Intercept X Endpoint Reviews

It provides a feature for scanning and analyzing endpoints, which is a value-add for our infrastructure. With the advancements in the Advanced Persistent Threats (APTs), Sophos Intercept X analyzes an APT and the behavior of the endpoints. It then gives us a detailed dashboard with more information about the endpoints and their security and risk level.

While deploying Sophos Intercept X, we identified a lot of vulnerability and risky endpoints that our previous solution didn't cover, which proved that this solution is the best.

It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc.

We have been using this solution for two years. 

It is stable.

It is scalable. We have 250 users in our company.

Sophos technical support is very helpful. There are many ways to contact them. When I worked with Cyberoam, in the console, you can directly contact technical support through chat. A consultant joins the chat, and you can give them the control to your appliance to verify the configuration and do other checks and troubleshooting for resolving your issue. This is a strong point in Sophos technologies.

We migrated from Kaspersky to Sophos Intercept X. While deploying Sophos Intercept X, we found a lot of vulnerability and risky endpoints that Kaspersky didn't cover.

The initial setup is not complex. The deployment and testing took us one month.

You start by deploying the server, and then you can install or deploy an endpoint. There are many ways to deploy endpoints. A roaming user can use just the email with the link, or the support team can move the endpoint or assist the user by phone. 

We had consultants. For implementation, I coordinated with a consultant from Atos and a consultant from Sophos. Atos is our infrastructure manager and service provider. 

Licensing is based on the number of users. They give a discount for editors who are considered as important members. From what I know, Sophos products are not expensive. If you have a license extension, you just need to contact the editor or partner to change the mode of licensing or extend the license to cover more people.

I would recommend using this solution. It is an antivirus and anti-ransomware solution. It has many functions and features. Antivirus is its major feature. The anti-ransomware module is its advanced function.

It has been a good solution so far. It has a very good score in NSS Labs, which is a laboratory that tries and tests all security solutions and gives them a scoring. Many other companies have also started to deploy this solution.

We plan to continue using Sophos solutions. I am in touch with new users, and they appreciate this solution. We have a meeting tomorrow with Sophos to share with our technology roadmap and choose the new technologies to deploy in our company. We will do a proper proof of concept of the solution to evaluate technical aspects, technical features, offerings, limitations, and strong points. 

I would rate Sophos Intercept X a nine out of ten. It is a good product.

We use Sophos Intercept X on all of our end-user PCs and servers.

The most valuable feature of Sophos Intercept X is cloud management. 

Sophos Intercept X used to be managed through the Sophos UTM, and they moved it. They moved the endpoint security strictly to the cloud, and it is a lot better that way it is more functional. Before all it did was download the software. Now that we have full management of the clients, you can easily update them remotely. There's a lot of additional policy functionality that was not there before. However, sometimes a little too much, but not as much as a solution, such as Cisco.

I have been using Sophos Intercept X for approximately six years.

Sophos technical support has always been fantastic. I've never had an issue, they have been great, and they are tremendously helpful. They are very hands-on, and they dive in to help to fix your problem if you need them to.

I have used many other solutions, such as Cisco. 

When comparing Cisco to Sophos Intercept X, Cisco solutions are more difficult.

Sophos Intercept X could improve on its setup process. They could make it easier to have a baseline set up for the system, or at least provide more understanding of what the baseline is when you first install it. This could be a matter of lack of training on my part, but it's difficult to receive training on solutions that are not Cisco. Cisco is the only vendor with classes or courses.

When we set it up, we made very few changes from the baseline setup, and mainly that's to allow other software to operate. Sometimes the endpoint security software interferes with your software that needs to be running in addition to the bad software. You have to set up and configure the software and the policies to allow for the software you want to operate.

We typically have one person that does the implementation and maintenance of Sophos Intercept X.

The cost of Sophos Intercept X is reasonable.

I would rate the price of Sophos Intercept X an eight out of ten.

I would recommend others to try the solution, we have had a very good experience with it.

I rate Sophos Intercept X a nine out of ten.

The primary use case is basically having a synchronized perspective on what's going on between endpoints, firewalls, and whatever other types of preventative measures the customer has. 

The fewer panes of glass you've got to go to to try to investigate an event, the better off you are. If there's some automation that goes on within the fabric, or whatever you want to call it, this coordinated effort, then you're going to come out ahead as a small organization. Sophos has one pane of glass, so it gives good visibility. There's less time spent in front of the screen because I have confidence in the automation that's going on.

It's been pretty reliable. There's been a few times when it hasn't just taken care of problems. The automation is very convenient.

There's Sophos Central where the customer has a single pane of glass. You can manage everything. 

The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this.

It has a Linux version that's available. 

What I look for in dealing with small businesses, is for something that is not going to add to their staffing requirements significantly in terms of management. That's true with both Sophos as with Fortinet. 

There's great situational awareness within all the other components. If I have a workstation, usually they're just taking care of everything without me even knowing about it unless I go into the logs and see what's been cleaned up. I don't care if something gets cleaned up, I do care if something doesn't get cleaned up. My reporting is set to an on exception basis to ensure I don't have a firehose of information pointed at me to overwhelm me. Customers don't generally want to know every little thing that's happening on their network. What they want to know is if something has happened that puts their environment or their infrastructure in jeopardy. Sophos does this exceptionally well.

The pricing of the solution is quite good.

The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?" I see that all the time. That's a question I always have in the reports I give my customers. "Okay. So this happened last month. And as you can see, there were all these attacks knocking at the door, but none were allowed through." If someone got through, then I'm going to be concerned.

I've been working with this solution alongside a customer for two years now.

The stability is great. We've never had issues with its reliability. It doesn't crash or freeze. There aren't bugs or glitches. It protects us well.

The solution scales really well. They have great resources on hand for managing it within the cloud. I haven't found any issues with capacity. I've never heard of anyone ever having issues in that regard.

Typically we deal with small businesses. When I say "small business" I am referring to a company of around 250 people.

Technical support has been very, very good. They're reliable and knowledgable. We've been satisfied with the level of service provided. 

We also have experience with Fortinet. Fortinet has what they call their security fabric, which does about the same thing. Basically you have a number of different products, different solutions, and it's all under a single pane of glass and everything's coordinated so that any member or any component of that fabric or synchronized security is aware, has situational awareness of what other components are experiencing. If there's an attack that breaks out in one place, then there's going to be the opportunity for basically isolating that particular component so that it doesn't allow lateral movement.

I've used other solutions. The reason that I like Sophos is mostly due to the synchronized security and cloud management. Other solutions that I've dealt with have been point solutions. I've needed to figure out how to get that situational awareness between the different points. You have to do that. The name of the game these days is to evade the parameter. I have to not only protect the endpoint as if there was no firewall, but I also have to make sure that I've got as much intelligence going on about the state of my internal network so that everybody knows what's happening next door to them.

The initial setup was a piece of cake. It wasn't complex at all. It's very straightforward.

I can justify the pricing for customers and I can explain what they're doing from a pricing standpoint in terms of the different risks that they're handling. I'm all about risk management. Unfortunately, we lose awareness of that, the calculus that goes into that when nothing's going wrong. 

You have to ask: what are you trying to protect? What are you willing to spend to protect that, and what's your expected loss if something happens? You have to look at all things and then decide if the number is fair. I'd argue that it is.

We're partners with Sophos. We're a consulting company and we provide some managed services. Sophos products are some that I deploy and manage for my customers.

I don't have the EDR or any of the really sophisticated stuff. The client doesn't think that they have a need to go to another level. 

I don't have EDR or MTR deployed for the customer. I work primarily with small businesses. So sometimes it's kind of hard to get them to invest more than what they feel comfortable doing.

Other organizations should give it serious consideration if they are looking for a solution. The price point is not unreasonable and the management and the continued evolution that I see within the product means that they're not sitting on their haunches waiting for the next big thing. They're constantly moving forward, trying to keep abreast of what's going on. 

We're in an arms race when it comes to cybersecurity. When you look at SophosLabs out of the UK and the work that they're doing in their blogs like Naked Security and whatnot, they're constantly in the forefront, constantly trying to find different threats. It's impressive, to say the least. All of that percolates down into their product because that's what drives their product.

I'd rate the solution at eight out of ten. The solution is consistently showing me that it has a very effective rubric that it follows through on in terms of identifying and remediating, particularly in the area of ransomware. They can handle everything without having to have somebody get down in the weeds and recover things. I like the automation that it brings into the work that's done. That was the wow factor that drew me to them, to begin with.

Sophos Intercept X is the antivirus protection of my choice and my client's choice because it does not only malware, antivirus, and Trojan protection but also anti-exploit protection. It has a quarantine process as well. It does all of the usual antivirus plus the anti-exploit and anti-ransomware processes.

One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it.

I look at all my network workstations and laptops, and if any one of them has some issues with updates or receives a notification, then the server console in the cloud will send me an email as well.

I like it's user interface, cloud integration, and the GUI. It's easy to work with it with clients.

I also like Sophos Intercept X because I can install it on a computer, and if it's set for tamper proof, then nobody can uninstall the program.

As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of.

I've been working with Sophos Intercept X ever since it was released three years ago.

It is a cloud solution. The installation is local on the device, but it communicates to the cloud where the cloud server manages the reports, notifications, and licensing.

My impressions of the stability of Intercept X is that it's excellent.

The scalability is not a problem at all.

I've received really good technical support. They're amazing.

I've had experience with other antivirus programs such as Trend, Norton, and McAfee, and they just flag it and indicate that you are infected. However, Sophos has always taken care of things. This way, if my users don't know what to do with a popup, at least I know that Sophos will just grab it, quarantine it, and protect the user.

Sophos is easy to install and easy to manage, and I have had no issues with it. I've had better protection and quarantining features with Sophos Intercept X.

On a scale from one to five, where one is complex and five is easy, I'd rate the initial setup at four. This is because sometimes you'll get a popup asking you to reboot, but actually, if you've installed it a few times, you know that you have to reboot it after the installation. So, there are a couple of popups that don't make it seamless.

If I've got 10 new workstations with a new client and I've sold them 10 licenses and one server, I will have that set up in the cloud as soon as I get the license. It will probably take half an hour to set that up. I can then start adding computers instantly. To install 10 computers, it would take about five hours.

My team and I implement it. We also, sometimes, walk a client through the process remotely.

Sophos Intercept X is a good protection service package for small businesses and large corporations. You can have two computers, five computers, or 5,000 computers, and it'll be just as easy to manage.

I haven't had any issues with ransomware since I began using anti-exploit. I trust Sophos Intercept X and rate it at ten on a scale from one to ten.

The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are probably the biggest areas of the product that we employ. We also make use of web content filtering and application control as well.  

I would probably say that the DLP portion of the product is the most valuable for what we do. That just happens to be the side of the house I sit in. But the EDR alerting is also relevant when talking about valuable features.  

Refreshing the reports could be improved. It looks like sometimes when systems no longer exist those systems can still show up on the reporting.  

For example, if you spin up a virtual desktop and a virtual server, and then you change the name of that virtual server, what happens is Intercept X still maintains a record of the device by the old name. It does that even though it no longer exists in the system because the name has been changed. So, refreshing the data is probably something that needs to be addressed.  

I can not really address what I think needs to be added to the product right now because I still think our organization is focusing on learning what the product can do and discovering the capabilities. I have been so involved with it from the perspective of understanding what it does currently that I am still trying to figure out what else we would like to see.  

We have been using Sophos Intercept X for probably a little over six months now.  

We have about 1500 endpoints. That is a pretty good volume. While I do not know exactly how to rate it, the scalability is excellent from the standpoint of adding endpoints. We have not run across any issues with the scalability of it. I would tell you that it is very applicable to this company right now and certainly is up to the task of matching our needs.  

To this point-in-time, we have found that the technical support is very responsive. We can reach them by phone and by email, and we get answers to the issues and questions we bring up.  

I think the initial installation and setup were very straightforward.  

Once the rollout started, we had to incorporate 1500 devices — and that is just the desktops alone. It probably took about two months. The amount of time it took was because of the scale of resources dedicated to onboarding the solution. It was not because of distribution.  

We did not need to use an integrator or consultant for deployment. It was all done internally.  

We did evaluate other options before choosing Sophos. For example, we looked at Sentinel One. We also looked at a couple of different solutions like Trend Micro and CrowdStrike. Looking at those four seems to have been a good enough comparison of products in the category.  

My biggest bit of advice for people taking on Intercept X is to train your staff on all of the functions of that solution. There are a number of solutions within the one product and it is best to know how to use them all and if they apply to your circumstances.  

The biggest lesson we have learned from using Sophos is that the product can be a bit overwhelming with information and data. That is the situation where your training and your resources come into play.  

Make sure you have a complete plan to utilize the tool or you will have pieces that are just sitting there and nothing is happening to utilize them. There are a lot of capabilities that the solution has and you need to make the effort to discover them.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate Sophos Intercept X as probably about a nine-out-of-ten. It is not until you see other applications like CrowdStrike and do a comparison to see what they can do that you really have an idea of what applications in the category are capable of.  

We are a small consulting group. We are not really end-users but we sell to them. We are primarily recommending Sophos Central Intercept X as a client solution for endpoint security. They are going to be using it for the security apps, their desktops, and there is a server version as well. I would think that someone buying the server product would expect that to include endpoint security, including ransomware protection, advanced threat protection, and zero-day threat protection.  

Many of our users also use Sophos firewalls and the solutions integrate with each other nicely.  

I would say that the most valuable features are the cloud administration and the strength of the ransomware protection.  

The one thing that I think probably needs the most attention with this product is the technical support. Some of our customers are starting to complain about that.  

It is a good product, generally. I can not really give it any criticism or go on about missing or broken features. I have got nothing to say that needs improvement other than the support.  

We have been recommending Sophos to users for maybe four years. The proper product name is actually Sophos Central Intercept X Advanced.  

I do not know of any limitations having to do with the scalability of this product. We are a small company so the number of clients that we have is not that large. The total would be maybe around 10 clients. The number of endpoints under management for those clients that we are involved with is about 1000. I do not see that we are even close to any limitations in scaling this product with those numbers.  

The one thing that needs the most attention according to our customers is the product's technical support. We do not really hear anything about the product having larger issues but there have been a few comments on the gaps in tech support.  

The initial setup is probably straightforward but there are times when it could be difficult. We are about to do a project where we are going to have to replace a Symantec product. We will see how hard that is to do. The potential problems have more to do with a question of how difficult it is to remove Symantec completely than it is about installing Sophos. There is a tool from Sophos for doing a replacement. We had not used it before so we will get to see how well it works.  

The deployment is quick. It just depends on the environment. If you have a lot of remote sites, that could take more time. If you got to replace something, you never know how hard it is going to be because of how another product sets down its roots. There is a point where you have to just do as well as you can and then deal with issues if any arise.  

When we deploy it into client sites we are the integrators and consultants for the deployment. It deploys as you would expect and there are no surprises. Again, it could be hard to remove an existing solution.  

Intercept X for endpoints is around $35 per user per year. The server version is $95 per server per year.  

I would advise anybody who is using a Sophos firewall and is looking to migrate to another solution to give Intercept X the serious consideration it deserves because the Sophos firewall integrates well with the Intercept X solution and that is an advantage.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as a nine-out-of-ten.  

We are using Sophos as an endpoint protection solution.

It's too early for me to really evaluate the solution at this company, as I've only been at the organization for a month. That said, I have used Sophos before.

So far, the protection aspect seems to be good. 

I have used Sophos in my previous job and it has been a stable product. 

The product scales well. 

The initial setup is pretty straightforward. 

The challenge with Sophos is whenever there's an escalation to a level 3 or level 4 or a certain kind of important issue, or if you want to reach out to the leadership, it's difficult to do so.

They don't have the full stack of offerings as compared to the other competitive products that we see.

While I've only been at the organization for about one month, it's my understanding that the company has been using the solution for about a year.

The solution is stable. From what I have witnessed, it doesn't crash or freeze and there are no bugs or glitches. Historically, the performance has been good and I've found it to be reliable. 

The solution is very scalable. If a company needs to expand it, it can do so. It's not a problem.

We have about 5,000 users on the solution currently.

The support on offer isn't ideal. In terms of the support on offer, for example, if there was a zero-day kind of attack or something, the turnaround time that Sophos offers is not acceptable. They should improve their responsiveness. We are not 100% satisfied. 

I've only been at this company for one month and have yet to contact technical support on behalf of this company.

The installation process is very simple and straightforward. It's not overly complex or difficult. A company should have any issues handling deployments. 

Currently, we are considering other solutions and may move away from this product.

We're just customers and end-users. The company does not have a business relationship with Sophos. 

I cannot speak to the exact version of the solution we're using. My understanding is that we are on whatever the latest version is. 

I'd rate the solution at a seven out of ten.

I wouldn't recommend the solution at this time as we are considering going to another solution. 

We have split our operations into work at home and on-premise. We have over 2,000 or 3,000 work-at-home agents. Some of them do not connect to us via a virtual private network. They connect directly to our CRM clients. In order for us to ensure that we have visibility and to be able to protect our PCs, we are using Sophos Intercept X via the cloud.

We have been a client of Sophos for close to nine or ten years, and we have not been compromised with ransomware or anything like that during this period. The whole Sophos solution set has been very useful.

There are additional security features in Sophos Intercept X as well as proxy rules and settings that help us in minimizing the sites that our agents can go to, even after their work hours. 

We had some initial problems with our deployment, and they were more around uninstalling Sophos Basic and installing Sophos Intercept X. We had some challenges with some of the uninstallation scripts. They can improve the deployment of Sophos Intercept X when there is already an existing Sophos version. They can also provide more information in the form of best practices and lessons learned from previous findings. A knowledge base with this type of information would be helpful.

We've been a Sophos client for close to nine or ten years. We started using Sophos Intercept X last year.

After everything is deployed, I've not heard anything negative from my team. It seems stable. 

Given that it is a cloud implementation, Intercept X is very scalable.

We have about 6,000 or 7,000 users. The majority of them are customer service agents. We are using both Sophos Basic and Intercept X, and our plan is to migrate the rest of the nodes to Sophos Intercept X. However, our migration plan might change because we are getting a requirement for Cynet from our clients who use Cynet. They are about 4,000 in number. 

We are rather satisfied. It has not gone to that level where I have to escalate to Sophos Philippines for support. The only pain point that we had was related to the installation and deployment, given that we had to deploy outside of our network.

We had some initial problems with our deployment, and it was more around uninstalling Sophos Basic and installing Sophos Intercept X. 

Its setup was rather complex because we support different clients, and the configuration of the PCs of each client is different. If every PC is the same, the initial setup might be straightforward, but we support over 30 different campaigns, which makes it challenging. We were able to deploy it for 2,000 or 3,000 agents, but it was not as seamless as we wanted it to be. It ended up taking four or five months.

We had Sophos Philippines and a local partner of theirs to assist us in this whole process. Overall, the experience was positive, but it could have been better. We could have received some more assistance from Sophos, either Sophos Philippines or Sophos headquarters, in terms of script development. Some of the issues were resolved by my own engineers by tweaking some scripts.

I am not sure about the cost. I would guess it to be between $50 to $60 per license. This would be the cost of the overall subscription. There is no additional fee.

At this point, we are kind of positive about Sophos Intercept X. Our overall experience, after the deployment challenges, has been rather good.

I would rate Sophos Intercept X an eight out of ten.