Intercept X Endpoint Reviews

Sophos Intercept X is the antivirus protection of my choice and my client's choice because it does not only malware, antivirus, and Trojan protection but also anti-exploit protection. It has a quarantine process as well. It does all of the usual antivirus plus the anti-exploit and anti-ransomware processes.

One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it.

I look at all my network workstations and laptops, and if any one of them has some issues with updates or receives a notification, then the server console in the cloud will send me an email as well.

I like it's user interface, cloud integration, and the GUI. It's easy to work with it with clients.

I also like Sophos Intercept X because I can install it on a computer, and if it's set for tamper proof, then nobody can uninstall the program.

As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of.

I've been working with Sophos Intercept X ever since it was released three years ago.

It is a cloud solution. The installation is local on the device, but it communicates to the cloud where the cloud server manages the reports, notifications, and licensing.

My impressions of the stability of Intercept X is that it's excellent.

The scalability is not a problem at all.

I've received really good technical support. They're amazing.

I've had experience with other antivirus programs such as Trend, Norton, and McAfee, and they just flag it and indicate that you are infected. However, Sophos has always taken care of things. This way, if my users don't know what to do with a popup, at least I know that Sophos will just grab it, quarantine it, and protect the user.

Sophos is easy to install and easy to manage, and I have had no issues with it. I've had better protection and quarantining features with Sophos Intercept X.

On a scale from one to five, where one is complex and five is easy, I'd rate the initial setup at four. This is because sometimes you'll get a popup asking you to reboot, but actually, if you've installed it a few times, you know that you have to reboot it after the installation. So, there are a couple of popups that don't make it seamless.

If I've got 10 new workstations with a new client and I've sold them 10 licenses and one server, I will have that set up in the cloud as soon as I get the license. It will probably take half an hour to set that up. I can then start adding computers instantly. To install 10 computers, it would take about five hours.

My team and I implement it. We also, sometimes, walk a client through the process remotely.

Sophos Intercept X is a good protection service package for small businesses and large corporations. You can have two computers, five computers, or 5,000 computers, and it'll be just as easy to manage.

I haven't had any issues with ransomware since I began using anti-exploit. I trust Sophos Intercept X and rate it at ten on a scale from one to ten.

We are using Sophos Intercept X for endpoint protection.

Sophos Intercept X is a very effective solution and its being cloud-based is a benefit. Wherever my users are, I can apply policies to them. In the era of mobility, when users are out of the office or they're in different locations, it doesn't matter. 

Whenever a user gets infected, as an admin, we get notified. We have many options to pick from, the ability to send policies to the endpoints is a very good feature that they have.

Whenever there is an update all the agents on the end-users systems automatically update.

We have the option of caching updates on the network, which allows us to save on bandwidth. For example, if we have 100 people in the office, we can deploy an internal caching server or a message link server, so not all computers need a connection to Sophos onto the cloud.

Sophos Intercept X integrates with their other solution very well, such as the XG Firewall. The feature is called Synchronized Security.

From the management side, we receive detailed information. Sophos has many features, such as Threat Hunting but that comes with the XDR version of the solution. There's Sophos Intercept X and then there's Sophos Intercept X with XDR technology. We bought the XDR and then now the MTR, Managed Threat Response version available too. They have different packages for clients which gives them different options to pick from. If Sophos could combine more features into one package it would be beneficial.

I have been using Sophos Intercept X for approximately five years.

Sophos Intercept X is highly stable.

I have found Sophos Intercept X to be scalable.

We have approximately 40 clients using this solution.

I'm a Sophos certified architect to myself, and as a partner, from the vendor, we have excellent support. We have not had a problem with the technical support, they are always available for communication, such as online chat or on-call.

We have used Kaspersky, ESET, Bitdefender, and Symantec solutions.

The installation is very easy. If someone is not on the network, you can send them an invite by email and they would only need to install the agent, and everything will work perfectly.

The time the installation takes depends on the internet connection. Sometimes it takes only five minutes and other times it can take up to 10 minutes. It all depends on the connection because it has to download the installer.

The end-user can install the solution themself. It is very easy. It is only a two to three-step process it is complete. 

Many people are using this solution and some customers don't even have IT managers, we provide them manage services I this case.

The solution has great protection against anti-ransomware and all of the zero-day threats. The ROI is very good.

There is a license required to use this solution.

If it's a managed services provider contract that we have with the customer, then they pay monthly. Depends on the customer, what the requirements are. They can pay either monthly or annually to us, but we have to pay annually to the vendor.

Before choosing Sophos Intercept X we evaluated Kaspersky, ESET, Bitdefender, and Symantec. For some of our clients who are using the other products, now they've shifted to Sophos Intercept X.

I would recommend this solution to others.

I rate Sophos Intercept X a ten out of ten.

We currently have about 13 staff using Intercept X. We use it to secure and protect our devices as well as monitor projects and do some product reviews. You can also use it to block devices as needed, like if you just want to block a work point category.

Intercept X's smart prevention it's very good as so are its machine learning capabilities for troubleshooting channels and files.

Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them. For example, they could add a report that shows me the versions of the devices on the infrastructure server, so I can make sure all the devices are updated. 

I've used Intercept X for three years.

Intercept X is good in terms of both performance and stability. It's not constantly updating the device or using up too many resources.

I would say that Intercept X is easy to scale.

Sophos support is very good. I don't talk to them that much, though. I can usually handle everything because it's not complicated. However, in the past, I have contacted support because there were some features I didn't know how to use or configure. 

The setup was simple. I deployed this by myself. Though my team and I got some help from the vendor for new features that I didn't know about. 

I would rate Intercept X eight out of 10

We primarily use the solution as endpoint protection as well as for endpoint detection and response. It's like an EDR. It's basically used to prevent ransomware.

I would say that it's difficult to really say how it's improved our organization. We had never actually been hit by a ransomware attack prior to installing Sophos and never had Sophos tell us that we're experiencing one. That said, it's very important to be protected. Getting attacked would be a disaster.

We were looking for something that could sense ransomware attempts, to encrypt files, and cut off and reverse attacks as well as alert us to issues. That's what the Intercept X is designed to do. It's very good at security and protection. It offers very good reports.

The initial setup is simple.

The biggest feature that's on the server version that we're using, the EDR, is the ability to push data on threats that it's seeing over to another management platform, like a managed detection response service. It's nice that it's possible to do this and we don't have to pay so much attention to the alerts. They can for us.

It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first. Otherwise, it thinks you're a virus. It would be ideal if there was some sort of setting where you could warn the system it's just you in there doing routine maintenance.

I've used the solution over the last couple of years. However, I haven't used the product too heavily.

The stability is relatively good. We've had a few false alarms, however, there's nothing major that's happened so far. It seems free of bugs and glitches. It doesn't crash or freeze. It's good.

I haven't personally tried to scale anything. It's probably pretty scalable because you don't have an appliance. Appliances have limitations as they have a set size or capacity. It is a cloud-based console, therefore it can probably scale pretty well.

We have 80 people in our organization and everybody uses the product.

I'd rate technical support pretty high. I'd give them an eight out of ten. They're helpful. They are knowledgeable and responsive. We've been satisfied with the level of attention we get when we need them.

We didn't have anything previously for anti-ransomware. We just had the Kaspersky antivirus. However, it wasn't able to detect ransomware specifically. Therefore, we put Sophos Intercept X on to do that.

We've found the initial setup is pretty straightforward. It's not overly complex. We didn't have trouble setting everything up.

We're using the latest version of the solution.

We've got Sophos Intercept X on the notebook computers along with Kaspersky and then on the servers it's only Sophos EDR, which has both antivirus and Intercept X. All are bundled together.

The console's on the cloud and that's just installed on the clients, however, they all communicate with a self-hosted JIRA cloud console.

I'd advise those considering the solution to probably just go with the antivirus portion as well. That way, you've got it all under one console. We're juggling two consoles, Kaspersky and Sophos. It would be easier if everything was under one.

ON a scale from one to ten, I'd rate this product at a nine. We've been very happy with it.

The main use cases of this solution are for protection from ransomware and malware. Although we don't have EDR because of its high cost, we do have the capability to filter the website. Our use case is more about capturing crypto and the like that can encrypt files. I'm a system administrator and we are customers of Sophos. 

I've found that the most valuable feature is the anti-virus that captures malicious threats and the next generation firewall which is more aggressive in terms of not only looking for viruses, but also for SaaS and the movement of equipment. If something strange comes up we're automatically notified and it's either blocked or quarantined. It enables you to prevent future viruses and enables us to inform the user of malicious websites they have visited.

To date, we haven't had any incidents related to viruses or any types of attacks and we barely get any false positives. It's good to know that any malicious anti-virus detected is automatically blocked, although it makes things more difficult for our IT department.

There is an issue when deploying on cloud because it needs to be done manually. For an enterprise company that can have 10,000 or even 50,000 end users, it's a lot to deploy manually. An additional feature they might include would be the ability to control the lockdown on hardware; to control all the entry points such as a USB, a camera or any external storage. 

I've been using this solution for three years. 

I think this solution is stable. It doesn't allow you to do anything that may cause a problem. If you try to download something that is prone to hacking, the solution won't allow it. It's important to use the admin lock to prevent malicious programs being downloaded. It's good at preventing remote users from downloading malware. 

The solution is very scalable because they don't generally deal with small size office deployments of 10 or 15 users. The solution can scale to 100,000 or even up to 200,000 users.  

Initially we didn't have phone support, but now it's part of the enterprise portfolio which we have. We only use the support if we have an issue with the server. It's the benefit of the cloud, there are no concerns about the server whereas on-premise you need to synchronize your server or upgrade the new version to get those features.

We migrated from Symantec enterprise to Sophos and SentinelOne. The approach is the same for all of them. 

Initial setup for the cloud is very straightforward because it's managed by the company. It's just a matter of downloading the agent and installing to your end point. The on-premise implementation is more difficult, particularly if you're not familiar with it but the support is very helpful. I believe there's a way to roll out without the need to visit individual users. I believe they integrate with an active directory, and then post from there. Deployment time depends on availability of the user's desktop or and/or laptop. If it's on premise, you can push that one, it would take less than 15 minutes. To deploy in a company would take less than a month. 

If you start with the standard solution, move to Intercept X, and then go to the EDR version, it's almost double the price in comparison to other vendors. It's a choice for any company. Check Point's SandBlast, for example, has two payables but the additional payable includes encrypting your hard drive - not everyone needs that feature. 

This is a good product but it comes at a high price. As a result, I would rate this solution an eight out of 10.

The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are probably the biggest areas of the product that we employ. We also make use of web content filtering and application control as well.  

I would probably say that the DLP portion of the product is the most valuable for what we do. That just happens to be the side of the house I sit in. But the EDR alerting is also relevant when talking about valuable features.  

Refreshing the reports could be improved. It looks like sometimes when systems no longer exist those systems can still show up on the reporting.  

For example, if you spin up a virtual desktop and a virtual server, and then you change the name of that virtual server, what happens is Intercept X still maintains a record of the device by the old name. It does that even though it no longer exists in the system because the name has been changed. So, refreshing the data is probably something that needs to be addressed.  

I can not really address what I think needs to be added to the product right now because I still think our organization is focusing on learning what the product can do and discovering the capabilities. I have been so involved with it from the perspective of understanding what it does currently that I am still trying to figure out what else we would like to see.  

We have been using Sophos Intercept X for probably a little over six months now.  

We have about 1500 endpoints. That is a pretty good volume. While I do not know exactly how to rate it, the scalability is excellent from the standpoint of adding endpoints. We have not run across any issues with the scalability of it. I would tell you that it is very applicable to this company right now and certainly is up to the task of matching our needs.  

To this point-in-time, we have found that the technical support is very responsive. We can reach them by phone and by email, and we get answers to the issues and questions we bring up.  

I think the initial installation and setup were very straightforward.  

Once the rollout started, we had to incorporate 1500 devices — and that is just the desktops alone. It probably took about two months. The amount of time it took was because of the scale of resources dedicated to onboarding the solution. It was not because of distribution.  

We did not need to use an integrator or consultant for deployment. It was all done internally.  

We did evaluate other options before choosing Sophos. For example, we looked at Sentinel One. We also looked at a couple of different solutions like Trend Micro and CrowdStrike. Looking at those four seems to have been a good enough comparison of products in the category.  

My biggest bit of advice for people taking on Intercept X is to train your staff on all of the functions of that solution. There are a number of solutions within the one product and it is best to know how to use them all and if they apply to your circumstances.  

The biggest lesson we have learned from using Sophos is that the product can be a bit overwhelming with information and data. That is the situation where your training and your resources come into play.  

Make sure you have a complete plan to utilize the tool or you will have pieces that are just sitting there and nothing is happening to utilize them. There are a lot of capabilities that the solution has and you need to make the effort to discover them.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate Sophos Intercept X as probably about a nine-out-of-ten. It is not until you see other applications like CrowdStrike and do a comparison to see what they can do that you really have an idea of what applications in the category are capable of.  

We are a small consulting group. We are not really end-users but we sell to them. We are primarily recommending Sophos Central Intercept X as a client solution for endpoint security. They are going to be using it for the security apps, their desktops, and there is a server version as well. I would think that someone buying the server product would expect that to include endpoint security, including ransomware protection, advanced threat protection, and zero-day threat protection.  

Many of our users also use Sophos firewalls and the solutions integrate with each other nicely.  

I would say that the most valuable features are the cloud administration and the strength of the ransomware protection.  

The one thing that I think probably needs the most attention with this product is the technical support. Some of our customers are starting to complain about that.  

It is a good product, generally. I can not really give it any criticism or go on about missing or broken features. I have got nothing to say that needs improvement other than the support.  

We have been recommending Sophos to users for maybe four years. The proper product name is actually Sophos Central Intercept X Advanced.  

I do not know of any limitations having to do with the scalability of this product. We are a small company so the number of clients that we have is not that large. The total would be maybe around 10 clients. The number of endpoints under management for those clients that we are involved with is about 1000. I do not see that we are even close to any limitations in scaling this product with those numbers.  

The one thing that needs the most attention according to our customers is the product's technical support. We do not really hear anything about the product having larger issues but there have been a few comments on the gaps in tech support.  

The initial setup is probably straightforward but there are times when it could be difficult. We are about to do a project where we are going to have to replace a Symantec product. We will see how hard that is to do. The potential problems have more to do with a question of how difficult it is to remove Symantec completely than it is about installing Sophos. There is a tool from Sophos for doing a replacement. We had not used it before so we will get to see how well it works.  

The deployment is quick. It just depends on the environment. If you have a lot of remote sites, that could take more time. If you got to replace something, you never know how hard it is going to be because of how another product sets down its roots. There is a point where you have to just do as well as you can and then deal with issues if any arise.  

When we deploy it into client sites we are the integrators and consultants for the deployment. It deploys as you would expect and there are no surprises. Again, it could be hard to remove an existing solution.  

Intercept X for endpoints is around $35 per user per year. The server version is $95 per server per year.  

I would advise anybody who is using a Sophos firewall and is looking to migrate to another solution to give Intercept X the serious consideration it deserves because the Sophos firewall integrates well with the Intercept X solution and that is an advantage.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as a nine-out-of-ten.  

The main use case is to have the reversible ransomware attack aspect of Intercept X. It's more of an antivirus solution rather than an EDR solution - a slightly different product to Carbon Black in that respect.

The scalability capabilities are fine.

The stability on offer is fine.

The initial setup can be a little complex. 

The deployment part needs to be improved. It doesn't feed into our SOCs. That's the only thing we have to try and figure out - how we're going to do that. The SOC is our interface with our security partners who monitor our security events. That's done for us on a 24/7 basis.

I've worked with the solution for five years. It's been a while.

We haven't had any issues with stability. It doesn't crash or freeze. It's reliable. 

The entire organization uses Sophos right now. It's pretty ubiquitous.

The solution can scale well, even on our hardware. it hasn't been an issue. 

We also use Carbon Black, although we use it in a bit of a different way. Carbon Black is also easier to set up than Sophos.

The initial setup is a lot harder than, for example, Carbon Black. It's more difficult and complex. Its implementation isn't exactly easy.

It took us a few months to finally get it set up. We ran into some issues.

We're just a customer and an end-user. We don't have a business relationship with Sophos.

The solution is deployed on hardware as well as virtual machines. 

I would rate the solution at a seven out of ten overall.