Try our new research platform with insights from 80,000+ expert users
Peter Forster - PeerSpot reviewer
Network Administrator at Sechelt Indian Band
Reseller
Is easy to install and manage, and has anti-exploit protection
Pros and Cons
  • "One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it."
  • "As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of."

What is our primary use case?

Sophos Intercept X is the antivirus protection of my choice and my client's choice because it does not only malware, antivirus, and Trojan protection but also anti-exploit protection. It has a quarantine process as well. It does all of the usual antivirus plus the anti-exploit and anti-ransomware processes.

What is most valuable?

One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it.

I look at all my network workstations and laptops, and if any one of them has some issues with updates or receives a notification, then the server console in the cloud will send me an email as well.

I like it's user interface, cloud integration, and the GUI. It's easy to work with it with clients.

I also like Sophos Intercept X because I can install it on a computer, and if it's set for tamper proof, then nobody can uninstall the program.

What needs improvement?

As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of.

For how long have I used the solution?

I've been working with Sophos Intercept X ever since it was released three years ago.

It is a cloud solution. The installation is local on the device, but it communicates to the cloud where the cloud server manages the reports, notifications, and licensing.

Buyer's Guide
Intercept X Endpoint
October 2024
Learn what your peers think about Intercept X Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.

What do I think about the stability of the solution?

My impressions of the stability of Intercept X is that it's excellent.

What do I think about the scalability of the solution?

The scalability is not a problem at all.

How are customer service and support?

I've received really good technical support. They're amazing.

Which solution did I use previously and why did I switch?

I've had experience with other antivirus programs such as Trend, Norton, and McAfee, and they just flag it and indicate that you are infected. However, Sophos has always taken care of things. This way, if my users don't know what to do with a popup, at least I know that Sophos will just grab it, quarantine it, and protect the user.

Sophos is easy to install and easy to manage, and I have had no issues with it. I've had better protection and quarantining features with Sophos Intercept X.

How was the initial setup?

On a scale from one to five, where one is complex and five is easy, I'd rate the initial setup at four. This is because sometimes you'll get a popup asking you to reboot, but actually, if you've installed it a few times, you know that you have to reboot it after the installation. So, there are a couple of popups that don't make it seamless.

If I've got 10 new workstations with a new client and I've sold them 10 licenses and one server, I will have that set up in the cloud as soon as I get the license. It will probably take half an hour to set that up. I can then start adding computers instantly. To install 10 computers, it would take about five hours.

What about the implementation team?

My team and I implement it. We also, sometimes, walk a client through the process remotely.

What other advice do I have?

Sophos Intercept X is a good protection service package for small businesses and large corporations. You can have two computers, five computers, or 5,000 computers, and it'll be just as easy to manage.

I haven't had any issues with ransomware since I began using anti-exploit. I trust Sophos Intercept X and rate it at ten on a scale from one to ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Muzamil Yakub - PeerSpot reviewer
Chief Executive Officer at Infoview Limited
Real User
Beneficial policy management, automatic endpoint updates, simple installation
Pros and Cons
  • "Sophos Intercept X is a very effective solution and its being cloud-based is a benefit. Wherever my users are, I can apply policies to them. In the era of mobility, when users are out of the office or they're in different locations, it doesn't matter."
  • "From the management side, we receive detailed information. Sophos has many features, such as Threat Hunting but that comes with the XDR version of the solution. There's Sophos Intercept X and then there's Sophos Intercept X with XDR technology. We bought the XDR and then now the MTR, Managed Threat Response version available too. They have different packages for clients which gives them different options to pick from. If Sophos could combine more features into one package it would be beneficial."

What is our primary use case?

We are using Sophos Intercept X for endpoint protection.

What is most valuable?

Sophos Intercept X is a very effective solution and its being cloud-based is a benefit. Wherever my users are, I can apply policies to them. In the era of mobility, when users are out of the office or they're in different locations, it doesn't matter. 

Whenever a user gets infected, as an admin, we get notified. We have many options to pick from, the ability to send policies to the endpoints is a very good feature that they have.

Whenever there is an update all the agents on the end-users systems automatically update.

We have the option of caching updates on the network, which allows us to save on bandwidth. For example, if we have 100 people in the office, we can deploy an internal caching server or a message link server, so not all computers need a connection to Sophos onto the cloud.

Sophos Intercept X integrates with their other solution very well, such as the XG Firewall. The feature is called Synchronized Security.

What needs improvement?

From the management side, we receive detailed information. Sophos has many features, such as Threat Hunting but that comes with the XDR version of the solution. There's Sophos Intercept X and then there's Sophos Intercept X with XDR technology. We bought the XDR and then now the MTR, Managed Threat Response version available too. They have different packages for clients which gives them different options to pick from. If Sophos could combine more features into one package it would be beneficial.

For how long have I used the solution?

I have been using Sophos Intercept X for approximately five years.

What do I think about the stability of the solution?

Sophos Intercept X is highly stable.

What do I think about the scalability of the solution?

I have found Sophos Intercept X to be scalable.

We have approximately 40 clients using this solution.

How are customer service and support?

I'm a Sophos certified architect to myself, and as a partner, from the vendor, we have excellent support. We have not had a problem with the technical support, they are always available for communication, such as online chat or on-call.

Which solution did I use previously and why did I switch?

We have used Kaspersky, ESET, Bitdefender, and Symantec solutions.

How was the initial setup?

The installation is very easy. If someone is not on the network, you can send them an invite by email and they would only need to install the agent, and everything will work perfectly.

The time the installation takes depends on the internet connection. Sometimes it takes only five minutes and other times it can take up to 10 minutes. It all depends on the connection because it has to download the installer.

What about the implementation team?

The end-user can install the solution themself. It is very easy. It is only a two to three-step process it is complete. 

Many people are using this solution and some customers don't even have IT managers, we provide them manage services I this case.

What was our ROI?

The solution has great protection against anti-ransomware and all of the zero-day threats. The ROI is very good.

What's my experience with pricing, setup cost, and licensing?

There is a license required to use this solution.

If it's a managed services provider contract that we have with the customer, then they pay monthly. Depends on the customer, what the requirements are. They can pay either monthly or annually to us, but we have to pay annually to the vendor.

Which other solutions did I evaluate?

Before choosing Sophos Intercept X we evaluated Kaspersky, ESET, Bitdefender, and Symantec. For some of our clients who are using the other products, now they've shifted to Sophos Intercept X.

What other advice do I have?

I would recommend this solution to others.

I rate Sophos Intercept X a ten out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Intercept X Endpoint
October 2024
Learn what your peers think about Intercept X Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Technical Support at a tech services company with 11-50 employees
Real User
Smart protection and machine learning capabilities are good
Pros and Cons
  • "Intercept X's smart prevention it's very good as so are its machine learning capabilities for troubleshooting channels and files."
  • "Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."

What is our primary use case?

We currently have about 13 staff using Intercept X. We use it to secure and protect our devices as well as monitor projects and do some product reviews. You can also use it to block devices as needed, like if you just want to block a work point category.

What is most valuable?

Intercept X's smart prevention it's very good as so are its machine learning capabilities for troubleshooting channels and files.

What needs improvement?

Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them. For example, they could add a report that shows me the versions of the devices on the infrastructure server, so I can make sure all the devices are updated. 

For how long have I used the solution?

I've used Intercept X for three years.

What do I think about the stability of the solution?

Intercept X is good in terms of both performance and stability. It's not constantly updating the device or using up too many resources.

What do I think about the scalability of the solution?

I would say that Intercept X is easy to scale.

How are customer service and support?

Sophos support is very good. I don't talk to them that much, though. I can usually handle everything because it's not complicated. However, in the past, I have contacted support because there were some features I didn't know how to use or configure. 

How was the initial setup?

The setup was simple. I deployed this by myself. Though my team and I got some help from the vendor for new features that I didn't know about. 

What other advice do I have?

I would rate Intercept X eight out of 10

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior IT Analyst at a insurance company with 51-200 employees
Real User
Top 5
Good ransomware security with an easy initial setup and good scalability potential
Pros and Cons
  • "The initial setup is simple."
  • "It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first."

What is our primary use case?

We primarily use the solution as endpoint protection as well as for endpoint detection and response. It's like an EDR. It's basically used to prevent ransomware.

How has it helped my organization?

I would say that it's difficult to really say how it's improved our organization. We had never actually been hit by a ransomware attack prior to installing Sophos and never had Sophos tell us that we're experiencing one. That said, it's very important to be protected. Getting attacked would be a disaster.

What is most valuable?

We were looking for something that could sense ransomware attempts, to encrypt files, and cut off and reverse attacks as well as alert us to issues. That's what the Intercept X is designed to do. It's very good at security and protection. It offers very good reports.

The initial setup is simple.

The biggest feature that's on the server version that we're using, the EDR, is the ability to push data on threats that it's seeing over to another management platform, like a managed detection response service. It's nice that it's possible to do this and we don't have to pay so much attention to the alerts. They can for us.

What needs improvement?

It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first. Otherwise, it thinks you're a virus. It would be ideal if there was some sort of setting where you could warn the system it's just you in there doing routine maintenance.

For how long have I used the solution?

I've used the solution over the last couple of years. However, I haven't used the product too heavily.

What do I think about the stability of the solution?

The stability is relatively good. We've had a few false alarms, however, there's nothing major that's happened so far. It seems free of bugs and glitches. It doesn't crash or freeze. It's good.

What do I think about the scalability of the solution?

I haven't personally tried to scale anything. It's probably pretty scalable because you don't have an appliance. Appliances have limitations as they have a set size or capacity. It is a cloud-based console, therefore it can probably scale pretty well.

We have 80 people in our organization and everybody uses the product.

How are customer service and technical support?

I'd rate technical support pretty high. I'd give them an eight out of ten. They're helpful. They are knowledgeable and responsive. We've been satisfied with the level of attention we get when we need them.

Which solution did I use previously and why did I switch?

We didn't have anything previously for anti-ransomware. We just had the Kaspersky antivirus. However, it wasn't able to detect ransomware specifically. Therefore, we put Sophos Intercept X on to do that.

How was the initial setup?

We've found the initial setup is pretty straightforward. It's not overly complex. We didn't have trouble setting everything up.

What other advice do I have?

We're using the latest version of the solution.

We've got Sophos Intercept X on the notebook computers along with Kaspersky and then on the servers it's only Sophos EDR, which has both antivirus and Intercept X. All are bundled together.

The console's on the cloud and that's just installed on the clients, however, they all communicate with a self-hosted JIRA cloud console.

I'd advise those considering the solution to probably just go with the antivirus portion as well. That way, you've got it all under one console. We're juggling two consoles, Kaspersky and Sophos. It would be easier if everything was under one.

ON a scale from one to ten, I'd rate this product at a nine. We've been very happy with it.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Manager at a construction company with 201-500 employees
Real User
Excellent at capturing malicious threats together with an aggressive next generation firewall
Pros and Cons
  • "Anti-virus captures malicious threats and an aggressive next generation firewall."
  • "Deployment on cloud needs to be carried out manually."

What is our primary use case?

The main use cases of this solution are for protection from ransomware and malware. Although we don't have EDR because of its high cost, we do have the capability to filter the website. Our use case is more about capturing crypto and the like that can encrypt files. I'm a system administrator and we are customers of Sophos. 

What is most valuable?

I've found that the most valuable feature is the anti-virus that captures malicious threats and the next generation firewall which is more aggressive in terms of not only looking for viruses, but also for SaaS and the movement of equipment. If something strange comes up we're automatically notified and it's either blocked or quarantined. It enables you to prevent future viruses and enables us to inform the user of malicious websites they have visited.

To date, we haven't had any incidents related to viruses or any types of attacks and we barely get any false positives. It's good to know that any malicious anti-virus detected is automatically blocked, although it makes things more difficult for our IT department.

What needs improvement?

There is an issue when deploying on cloud because it needs to be done manually. For an enterprise company that can have 10,000 or even 50,000 end users, it's a lot to deploy manually. An additional feature they might include would be the ability to control the lockdown on hardware; to control all the entry points such as a USB, a camera or any external storage. 

For how long have I used the solution?

I've been using this solution for three years. 

What do I think about the stability of the solution?

I think this solution is stable. It doesn't allow you to do anything that may cause a problem. If you try to download something that is prone to hacking, the solution won't allow it. It's important to use the admin lock to prevent malicious programs being downloaded. It's good at preventing remote users from downloading malware. 

What do I think about the scalability of the solution?

The solution is very scalable because they don't generally deal with small size office deployments of 10 or 15 users. The solution can scale to 100,000 or even up to 200,000 users.  

How are customer service and technical support?

Initially we didn't have phone support, but now it's part of the enterprise portfolio which we have. We only use the support if we have an issue with the server. It's the benefit of the cloud, there are no concerns about the server whereas on-premise you need to synchronize your server or upgrade the new version to get those features.

Which solution did I use previously and why did I switch?

We migrated from Symantec enterprise to Sophos and SentinelOne. The approach is the same for all of them. 

How was the initial setup?

Initial setup for the cloud is very straightforward because it's managed by the company. It's just a matter of downloading the agent and installing to your end point. The on-premise implementation is more difficult, particularly if you're not familiar with it but the support is very helpful. I believe there's a way to roll out without the need to visit individual users. I believe they integrate with an active directory, and then post from there. Deployment time depends on availability of the user's desktop or and/or laptop. If it's on premise, you can push that one, it would take less than 15 minutes. To deploy in a company would take less than a month. 

What's my experience with pricing, setup cost, and licensing?

If you start with the standard solution, move to Intercept X, and then go to the EDR version, it's almost double the price in comparison to other vendors. It's a choice for any company. Check Point's SandBlast, for example, has two payables but the additional payable includes encrypting your hard drive - not everyone needs that feature. 

What other advice do I have?

This is a good product but it comes at a high price. As a result, I would rate this solution an eight out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manager of Information Security at a healthcare company with 1,001-5,000 employees
Real User
Excelling in this competitive product category with more features than users put to task
Pros and Cons
  • "The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are valuable assets."
  • "Scalability is good."
  • "Technical support is responsive and adept."
  • "There is some issue with the reporting and refreshing information on resources that have been eliminated."

What is our primary use case?

The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are probably the biggest areas of the product that we employ. We also make use of web content filtering and application control as well.  

What is most valuable?

I would probably say that the DLP portion of the product is the most valuable for what we do. That just happens to be the side of the house I sit in. But the EDR alerting is also relevant when talking about valuable features.  

What needs improvement?

Refreshing the reports could be improved. It looks like sometimes when systems no longer exist those systems can still show up on the reporting.  

For example, if you spin up a virtual desktop and a virtual server, and then you change the name of that virtual server, what happens is Intercept X still maintains a record of the device by the old name. It does that even though it no longer exists in the system because the name has been changed. So, refreshing the data is probably something that needs to be addressed.  

I can not really address what I think needs to be added to the product right now because I still think our organization is focusing on learning what the product can do and discovering the capabilities. I have been so involved with it from the perspective of understanding what it does currently that I am still trying to figure out what else we would like to see.  

For how long have I used the solution?

We have been using Sophos Intercept X for probably a little over six months now.  

What do I think about the scalability of the solution?

We have about 1500 endpoints. That is a pretty good volume. While I do not know exactly how to rate it, the scalability is excellent from the standpoint of adding endpoints. We have not run across any issues with the scalability of it. I would tell you that it is very applicable to this company right now and certainly is up to the task of matching our needs.  

How are customer service and technical support?

To this point-in-time, we have found that the technical support is very responsive. We can reach them by phone and by email, and we get answers to the issues and questions we bring up.  

How was the initial setup?

I think the initial installation and setup were very straightforward.  

Once the rollout started, we had to incorporate 1500 devices — and that is just the desktops alone. It probably took about two months. The amount of time it took was because of the scale of resources dedicated to onboarding the solution. It was not because of distribution.  

What about the implementation team?

We did not need to use an integrator or consultant for deployment. It was all done internally.  

Which other solutions did I evaluate?

We did evaluate other options before choosing Sophos. For example, we looked at Sentinel One. We also looked at a couple of different solutions like Trend Micro and CrowdStrike. Looking at those four seems to have been a good enough comparison of products in the category.  

What other advice do I have?

My biggest bit of advice for people taking on Intercept X is to train your staff on all of the functions of that solution. There are a number of solutions within the one product and it is best to know how to use them all and if they apply to your circumstances.  

The biggest lesson we have learned from using Sophos is that the product can be a bit overwhelming with information and data. That is the situation where your training and your resources come into play.  

Make sure you have a complete plan to utilize the tool or you will have pieces that are just sitting there and nothing is happening to utilize them. There are a lot of capabilities that the solution has and you need to make the effort to discover them.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate Sophos Intercept X as probably about a nine-out-of-ten. It is not until you see other applications like CrowdStrike and do a comparison to see what they can do that you really have an idea of what applications in the category are capable of.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Founder at a tech services company with 1-10 employees
Real User
Cloud administration, strong ransomware protection, and firewall integration make this a standout
Pros and Cons
  • "The most valuable features are the cloud administration and the strength of the ransomware protection."
  • "There do not seem to be any limitations to the scalability of this product."
  • "The deployment is quick. It just depends on the environment and what you may be replacing."
  • "This product integrates well with Sophos firewalls and should be seriously considered by Sophos Firewall clients."
  • "The technical support is the lone sore-point when dealing with this product."

What is our primary use case?

We are a small consulting group. We are not really end-users but we sell to them. We are primarily recommending Sophos Central Intercept X as a client solution for endpoint security. They are going to be using it for the security apps, their desktops, and there is a server version as well. I would think that someone buying the server product would expect that to include endpoint security, including ransomware protection, advanced threat protection, and zero-day threat protection.  

Many of our users also use Sophos firewalls and the solutions integrate with each other nicely.  

What is most valuable?

I would say that the most valuable features are the cloud administration and the strength of the ransomware protection.  

What needs improvement?

The one thing that I think probably needs the most attention with this product is the technical support. Some of our customers are starting to complain about that.  

It is a good product, generally. I can not really give it any criticism or go on about missing or broken features. I have got nothing to say that needs improvement other than the support.  

For how long have I used the solution?

We have been recommending Sophos to users for maybe four years. The proper product name is actually Sophos Central Intercept X Advanced.  

What do I think about the scalability of the solution?

I do not know of any limitations having to do with the scalability of this product. We are a small company so the number of clients that we have is not that large. The total would be maybe around 10 clients. The number of endpoints under management for those clients that we are involved with is about 1000. I do not see that we are even close to any limitations in scaling this product with those numbers.  

How are customer service and technical support?

The one thing that needs the most attention according to our customers is the product's technical support. We do not really hear anything about the product having larger issues but there have been a few comments on the gaps in tech support.  

How was the initial setup?

The initial setup is probably straightforward but there are times when it could be difficult. We are about to do a project where we are going to have to replace a Symantec product. We will see how hard that is to do. The potential problems have more to do with a question of how difficult it is to remove Symantec completely than it is about installing Sophos. There is a tool from Sophos for doing a replacement. We had not used it before so we will get to see how well it works.  

The deployment is quick. It just depends on the environment. If you have a lot of remote sites, that could take more time. If you got to replace something, you never know how hard it is going to be because of how another product sets down its roots. There is a point where you have to just do as well as you can and then deal with issues if any arise.  

What about the implementation team?

When we deploy it into client sites we are the integrators and consultants for the deployment. It deploys as you would expect and there are no surprises. Again, it could be hard to remove an existing solution.  

What's my experience with pricing, setup cost, and licensing?

Intercept X for endpoints is around $35 per user per year. The server version is $95 per server per year.  

What other advice do I have?

I would advise anybody who is using a Sophos firewall and is looking to migrate to another solution to give Intercept X the serious consideration it deserves because the Sophos firewall integrates well with the Intercept X solution and that is an advantage.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this solution as a nine-out-of-ten.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Manager at a financial services firm with 51-200 employees
Real User
Reliable and expandable but the initial setup is difficult
Pros and Cons
  • "The stability on offer is fine."
  • "The deployment part needs to be improved."

What is our primary use case?

The main use case is to have the reversible ransomware attack aspect of Intercept X. It's more of an antivirus solution rather than an EDR solution - a slightly different product to Carbon Black in that respect.

What is most valuable?

The scalability capabilities are fine.

The stability on offer is fine.

What needs improvement?

The initial setup can be a little complex. 

The deployment part needs to be improved. It doesn't feed into our SOCs. That's the only thing we have to try and figure out - how we're going to do that. The SOC is our interface with our security partners who monitor our security events. That's done for us on a 24/7 basis.

For how long have I used the solution?

I've worked with the solution for five years. It's been a while.

What do I think about the stability of the solution?

We haven't had any issues with stability. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

The entire organization uses Sophos right now. It's pretty ubiquitous.

The solution can scale well, even on our hardware. it hasn't been an issue. 

Which solution did I use previously and why did I switch?

We also use Carbon Black, although we use it in a bit of a different way. Carbon Black is also easier to set up than Sophos.

How was the initial setup?

The initial setup is a lot harder than, for example, Carbon Black. It's more difficult and complex. Its implementation isn't exactly easy.

It took us a few months to finally get it set up. We ran into some issues.

What other advice do I have?

We're just a customer and an end-user. We don't have a business relationship with Sophos.

The solution is deployed on hardware as well as virtual machines. 

I would rate the solution at a seven out of ten overall. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Intercept X Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Intercept X Endpoint Report and get advice and tips from experienced pros sharing their opinions.