We performed a comparison between Crowdstrike Falcon and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, the two products are very similar. Crowdstrike Falcon comes out ahead in this comparison simply because it is easier to deploy than Sophos Intercept X.
"Microsoft 365 Defender is a good solution and easy to use."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"I have found the ability to delete unwanted threats beneficial."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools."
"The most valuable feature is that we don't need to re-image machines as much as we had to."
"We like Falcon's network visibility. We can see how threats are evolving on PCS or in the company network. The solution's real-time incident response is very fast."
"The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control."
"Falcon's best feature is its detection and blocking of threats."
"The automatic alert feature is the most important feature of the solution."
"Scalability hasn't been an issue for us."
"It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff."
"Malware protection and application blocking are absolutely great. The DLP and malware features are very helpful. It is also very user-friendly, reliable, and scalable. It is easy to set up. We are also happy with its price and support."
"The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer."
"It is not just a simple virus scanning product. It handles more advanced needs."
"Intercept X's smart prevention it's very good as so are its machine learning capabilities for troubleshooting channels and files."
"Intercept X helps with internal alerts, application access, and triggering support teams."
"It is a very scalable solution."
"This solution is easy to configure."
"Very stable solution."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The portal can be clunky to navigate at times and has room for improvement."
"I would rate it an eight out of ten. It does what it needs to do but there's always room for improvement."
"The management of log aggregation is in need of improvement."
"I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup."
"This solution is relatively expensive."
"I would also like to see the endpoint firewall component produce some level of logging and feedback."
"In terms of features, I would like them to add detailed logging functionality in CrowdStrike. Currently, CrowdStrike detects the threats immediately based on the IOCs and the signature-based policies or many threat behaviors, but in terms of logging those threats, it is not very good. The information that they provide in the logs is very little. They can build more analytics into it."
"CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition."
"As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of."
"Sophos needs to create a YouTube channel with educational material for technicians or engineers."
"It has a performance hit on a local laptop. There's an agent installed and we are bothered a lot by it because it seems to be using a lot of computer resources."
"Stability-wise, we had issues with some clients which had to be dealt with manually. The issue was with that installation part."
"I recommend that Intercept X Endpoint should include a patch assessment feature. Various vendors offer virtual patching solutions, which could be a game-changer, especially for the financial sector where frequent service restarts are challenging. These solutions allow patching servers without the need for restarts. Incorporating these features into Intercept X Endpoint would enhance its effectiveness in securing endpoints and servers."
"There is room for improvement in terms of stability and updates."
"When there is an event generated by either the firewall or Intercept X, and the originating IP address is the same, these should be merged into a single event rather than two."
"The product’s DDoS and AI features must be improved."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. CrowdStrike Falcon is rated 8.8, while Intercept X Endpoint is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trellix Endpoint Security, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete, Fortinet FortiClient and Bitdefender GravityZone EDR. See our CrowdStrike Falcon vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.