed to have their configuration fine-tuned to allow better performance.
What do I think about the scalability of the solution?
We have approximately 50 users using this solution.
We use Sophos Intercept X extensively and we use everything the solutions offer.
How are customer service and support?
The support I have experienced from Sophos Intercept X was great.
I would rate the support from Sophos Intercept X a five out of five.
Which solution did I use previously and why did I switch?
I have used other solutions other than Sophos Intercept X in other organizations but it has been over two years ago.
How was the initial setup?
I have been using Sophos Intercept X for over two years, in the beginning, the initial setup was straightforward but because they do not fully support the Apple platform, or they're pretty slow at supporting the Apple platform, the latest version supporting Apple is a little bit cumbersome to use. You need to walk the user through the process with some specific instructions or help the user directly. It's not as easy as it used to be.
I would rate the implementation process of Sophos Intercept X a four out of five.
What about the implementation team?
We did the implementation of Sophos Intercept X in-house.
I do the maintenance of the solution. We are a smaller company and I am sufficient for the maintenance of the solution.
What's my experience with pricing, setup cost, and licensing?
I have found the price of Sophos Intercept X to be reasonable.
What other advice do I have?
I would advise others that they have to look at their environment to determine if this solution would be best suited. Sophos Intercept X for a small business that has a mix of PCs, MacBooks, and has the need for multiple security controls, this tool fits us well. For different environments, the organization might need other or additional tools. For example, if they may need threat protection. There are different vendors that may have an edge in certain areas than Sophos Intercept X has. For us, we need a balanced, multi-pronged approach for securing in our environment, Sophos Intercept X works well.
I rate Sophos Intercept X an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Deputy Manager, Ict at Ushuru
An affordable and intelligent tool that provides good security features and can be managed centrally
Pros and Cons
- "It is an intelligent tool."
- "The tool is not stable on Linux systems."
What is our primary use case?
The product is used for security. It is like an antivirus.
What is most valuable?
The product learns the user’s behavior. It is an intelligent tool.
What needs improvement?
The product must also focus on other operating systems like Linux and macOS. The tool is not stable on Linux systems. It is heavy. It slows down the machine if the machine doesn't have good specifications.
For how long have I used the solution?
I have been using the solution for eight to nine years. I am using the latest version of the solution.
What do I think about the stability of the solution?
The product is stable on Windows machines. I rate the stability a seven out of ten.
What do I think about the scalability of the solution?
We have around 55 users from different departments. I rate the tool’s scalability a seven out of ten.
How are customer service and support?
Support is okay.
How was the initial setup?
The deployment is easy. I rate the ease of deployment a nine out of ten. The process is centralized. We have three engineers to maintain the tool. The frequency of maintenance depends on the alerts we receive about updates or viruses.
What's my experience with pricing, setup cost, and licensing?
The solution is not expensive. The pricing is manageable. We have to pay an annual subscription fee. I rate the pricing a six out of ten.
What other advice do I have?
I will recommend the solution to others. It is centrally managed. We do not have to go to the users’ machines to manage the product. Overall, I rate the product an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Intercept X Endpoint
April 2025

Learn what your peers think about Intercept X Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
Effective protection, simple policies, and helpful support
Pros and Cons
- "The most valuable features of Sophos Intercept X are the ease of use and the policy options that are simple to understand. Overall, the protection is good."
- "We are not able to merge the sub-estates. If we create multiple sub-states and there may be instances where a user is in a different sub-state, it may not be possible for us to relocate that user from one sub-state to another through the console. We have to merge them manually which is not ideal."
What is our primary use case?
The solution is used for security.
What is most valuable?
The most valuable features of Sophos Intercept X are the ease of use and the policy options that are simple to understand. Overall, the protection is good.
What needs improvement?
We are not able to merge the sub-estates. If we create multiple sub-states and there may be instances where a user is in a different sub-state, it may not be possible for us to relocate that user from one sub-state to another through the console. We have to merge them manually which is not ideal.
For how long have I used the solution?
I have been using Sophos Intercept X for approximately two and a half years.
What do I think about the stability of the solution?
The solution has been stable.
What do I think about the scalability of the solution?
We have approximately 800 users using this solution.
Sophos Intercept X is easy to scale and increase the capacity.
How are customer service and support?
The support team from Sophos Intercept X is good at helping us.
How was the initial setup?
The initial setup of Sophos Intercept X is simple. The process can be done in approximately 10 minutes.
To install Sophos Intercept X, we followed these steps: firstly, we ran the setup, which prompted us to click on "next." Then, we were asked to choose the "install" option, which we selected. After that, the installation process automatically commenced and was completed.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is average compared to the market.
Which other solutions did I evaluate?
When comparing Sophos Intercept X to other solutions it is easier to understand after watching the first video.
What other advice do I have?
I rate Sophos Intercept X an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Administrator at Finlays
Cloud-based, very stable, and makes it very easy to manage your endpoints
Pros and Cons
- "I like the way it goes beyond the office space. Being a cloud-based solution makes it very easy to manage your endpoints within the office. In this time of COVID, you can also very effectively manage people who are working from home."
- "I have not done it, but integrating it with authenticating the users on the Windows system looks a bit complicated to me. It could be because I don't understand it."
What is our primary use case?
We mainly use it on our endpoints. We use it for Windows machines and laptops. They have a server version for the servers.
What is most valuable?
I like the way it goes beyond the office space. Being a cloud-based solution makes it very easy to manage your endpoints within the office. In this time of COVID, you can also very effectively manage people who are working from home.
What needs improvement?
I have not done it, but integrating it with authenticating the users on the Windows system looks a bit complicated to me. It could be because I don't understand it.
Its installation takes a bit longer for each of the vendors. I don't know whether it is because of the internet connection. I don't know if it is just for me or it is the same for every other user.
For how long have I used the solution?
I have been using this solution for two years.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
It is very scalable. There are around 120 users and devices.
How are customer service and technical support?
I have never contacted them about this new product. I used to contact them before, and I don't have issues with their technical support. They respond, and their response is good.
Which solution did I use previously and why did I switch?
We were previously using Sophos Central. It was on-premises, so we migrated from that solution to this solution. It is pretty much the same thing that we were doing before, but now it is cloud-based.
How was the initial setup?
A new device installation is very easy. During installation, when you download the installation file from the web, the registration works so well, but the installation takes a bit longer for each of the vendors. I don't know whether it is because of the internet connection. It looks like it is the web installer that takes longer. I don't know if others have experienced the same issue.
We also had a few challenges during migration. Because we were doing a migration of the site, we wanted just to maintain what we were doing before.
What about the implementation team?
We did it ourselves. I'm part of a larger group, and my colleagues had done its implementation.
What's my experience with pricing, setup cost, and licensing?
We have bought a three-year license.
What other advice do I have?
I would very much recommend this solution. I would rate Sophos Intercept X a nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Senior Expert at Wafaassurance
Analyzes APTs and the endpoint behavior and provides detailed information
Pros and Cons
- "It provides a feature for scanning and analyzing endpoints, which is a value-add for our infrastructure. With the advancements in the Advanced Persistent Threats (APTs), Sophos Intercept X analyzes an APT and the behavior of the endpoints. It then gives us a detailed dashboard with more information about the endpoints and their security and risk level. While deploying Sophos Intercept X, we identified a lot of vulnerability and risky endpoints that our previous solution didn't cover, which proved that this solution is the best."
- "It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc."
What is most valuable?
It provides a feature for scanning and analyzing endpoints, which is a value-add for our infrastructure. With the advancements in the Advanced Persistent Threats (APTs), Sophos Intercept X analyzes an APT and the behavior of the endpoints. It then gives us a detailed dashboard with more information about the endpoints and their security and risk level.
While deploying Sophos Intercept X, we identified a lot of vulnerability and risky endpoints that our previous solution didn't cover, which proved that this solution is the best.
What needs improvement?
It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc.
For how long have I used the solution?
We have been using this solution for two years.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is scalable. We have 250 users in our company.
How are customer service and technical support?
Sophos technical support is very helpful. There are many ways to contact them. When I worked with Cyberoam, in the console, you can directly contact technical support through chat. A consultant joins the chat, and you can give them the control to your appliance to verify the configuration and do other checks and troubleshooting for resolving your issue. This is a strong point in Sophos technologies.
Which solution did I use previously and why did I switch?
We migrated from Kaspersky to Sophos Intercept X. While deploying Sophos Intercept X, we found a lot of vulnerability and risky endpoints that Kaspersky didn't cover.
How was the initial setup?
The initial setup is not complex. The deployment and testing took us one month.
You start by deploying the server, and then you can install or deploy an endpoint. There are many ways to deploy endpoints. A roaming user can use just the email with the link, or the support team can move the endpoint or assist the user by phone.
What about the implementation team?
We had consultants. For implementation, I coordinated with a consultant from Atos and a consultant from Sophos. Atos is our infrastructure manager and service provider.
What's my experience with pricing, setup cost, and licensing?
Licensing is based on the number of users. They give a discount for editors who are considered as important members. From what I know, Sophos products are not expensive. If you have a license extension, you just need to contact the editor or partner to change the mode of licensing or extend the license to cover more people.
What other advice do I have?
I would recommend using this solution. It is an antivirus and anti-ransomware solution. It has many functions and features. Antivirus is its major feature. The anti-ransomware module is its advanced function.
It has been a good solution so far. It has a very good score in NSS Labs, which is a laboratory that tries and tests all security solutions and gives them a scoring. Many other companies have also started to deploy this solution.
We plan to continue using Sophos solutions. I am in touch with new users, and they appreciate this solution. We have a meeting tomorrow with Sophos to share with our technology roadmap and choose the new technologies to deploy in our company. We will do a proper proof of concept of the solution to evaluate technical aspects, technical features, offerings, limitations, and strong points.
I would rate Sophos Intercept X a nine out of ten. It is a good product.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of IT Infrastructure at a non-tech company with 1,001-5,000 employees
Fairly priced, reliable, and has helpful support
Pros and Cons
- "It is stable."
- "We tried to set up Sophos Zero Trust within my Sophos central cloud. It only works with Microsoft and I use Google. I'd like to see Google added."
What is our primary use case?
We use the solution for endpoint and server security.
How has it helped my organization?
From a security standpoint, it provides me the visibility to see what is happening on all my endpoints and server.
What is most valuable?
I have the ability to interact directly with potentially infected machines from the network.
It is easy to set up.
The solution offers fair pricing.
Technical support is helpful and responsive.
It is stable.
The solution scales well.
What needs improvement?
Initially, when I started, I had a lot of performance challenges. They need to work on performance to the endpoints.
We tried to set up Sophos Zero Trust within my Sophos central cloud. It only works with Microsoft and I use Google. I'd like to see Google added.
For how long have I used the solution?
I've been using the solution since 2019. I've used it for three to four years.
What do I think about the stability of the solution?
It is very stable. There are no bugs or glitches, and it doesn't crash or freeze.
What do I think about the scalability of the solution?
It has scaled well. We haven't had issues in that respect.
We have about 950 endpoints and 57 users.
We have plans to increase usage.
How are customer service and support?
I've used technical support. They are fine. I speak to the country manager directly in Nigeria, and they are very responsive.
Which solution did I use previously and why did I switch?
I'm also using Digital Guardian. The combination of Sophos and this solution may have affected performance.
How was the initial setup?
It has two components. While it is n the cloud, all agents are deployed on-premises.
What was our ROI?
I have definitely seen an ROI while using this solution.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair. It's not overly expensive.
What other advice do I have?
I'm using the latest version. It updates automatically online.
I'd advise new users to deploy Intercept X with EDR on your endpoints.
I'd rate the solution nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior CyberSecurity Architect and Mentor at BlueTeamAssess LLC
Reliable, scalable and very simple to set up
Pros and Cons
- "The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this."
- "The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?""
What is our primary use case?
The primary use case is basically having a synchronized perspective on what's going on between endpoints, firewalls, and whatever other types of preventative measures the customer has.
How has it helped my organization?
The fewer panes of glass you've got to go to to try to investigate an event, the better off you are. If there's some automation that goes on within the fabric, or whatever you want to call it, this coordinated effort, then you're going to come out ahead as a small organization. Sophos has one pane of glass, so it gives good visibility. There's less time spent in front of the screen because I have confidence in the automation that's going on.
What is most valuable?
It's been pretty reliable. There's been a few times when it hasn't just taken care of problems. The automation is very convenient.
There's Sophos Central where the customer has a single pane of glass. You can manage everything.
The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this.
It has a Linux version that's available.
What I look for in dealing with small businesses, is for something that is not going to add to their staffing requirements significantly in terms of management. That's true with both Sophos as with Fortinet.
There's great situational awareness within all the other components. If I have a workstation, usually they're just taking care of everything without me even knowing about it unless I go into the logs and see what's been cleaned up. I don't care if something gets cleaned up, I do care if something doesn't get cleaned up. My reporting is set to an on exception basis to ensure I don't have a firehose of information pointed at me to overwhelm me. Customers don't generally want to know every little thing that's happening on their network. What they want to know is if something has happened that puts their environment or their infrastructure in jeopardy. Sophos does this exceptionally well.
The pricing of the solution is quite good.
What needs improvement?
The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?" I see that all the time. That's a question I always have in the reports I give my customers. "Okay. So this happened last month. And as you can see, there were all these attacks knocking at the door, but none were allowed through." If someone got through, then I'm going to be concerned.
For how long have I used the solution?
I've been working with this solution alongside a customer for two years now.
What do I think about the stability of the solution?
The stability is great. We've never had issues with its reliability. It doesn't crash or freeze. There aren't bugs or glitches. It protects us well.
What do I think about the scalability of the solution?
The solution scales really well. They have great resources on hand for managing it within the cloud. I haven't found any issues with capacity. I've never heard of anyone ever having issues in that regard.
Typically we deal with small businesses. When I say "small business" I am referring to a company of around 250 people.
How are customer service and technical support?
Technical support has been very, very good. They're reliable and knowledgable. We've been satisfied with the level of service provided.
Which solution did I use previously and why did I switch?
We also have experience with Fortinet. Fortinet has what they call their security fabric, which does about the same thing. Basically you have a number of different products, different solutions, and it's all under a single pane of glass and everything's coordinated so that any member or any component of that fabric or synchronized security is aware, has situational awareness of what other components are experiencing. If there's an attack that breaks out in one place, then there's going to be the opportunity for basically isolating that particular component so that it doesn't allow lateral movement.
I've used other solutions. The reason that I like Sophos is mostly due to the synchronized security and cloud management. Other solutions that I've dealt with have been point solutions. I've needed to figure out how to get that situational awareness between the different points. You have to do that. The name of the game these days is to evade the parameter. I have to not only protect the endpoint as if there was no firewall, but I also have to make sure that I've got as much intelligence going on about the state of my internal network so that everybody knows what's happening next door to them.
How was the initial setup?
The initial setup was a piece of cake. It wasn't complex at all. It's very straightforward.
What's my experience with pricing, setup cost, and licensing?
I can justify the pricing for customers and I can explain what they're doing from a pricing standpoint in terms of the different risks that they're handling. I'm all about risk management. Unfortunately, we lose awareness of that, the calculus that goes into that when nothing's going wrong.
You have to ask: what are you trying to protect? What are you willing to spend to protect that, and what's your expected loss if something happens? You have to look at all things and then decide if the number is fair. I'd argue that it is.
What other advice do I have?
We're partners with Sophos. We're a consulting company and we provide some managed services. Sophos products are some that I deploy and manage for my customers.
I don't have the EDR or any of the really sophisticated stuff. The client doesn't think that they have a need to go to another level.
I don't have EDR or MTR deployed for the customer. I work primarily with small businesses. So sometimes it's kind of hard to get them to invest more than what they feel comfortable doing.
Other organizations should give it serious consideration if they are looking for a solution. The price point is not unreasonable and the management and the continued evolution that I see within the product means that they're not sitting on their haunches waiting for the next big thing. They're constantly moving forward, trying to keep abreast of what's going on.
We're in an arms race when it comes to cybersecurity. When you look at SophosLabs out of the UK and the work that they're doing in their blogs like Naked Security and whatnot, they're constantly in the forefront, constantly trying to find different threats. It's impressive, to say the least. All of that percolates down into their product because that's what drives their product.
I'd rate the solution at eight out of ten. The solution is consistently showing me that it has a very effective rubric that it follows through on in terms of identifying and remediating, particularly in the area of ransomware. They can handle everything without having to have somebody get down in the weeds and recover things. I like the automation that it brings into the work that's done. That was the wow factor that drew me to them, to begin with.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager - IT Practices at ThinkPalm Technologies Pvt Ltd
Though scalable, it lacks the ability to list all installed applications within the tool
Pros and Cons
- "The solution's initial setup process was straightforward."
- "Stability-wise, we had issues with some clients which had to be dealt with manually. The issue was with that installation part."
What is our primary use case?
I use the solution for endpoint security.
What is most valuable?
Overall, it is a good product. The solution's performance, integration, and customization features are okay, in my opinion.
What needs improvement?
Compared to Kaspersky, some points, like application lists, are missing. So, we should have the option for listing all the applications that are installed on the client's side. I would like to see future improvements related to the aforementioned point.
For how long have I used the solution?
I have been using Sophos Intercept X for three years. Also, I am using the solution's latest version. I am an end user of the solution.
What do I think about the stability of the solution?
I rate the solution's stability a seven out of ten. Stability-wise, we had issues with some clients which had to be dealt with manually. The issue was with that installation part.
What do I think about the scalability of the solution?
There are around 100 users in my company using the solution. Scalability-wise, I rate the solution an eight out of ten.
How are customer service and support?
We were able to solve the solution's installation-related issues within a few hours, so we did not have to contact technical support. We didn't face any issues that prompted us to contact support. I rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were previously using Kaspersky. We switched to Sophos Intercept X due to compliance issues.
How was the initial setup?
The solution's initial setup process was straightforward.
The solution is deployed on a cloud that belongs to Sophos. Per machine, the deployment process may take around ten minutes.
The solution's maintenance can be done by one person who can be an administrator.
What was our ROI?
Though I haven't seen a direct ROI using the solution, since it's an antivirus, it restricts viruses.
What's my experience with pricing, setup cost, and licensing?
There is a yearly payment to be made. For each client, it costs around 15 dollars. There are no additional costs besides the licensing price we pay to use the solution.
What other advice do I have?
I can recommend the product to those planning to use it. I rate the overall solution a seven out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Intercept X Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Product Categories
Endpoint Protection Platform (EPP) Endpoint Detection and Response (EDR) ZTNA Managed Detection and Response (MDR) Extended Detection and Response (XDR) Ransomware ProtectionPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
Fortinet FortiClient
Cisco Secure Endpoint
Symantec Endpoint Security
HP Wolf Security
Trend Vision One Endpoint Security
Trellix Endpoint Security
Kaspersky Endpoint Security for Business
ESET Endpoint Protection Platform
Check Point Harmony Endpoint
Buyer's Guide
Download our free Intercept X Endpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Sophos Intercept X or Symantec End-User Endpoint Security - which is the better solution?
- Can Sophos Intercept X and Carbon Black be used side by side on endpoints?
- Which endpoint solution is more effective in terms of protection and remote administration: Sophos Intercept X or Kaspersky Endpoint Security?
- How does Crodwstrike Falcon compare with Sophos Intercept X?
- Sophos Intercept X: renewal cost for a security system integrator
- What is the biggest difference between EPP and EDR products?
- Can Cylance be used with Symantec or Kaspersky endpoint solutions without conflict?
- When evaluating Endpoint Security, what aspect do you think is the most important to look for?
- What's the best way to trial endpoint protection solutions?
- What are the threats associated with using ‘bogus’ cybersecurity tools?