• Home
  • Cortex XDR by Palo Alto Networks vs. Sophos Intercept X

Cortex XDR by Palo Alto Networks vs Sophos Intercept X comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Cortex XDR by Palo Alto Networks vs. Sophos Intercept X
May 2023
Executive Summary
Updated on Aug 18, 2022

We performed a comparison between Cortex XDR by Palo Alto Networks and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of Cortex XDR by Palo Alto Networks mention that deployment is straightforward. Some users of Sophos Intercept X consider the deployment to be easy while others think it is complex.
  • Features: Users of both solutions are happy with the products’ stability and scalability.

    Cortex XDR users like the solution’s ease of use, its centralized console, and its real-time scanning. Users would like to see an on-premises version, better automation capabilities, and enhanced reporting.

    Users of Sophos Intercept X like the solution’s easy management, easy administration, reliability, and centralized view. Users mention that the product does not handle USB products very well and say it would be better if all components could be managed under the same umbrella.
  • Pricing: Users of Cortex XDR say the price is reasonable. Some users of Sophos Intercept X also say the pricing is reasonable, but other reviewers say they would prefer it if the price was lower.
  • Service and Support: Users of Cortex XDR find the technical support to be helpful, knowledgeable, and responsive. Users of Sophos Intercept X share mixed opinions. Some say they wish there were faster response times, while other users express they have been very good, responsive, and adept.

Comparison Results: Overall, users of Cortex XDR by Palo Alto Networks give the product higher ratings because its deployment is easier, it has a great set of features, it is affordable, and the technical support is helpful.

To learn more, read our detailed Cortex XDR by Palo Alto Networks vs. Sophos Intercept X Report (Updated: May 2023).
Download the complete report
708,461 professionals have used our research since 2012.
Featured Review
Nicola F.
The clean and user-friendly dashboard provides us with a clear threat picture in our environment, and enables rapid...
The solution improved the effectiveness of our security. Before Cisco Secure Endpoint, we used Trend Micro Deep Security for our virtualized... Read more →
CesarMolloja Rodas
Researched Sophos Intercept X but chose Cortex XDR by Palo Alto Networks: Numerous available AI modules and very effective communication methods
Anonymous User
Useful web filtering, effective URL sanity checks, and excellent support
Sophos Intercept X is a full package. It's more than only an antivirus solution to find the malicious code. We also use it to filter malicious... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature at this moment is that Cisco AMP or Cisco Secure Endpoint solution is delivering a lot of things, and I always say to a lot of customers that if we didn't have Cisco AMP, we probably would have had ransomware somewhere. So, it's protecting us very well from a lot of hackers, malware, and especially ransomware.""I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see.""The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful.""Cisco has definitely improved our organization a lot. In terms of business, our company feels safer. We actually switched from legacy signature-based solutions to threat intelligence-based and machine learning-based solutions, which is Cisco Secure. This has improved our security significantly, from 10% of signature-based technology security to 99.9% of the current one which we are running. We were happy.""Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts.""The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices.""The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected.""The best feature that we found most valuable, is actually the security product for the endpoint, formerly known as AMP. It has behavioral analytics, so you can be more proactive toward zero-day threats. I found that quite good."

More Cisco Secure Endpoint Pros →

"This software helps us understand any issues that may arise when someone is not at work.""The solution allows control over the user and his machine through Cortex XDR security policies.""The most valuable for us is the correlation feature.""The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better.""Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus.""The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning.""The user interface of the solution is sophisticated and straightforward.""It is easy to use."

More Cortex XDR by Palo Alto Networks Pros →

"It is very easy to set up and easy to use. It is also not resource-intensive.""Ransomware protection is the most valuable feature of this solution.""The most valuable features of Sophos Intercept X are the minimal configuration needed for the end user and the central view of all the endpoints. There are plenty of tools to control and manage the endpoints. Additionally, there is the capability of connecting the endpoint to the CLI.""Intercept X's smart prevention it's very good as so are its machine learning capabilities for troubleshooting channels and files.""Sophos Intercept X is a complete endpoint solution.""Offers artificial intelligence, security metrics and a lot of information gathered to make decisions.""One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it.""The most valuable feature of Sophos Intercept X is a web filtering and URL sanity checks. Overall the solution is well balanced with all its features."

More Sophos Intercept X Pros →

Cons
"In terms of the user experience, if the UX design could be much simpler [that would improve things]... if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something.""The integration of the Cisco products for security could be better in the sense that not everything is integrated, and they aren't working together. In addition, not all products are multi-tenant, so you can't separate different customer environments from each other, which makes it a little bit hard for a managed service provider to deliver services to the customers.""An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number.""Cisco is good in terms of threat intelligence plus machine learning-based solutions, but we feel Cisco is lagging behind in using artificial intelligence in its systems.""On the firewall level, they were lagging a little bit behind, but they are running up again. I have full trust in the new 3000 series of firewalls where we would also be able to look more into the traffic that we're monitoring and get more security layers in our services. That would definitely be a big step.""They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need.""Its price is okay for us, but it can always be better. There's always room for improvement when it comes to pricing.""The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."

More Cisco Secure Endpoint Cons →

"They've been having some issues with updating their endpoint agents, and it has been quite frustrating.""Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms.""Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console.""In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution.""We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.""It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue.""There are some third-party solutions that are difficult to integrate with, which is something that can be improved.""The tool needs to be improved in terms of integration and interface."

More Cortex XDR by Palo Alto Networks Cons →

"Better protection in the endpoint, server, and mobile is needed.""The graphical interface could improve. Additionally, adding less expensive mobile device support would be helpful. Other solutions have this feature.""I would like to see better support for virtual and desktop infrastructures.""As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of.""I would like the solution to have more functions and to be more user-friendly.""Sophos has a lot of different features. Some of them are tied to different clients, which may mean that different prices or licenses have to be added on. It can be a little bit confusing if you're not familiar with the logic of how they work. They can make it a little bit clearer.""Sophos Intercept X doesn't have its own firewall that utilizes the Windows Firewall or intrusion prevention.""Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."

More Sophos Intercept X Cons →

Pricing and Cost Advice
  • "We have a license for 3,000 users and if we get up to 3,100 users, it doesn't stop working, but on the next renewal date you're supposed to go in there and add that extra 100 licenses. It's really good that they let you grow and expand and then pay for it. Sometimes, with other products, you overuse a license and they just don't work."
  • "Cisco Secure Endpoint is not too expensive and it's not cheap. It's quite fair."
  • "The price is very fair to the customer."
  • "...the licensing needs to be improved. All the product features we need are there. It's just a matter of the complexity and the different offerings and trying to figure things out."
  • "The pricing and licensing fees are okay."
  • "Because we do see the value of what it's bringing, I think they have priced it well."
  • "The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market."
  • "We had faced some license issues, but it has been improved. At the beginning of the implementation, we faced a lot of licensing issues, but now, we have EA licensing, which gives us an opportunity to grow."

    • More Cisco Secure Endpoint Pricing and Cost Advice →

  • "It's about $55 per license on a yearly basis."
  • "It has a yearly renewal."
  • "The price of the solution is high for the license and in general."
  • "The price is on the higher side, but it's okay."
  • "I don't have any issues with the pricing. We are satisfied with the price."
  • "If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
  • "In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
  • "Very costly product."

    • More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →

  • "The price of this solution is a little high compared to competitors because they do not have a proper pricing structure."
  • "Its cost is good."
  • "We have bought a three-year license."
  • "As I am not responsible for paying the bills I cannot comment on the pricing."
  • "We have an annual subscription."
  • "You are able to purchase more licenses for the number of devices or servers that you require. There are many other features available but our license does not include them, such as XDR, which is endpoint detection and response. We have not explored the new features as of yet but plan to in the coming future."
  • "It was fairly and reasonably priced."
  • "One can pay for the license annually, or at two and five year intervals."

    • More Sophos Intercept X Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which EPP (Endpoint Protection for Business) solutions are best for your needs.
    See Recommendations
    708,461 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Cisco Secure Endpoint?
    Top Answer:The best feature that we found most valuable, is actually the security product for the endpoint, formerly known as AMP… more »
    Read all 32 answers   →
    What is your experience regarding pricing and costs for Cisco Secure Endp...
    Top Answer:It can always be cheaper.
    Read all 24 answers   →
    What needs improvement with Cisco Secure Endpoint?
    Top Answer:On the firewall level, they were lagging a little bit behind, but they are running up again. I have full trust in the… more »
    Read all 32 answers   →
    Cortex XDR by Palo Alto vs. Sentinel One
    Top Answer:Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks.… more »
    Read all 3 answers   →
    Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
    Top Answer:Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions… more »
    How is Cortex XDR compared with Microsoft Defender?
    Top Answer:Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface… more »
    How does Crodwstrike Falcon compare with Sophos Intercept X?
    Top Answer:I like that Crowdstrike Falcon allows me to easily correlate data between my firewalls. Its detection and machine… more »
    What do you like most about Sophos Intercept X?
    Top Answer: It is a very scalable solution.
    Read all 65 answers   →
    What is your experience regarding pricing and costs for Sophos Intercept X?
    Top Answer:The solution offers both a three-year license and an annual license. I would rate the product's pricing a one out of… more »
    Read all 39 answers   →
    Comparisons
    Also Known As
    Cisco AMP for Endpoints
    Cyvera, Cortex XDR, Palo Alto Networks Traps
    Intercept X
    Learn More
    Cisco
    Video Not Available
    Palo Alto Networks
    Sophos
    Overview

    Cisco Secure Endpoint is a comprehensive endpoint security solution that natively includes open and extensible extended detection and response (XDR) and advanced endpoint detection and response (EDR) capabilities.

    Secure Endpoint offers relentless breach protection that enables you to be confident, be bold, and be fearless with one of the industry’s most trusted endpoint security solutions. It protects your hybrid workforce, helps you stay resilient, and secures what’s next with simple, comprehensive endpoint security powered by unique insights from 300,000 security customers and deep visibility from the networking leader.

    Learn more about Secure Endpoint: www.cisco.com/go/endpoint

    Cisco Secure Endpoint was formerly known as Cisco AMP for Endpoints.

    Reviews from Real Users

    Cisco Secure Endpoint stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to easily secure their endpoints with one single operation using its management console and its advanced alerting techniques.

    Tim C., an IT manager at Van Der Meer Consulting, writes, "The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."

    Wouter H., a technical team lead network & security at Missing Piece BV, notes, "Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."

    Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

    Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

    Benefits of Cortex XDR

    Some of Cortex XDR’s benefits include:

    • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
    • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
    • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

    Reviews from Real Users

    Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

    PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

    Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”



    Sophos Intercept X is an EPP (endpoint protection for business) tool that uses deep learning malware detection, exploit prevention, anti-ransomware, and more, to stop attacks. The solution has key security capabilities to protect your company’s endpoints. Sophos Intercept X is a well-thought-out and designed solution that is comprehensive. Large companies with an IT team and many endpoints to protect are the most suitable for this solution.

    Sophos Intercept X Features

    Sophos Intercept X has many valuable key features. Some of the most useful ones include:

    • Malware detection: The Sophos Intercept X platform uses artificial intelligence (AI) to proactively identify malware threats.
    • Anti-ransomware and exploit prevention: Sophos Intercept X designed solutions for CryptoGuard and exploit prevention.
    • EDR and managed threat response: The Threat Analysis Center is Sophos Intercept X’s endpoint detection and response product. The Threat Analysis Center breaks down where the threat originated and maps out its attack chain. It also suggests next steps, helping you quickly isolate compromised endpoints to stop an attack from spreading.
    • Central console: The platform comes with Sophos Central, a web-based console centralizing all endpoint security capabilities into one interface. This feature allows you to set security policies, alerts, and other configurations from a single location.
    • Reporting and analytics: Its analytics help IT teams monitor the health of networks and create greater effectiveness in identifying security issues. The reports help proactively flag security flaws, such as unprotected endpoints, before an attack strikes. Some reports include scheduling abilities as well.

    Sophos Intercept X Benefits

    There are many benefits to implementing Sophos Intercept X. Some of the biggest advantages the solution offers include:

    • Extensive collection of security products: Sophos offers an extensive collection of security products, making it a complete tool for all of your security needs.
    • Separate dashboards: The solution’s separate dashboards can accommodate your company’s diverse products. The dashboards include graphs and alerts detailing the status of your network.
    • Intuitive interface: The solution’s interface is intuitive and clearly labels the platform’s various features. This makes navigation simple and quick when jumping between functionality from endpoint protection to email security management.
    • Useful resources: The Sophos portal provides a lot of help content, including an online self-serve knowledge base with articles and how-to video walkthroughs. In addition, the platform conveniently links you to relevant help content directly within Sophos Central.

    Reviews from Real Users

    Sophos Intercept X is a solution that stands out when compared to many of its competitors. Some of its major advantages are its ease of management, effective blocking capabilities, and good security.

    A President at a tech vendor says, "The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer."

    PeerSpot reviewer Ashis D., Hybrid Cloud Engineer at a tech services company, comments, “So far, the solution has met all our expectations. It's blocked malicious websites effectively and stopped people from going to places online that they shouldn't be going to. It's automatic. We simply took the default settings and we were finding people right away that were going to illicit sites, and we were able to see that easily in the console. The package we use also comes with spam filtering features, which are quite useful.”

    Mike P., Senior CyberSecurity Architect and Mentor at BlueTeamAssess LLC, states, "The most valuable feature of Intercept X is its ability to stay ahead of the infection. By the time the ransomware spreads to the next machine in line, the data has already been encrypted on that workstation. It didn't matter what the ransomware did because I could go in and get it back."

    An Information Systems Coordinator at an insurance company mentions, “It's very good at security and protection. It offers very good reports.”

    Offer
    Learn more about Cisco Secure Endpoint
    Learn More
    Learn more about Cortex XDR by Palo Alto Networks
    Learn More
    Learn more about Sophos Intercept X
    Learn More
    Sample Customers
    Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank
    CBI Health Group, University Honda, VakifBank
    Flexible Systems
    Top Industries
    REVIEWERS
    Computer Software Company12%
    Healthcare Company12%
    Comms Service Provider12%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Government9%
    Financial Services Firm7%
    Comms Service Provider7%
    REVIEWERS
    Computer Software Company16%
    Financial Services Firm14%
    Security Firm9%
    Consumer Goods Company7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government9%
    Comms Service Provider7%
    Financial Services Firm7%
    REVIEWERS
    Financial Services Firm14%
    Manufacturing Company14%
    Computer Software Company11%
    Real Estate/Law Firm9%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider9%
    Government7%
    Educational Organization7%
    Company Size
    REVIEWERS
    Small Business32%
    Midsize Enterprise24%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise17%
    Large Enterprise55%
    REVIEWERS
    Small Business42%
    Midsize Enterprise22%
    Large Enterprise37%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise18%
    Large Enterprise57%
    REVIEWERS
    Small Business60%
    Midsize Enterprise18%
    Large Enterprise22%
    VISITORS READING REVIEWS
    Small Business38%
    Midsize Enterprise19%
    Large Enterprise43%
    Buyer's Guide
    Cortex XDR by Palo Alto Networks vs. Sophos Intercept X
    May 2023
    Free Report: Cortex XDR by Palo Alto Networks vs. Sophos Intercept X
    Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Sophos Intercept X and other solutions. Updated: May 2023.
    DOWNLOAD NOW
    708,461 professionals have used our research since 2012.

    Cortex XDR by Palo Alto Networks is ranked 4th in EPP (Endpoint Protection for Business) with 46 reviews while Sophos Intercept X is ranked 9th in EPP (Endpoint Protection for Business) with 41 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Sophos Intercept X is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Easy to set up, reliable, and always scanning". On the other hand, the top reviewer of Sophos Intercept X writes "Complete solution, scales well, is reliable, has competitive pricing, and has excellent technical support". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Darktrace, SentinelOne Singularity Complete and Check Point Harmony Endpoint, whereas Sophos Intercept X is most compared with Microsoft Defender for Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon, Kaspersky Endpoint Security for Business and ESET Endpoint Security. See our Cortex XDR by Palo Alto Networks vs. Sophos Intercept X report.

    See our list of best EPP (Endpoint Protection for Business) vendors and best Ransomware Protection vendors.

    We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.