What needs improvement with Sophos Intercept X?

Pricing could be cheaper.

I am not very satisfied with the product's reporting overall, and it needs improvement in this area.

Last year, my company faced an attack due to disabled compression in our antivirus software. Intercept X Endpoint didn’t work, so we had to uninstall it and restore. Also,Integration has room for improvement, especially with Mac OS.

We received an alert from a client where we have installed Sophos Endpoint Security. There is a vulnerability in some applications, compromising their integrity. They have used a crack version, which is not genuine. These cracks contain malware and tokens. Someone attempted to copy a file into the system. Fortunately, with the help of Sophos Intercept, we received an alert promptly. We immediately halted our work on the infrastructure. Sophos Endpoint Security can scan files instantly and provide alerts. If Sophos Intercept allows users to restrict website access based on specific needs, such as streaming new videos for business purposes, we would prefer to use that. They have categorized details in the web policy in the Endpoint security setup. For example, I had to use the MCU tool under the 'Entertainment' option. I had to choose whether to allow it. If I block this category, all video-related applications, including Skype, will cease functioning. Therefore, they need to provide separate options. For instance, if they include 'Streaming' as an option under web policies for entertainment, users can differentiate and choose to block streaming websites individually, such as Daily Motion. This would give users more control over their access.

The machines get too heavy because of the background applications that run when the tool is used. The performance offered by the product needs improvement.

The solution is expensive, and it could be made cheaper.

The product must also focus on other operating systems like Linux and macOS. The tool is not stable on Linux systems. It is heavy. It slows down the machine if the machine doesn't have good specifications.

The product’s DDoS and AI features must be improved.

There is room for improvement in terms of stability and updates. Updates, like if someone does not turn on the computer for six months, and then it gets expired, then you have to manually remove it and then reinstall it.

There should be a report including a flowchart or diagram. It will be useful to evaluate the software’s effectiveness.

The solution's pricing could be better.

The tool should be made compatible with Linux and Microsoft operating systems.

Initially, when I started, I had a lot of performance challenges. They need to work on performance to the endpoints. We tried to set up Sophos Zero Trust within my Sophos central cloud. It only works with Microsoft and I use Google. I'd like to see Google added.

We are not able to merge the sub-estates. If we create multiple sub-states and there may be instances where a user is in a different sub-state, it may not be possible for us to relocate that user from one sub-state to another through the console. We have to merge them manually which is not ideal.

The graphical interface could improve. Additionally, adding less expensive mobile device support would be helpful. Other solutions have this feature.

I'm not clear on what features need improvement. Everything is mostly fine.

In general, the solution has gone south. I'm not the biggest fan. Sophos just has too many services, and the CPU memory usage is just too high. It causes a reduction in performance. You have to be running on a machine with at least 16GB of RAM to have it actually function properly. It's very labor intensive as every action is scanned by Sophos. It uses up way too many resources. The policies could be nicer to manage. The same with users and groups. The central experience is not great right now. I'd like better API access into Azure and InTune, although I suspect it will not happen as they are competing products.

It's hard to say what could be improved because we're in the middle of an endpoint protection arms race, and there are constant improvements on all fronts in Fortinet, Sophos, and products. They should keep doing what they're doing. Both of them have entered the EDR/MDR space, and they're keeping up with their competitors. I have a hard time understanding why their capabilities aren't garnering more attention.

As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of.

It consumes a lot of resources, and something needs to be done for that.

The initial setup can be a little complex. The deployment part needs to be improved. It doesn't feed into our SOCs. That's the only thing we have to try and figure out - how we're going to do that. The SOC is our interface with our security partners who monitor our security events. That's done for us on a 24/7 basis.

The detection and the AI capabilities should be improved upon. I also find it narrow of an attack. Even though we have Sophos running on the network, we still have the system being hit. That was probably because Sophos is not running our data. Improvement should actually be made on remote capabilities. I would like to see additional features that provide capabilities that show a lot of sources that the attackers are actually making.

It could be updated less frequently. I would like to see better support for virtual and desktop infrastructures.

Sophos Intercept X doesn't have its own firewall that utilizes the Windows Firewall or intrusion prevention.

If we can lower the price, it will be fantastic because it will generate more revenue for us.

Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them. For example, they could add a report that shows me the versions of the devices on the infrastructure server, so I can make sure all the devices are updated.

The challenge with Sophos is whenever there's an escalation to a level 3 or level 4 or a certain kind of important issue, or if you want to reach out to the leadership, it's difficult to do so. They don't have the full stack of offerings as compared to the other competitive products that we see.

I would like the solution to have more functions and to be more user-friendly. In the next release, the solution could have more use cases. For example, protection against ransomware.

Sophos has a lot of different features. Some of them are tied to different clients, which may mean that different prices or licenses have to be added on. It can be a little bit confusing if you're not familiar with the logic of how they work. They can make it a little bit clearer.

I think this solution needs more flexible reporting, particularly for medium to large size companies and I'd like to see some varied options for making reports. Communication with all the antivirus vendors could be improved. We need lateral communication with other antivirus and security products. We need to communicate from one site to the other, possibly nothing will be required as a result, but it would be good to have this information and to have it easily transferred.

I'd like to see more integration in the solution.

While the solution does not seem to lack any features, it should offer better security updates. It could be more secure, something which holds true for any solution. Also, the support could be faster.

The main real-time scanning is taking most of the processing power of my notebook. This is a big problem. It would be nice if Sophos Intercept X could provide some of their other features for free. For example, when I wanted to add another feature, like zero-day attack, I was told that I would need to add the license. Also, it would be good to have a lot more resources.

The app control in respect of the user interface could be improved, The choices offered for the on-premises and cloud-based platforms are the reverse of each other, such as the one responsible for allowing or denying access. This can be confusing initially, even though I later discovered that it is possible to set it back.

They need to focus on their SLA or technical support. They also need to focus on their UI. They should also improve their content filtering tool and update it so that correct categories are there. Sometimes, when I want to block an online gaming website, it is not shown under the correct category. It is shown under another category. They need to review their content filtering tool on a bi-weekly or monthly basis and update the sites and categories. This will be really helpful for them.

When we load Intercept X, it puts a load on the device. When it is scanning, it slows down the device. A system with basic specifications completely slows down till the scan is complete. They should improve this part.

When I use a proxy, I can bypass Sophos, which is an area that needs improvement.

The after sales service and support could be improved, particularly on the technical side. The solution has room for additional features.

When comparing the security, I feel that Fortinet has more features as compared to Sophos Intercept X. As such, the feature set needs improvement. They should offer more with the firewall. For example, Fortinet has a web application, it has application control, it has antivirus, and it has anti-malware. It offers many features. Sophos is a bit behind when it comes to the features of the firewall itself. The security is good but the feature set is limited. They can up their marketing strategies. They need to increase their marketing efforts.

We're still new to the solution. We haven't come across any weakness yet. There aren't features that are missing. The initial setup can be a bit challenging.

We had some initial problems with our deployment, and they were more around uninstalling Sophos Basic and installing Sophos Intercept X. We had some challenges with some of the uninstallation scripts. They can improve the deployment of Sophos Intercept X when there is already an existing Sophos version. They can also provide more information in the form of best practices and lessons learned from previous findings. A knowledge base with this type of information would be helpful.

We've had difficulty with uninstalling the solution. When we try to uninstall an old version of the basic Sophos Antivirus, it doesn't seem to uninstall completely. Due to this issue, when we installed Intercept X, we had installation conflicts. The company needs to figure out a way to make installing their old products easier and more complete.

I can't think of any features that are lacking. The solution needs to ensure it is keeping up with the latest malware defenses and security advancements. It could be a bit easier to implement.

Mobile device management is a challenging area, and it can be improved. Some areas in the DLP solution can also be improved. It has the DLP capability, but it is not an all-out DLP program. I would like to see them improve the DLP solution in terms of reporting and possibly network monitoring. Currently, they only do the reporting parts of it.

It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first. Otherwise, it thinks you're a virus. It would be ideal if there was some sort of setting where you could warn the system it's just you in there doing routine maintenance.

The solution is pretty complete and works well for our organization. I can't recall not having any specific feature on hand. The initial setup can be difficult if you don't come in with at least some knowledge about the product. The solution can run slower on older computers. When you do a scan, you need to configure the scan to run in the time not when your traffic is high. The performance can be affected if the traffic is high and you are trying to scan. This isn't really the solution's fault. It may be an issue with the robustness of the machine

There is an issue when deploying on cloud because it needs to be done manually. For an enterprise company that can have 10,000 or even 50,000 end users, it's a lot to deploy manually. An additional feature they might include would be the ability to control the lockdown on hardware; to control all the entry points such as a USB, a camera or any external storage.

I don't know how many infections this protected us from. It might be nice to have a view of what has come at us. You're blocking certain types of traffic. It's not malware per se. You would get a message for this, however, you never really know if this was really a bad guy or just some 16-year-old who knows computers. There's always room for improvement in pricing. From a corporate perspective and from a customer perspective, switching is very difficult to do. It's not an easy task. The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them. I would like to see a templated selection of items that ought to be implemented, that right out of the gate, you can just turn on. This is what we recommend for standard workstations that are running under normal circumstances. It's not that you can't have a template in there. You can create your own template and stuff like that, however, they haven't yet spent a whole lot of time figuring out if you're in the, I don't know, medical business and you need HIPAA and you need this and that, these are all the standard things you ought to deploy. It would be ideal if you could just flip the switch, and it turns them all on. Also, after you've turned this stuff on in mass like that, you sometimes don't immediately know what the problem is if they all of a sudden can't talk to vendor X. Like in banking, they get a lot of offsite services. You should be able to say "Okay, so I blocked them somehow with one of these things. I don't know which one it is, Help me find it so I don't have to turn everything off." Otherwise, I've got to turn off the whole thing and switch them on one by one, which is time-consuming.

The EDR could be improved, and perhaps the User Interface. EDR machine learning could be included.

There are hackers who hack the artificial intelligence component using artificial intelligence itself. These sophisticated hackers are using AI capabilities, and the problem is that with no human intervention, machine learning can be defeated. The consequence is that somebody still has to keep watch and monitor the detection from the threat scanning. Better protection in the endpoint, server, and mobile is needed. Those three areas should be fully protected. It should stop ransomware from installing, it should stop it from deploying, and it should also block unauthorized file encryption. In summary, it should have more protection, better detection, and better response.

The endpoint detection and response (EDR) technology has room for improvement because the information that it gives us to resolve our problems is poor nowadays. It's not sufficient. I would like to see remote desktop support. For example, if you have a problem with your device, maybe the support team can log in and help to fix the problem using a remote connection.

The price of this product should be reduced because it is a little high. We would like to deploy across a variety of machines simultaneously through the network.

I would like to have a built-in firewall, rather than having to integrate one. Having both a personal firewall and an endpoint firewall would be an improvement. It does have firewall monitoring capability but it is integrated with the Windows firewall. Having their own endpoint firewall would be better.

The one thing that I think probably needs the most attention with this product is the technical support. Some of our customers are starting to complain about that. It is a good product, generally. I can not really give it any criticism or go on about missing or broken features. I have got nothing to say that needs improvement other than the support.

Refreshing the reports could be improved. It looks like sometimes when systems no longer exist those systems can still show up on the reporting. For example, if you spin up a virtual desktop and a virtual server, and then you change the name of that virtual server, what happens is Intercept X still maintains a record of the device by the old name. It does that even though it no longer exists in the system because the name has been changed. So, refreshing the data is probably something that needs to be addressed. I can not really address what I think needs to be added to the product right now because I still think our organization is focusing on learning what the product can do and discovering the capabilities. I have been so involved with it from the perspective of understanding what it does currently that I am still trying to figure out what else we would like to see.

It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc.

There are a lot of things that can be added based on the user's need for the solution. Where this solution has room for improvement generally is in the integration with Sophos Central and firewalls.

Sophos Central does not provide all of the information that is available, so it requires us to take the additional step of retrieving details from the firewall. It would be more productive if the information between Sophos products were automatically correlated and updated in Sophos Central. When there is an event generated by either the firewall or Intercept X, and the originating IP address is the same, these should be merged into a single event rather than two. Automatically correlating these events would save us time.

The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?" I see that all the time. That's a question I always have in the reports I give my customers. "Okay. So this happened last month. And as you can see, there were all these attacks knocking at the door, but none were allowed through." If someone got through, then I'm going to be concerned.

The pricing could be a bit lower to match the normal retail pricing.

What I think Sophos can improve is with the data-loss feature, especially when it comes to using USB sticks and USB hard disks. The feature blocks access to these USB sticks and disks and there seems to be no immediate workaround for that. Our customer was not satisfied with the feature. We actually ended up having to deactivate this feature because it is too aggressive and could not meet the client's needs.

The ADR functionalities feel like they aren't mature enough. It hasn't been a long time since Sophos has offered reproduction. Due to the fact that it's so young, it has fewer functionalities than other and more mature ADR solutions. Sophos would benefit from a cloud server implementation on top of the cloud provider (whether it's Google, Amazon, Azure, etc.). The solution is great, however, it's still intended for traditional off-cloud usage. It's focused on endpoint protection of the end-user. It's less targeted on servers, especially Linux or newer implementations that have microservices contained within the environment.

We haven't had any issues with the solution, so I can't speak to any improvements that can be made at this time.

To be a perfect product, the price would have to be a bit better.

We’ve only been using the solution for two months, so we don’t have a grasp of the full system to comment too much. They might want to offer an MSP model for licensing, to offer the solution as a software as a service.

The price of this solution can be improved. The lesser the price, the more people will purchase it in the future, and it will become more popular and more widespread.

I guess really the best part of the package is the same thing that could use the most improvement. The machine learning is good and it is already developed in the database and its engine. I guess they already have processes to cover more intelligent attacks. I am not sure about the improvements possible in this area. They have developed it to discover new attacks. But it is just an engine. There are no features that users have to look inside it. I think allowing more user modification could improve this at least for purposes of customization. But I don't know if it is possible and it is just to continue to improve on what already works. As far as added features, I would like to see some type of event management in the product. It should not just depend on the logs only. It would be something to deal with the events on PCs in a similar way to enhance the effectiveness of Intercept X and EDR.

Something that could be improved is to better integrate all different platform available at the moment (not only allow pcs, servers but also other o.s. platforms, Android & IOS and so on too). It should be more user-friendly, automated and able to manage and analyze the logging of the operation, provided that Intercept X is one part of a more complete security solution (Syncronized Security - between firewall, endpoint, mobile devs). Logging & reporting is very important for us, especially in Italy.

Sophos Intercept X has room for improvement. We need a new version and more third-party solutions for Intercept X. Intercept X is on the cloud and some customers and some users prefer to have on-premise solutions. We need to generate a new product for Intercept X on-premise. Technical support can be improved. There could be shared support, i.e. where someone in Egypt can respond. Then I could get support for my issue or my problem faster.

Sophos Intercept X has room for improvement in the user management of live events. They should work on the logs and events. Sophos Intercept X needs to increase the interface test so that it can export to a live event.

In terms of the site-to-site VPN elements, they tend to concentrate. It's quite simple when there are Meraki devices at both ends of the VPN but if there is another user at one end, on another device, it can be a bit tricky. So they could really simplify that process a bit.

This product has room for improvement in business areas for brand enterprises. Sophos Intercept X could improve in areas dealing with business, i.e. their internal processes.