We performed a comparison between Cortex XDR by Palo Alto Networks and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Overall, users of Cortex XDR by Palo Alto Networks give the product higher ratings because its deployment is easier, it has a great set of features, it is affordable, and the technical support is helpful.
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The comprehensiveness of Microsoft's threat detection is good."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"It has great stability."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The threat intelligence is excellent."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
"The protection offered by this product is good, as is the endpoint reporting."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"The patches on offer are very helpful."
"The most valuable features are the range and restriction."
"It is very easy to set up and easy to use. It is also not resource-intensive."
"It is easy to change the size of its capabilities, i.e. to expand processes or scale the size of users."
"It is not just a simple virus scanning product. It handles more advanced needs."
"I have found the most valuable feature to be the EDR."
"The product is user-friendly."
"Malware protection and application blocking are absolutely great. The DLP and malware features are very helpful. It is also very user-friendly, reliable, and scalable. It is easy to set up. We are also happy with its price and support."
"Intrusion detection and prevention would be great to have with 365 Defender."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."
"It is an enterprise-level solution. Its price could be less expensive."
"Dashboards do not allow everyone to see what's happening."
"They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."
"The price could be a little lower."
"If they had pulse rate detection, it would be better."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"There are not any solutions that are a 10 out of 10. A 10 would be perfect protection with no impact on the performance of the device. This is not the case, there is some impact on the performance of the device."
"When I use a proxy, I can bypass Sophos, which is an area that needs improvement."
"The ADR functionalities feel like they aren't mature enough. It hasn't been a long time since Sophos has offered reproduction. Due to the fact that it's so young, it has fewer functionalities than other and more mature ADR solutions."
"We had some initial problems with our deployment, and they were more around uninstalling Sophos Basic and installing Sophos Intercept X. We had some challenges with some of the uninstallation scripts. They can improve the deployment of Sophos Intercept X when there is already an existing Sophos version. They can also provide more information in the form of best practices and lessons learned from previous findings. A knowledge base with this type of information would be helpful."
"Better protection in the endpoint, server, and mobile is needed."
"Deployment on cloud needs to be carried out manually."
"The performance is very slow and should be faster."
"Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in EPP (Endpoint Protection for Business) with 29 reviews while Intercept X Endpoint is ranked 7th in EPP (Endpoint Protection for Business) with 23 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Intercept X Endpoint is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Easy to set up, reliable, and always scanning". On the other hand, the top reviewer of Intercept X Endpoint writes "It can get ahead of the ransomware attack and encrypt the data on clients in the path of the infection". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace and Symantec Endpoint Security, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and ESET Endpoint Protection Platform. See our Cortex XDR by Palo Alto Networks vs. Intercept X Endpoint report.
See our list of best EPP (Endpoint Protection for Business) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.