We performed a comparison between ExtraHop Reveal(x) 360 and Intercept X Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The integration, visibility, vulnerability management, and device identification are valuable."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"It has great stability."
"Microsoft 365 Defender is a stable solution."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"It stands out for its intuitive and efficient user interface, robust detection capabilities with minimal false positives, and the ability to handle encrypted traffic, making it a valuable asset for network security and management."
"It is scalable."
"It is very easy to collect and handle data in ExtraHop Reveal(X) Cloud. Integration with Big Data is also easy. Many of our customers integrate it with Big Data platforms like Splunk or Elastic. It is also easy to handle and easy to understand."
"The threat analysis center is nice."
"We find all features valuable. It has zero-day protection, which is the most valuable feature of Intercept X. We have Intercept X with EDR. EDR is a very important feature. It gives an idea about the source of a particular attack. An administrator gets to know everything, which helps in understanding the things that need to be done or protected in the organization. Based on this information, an administrator can decide what needs to open or allowed in the network. Without EDR, Intercept X is like an antivirus, and the administrator won't get to know the things going on at the organizational level. I recommend purchasing an EDR solution for every organization."
"The most valuable feature is the CryptoGuard in Sophos. In a case of a ransomware attack, this feature comes into action to protect us."
"It is one of the best in terms of technicality."
"It is stable."
"We most value the price and interface quality with Sophos Intercept X. We focus on solution quality."
"I have found the most valuable feature to be the EDR."
"It is a very scalable solution."
"Stability could be improved by avoiding frequent changes to the interface."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"A drawback includes bucket storage limitations for payload data, necessitating timely extraction for thorough investigations."
"They can include integration with SAP. Currently, no vendor provides network performance monitoring in the SAP market. It is a very big market. We have around 400 customers for SAP in Korea. In the USA, there are more than 10,000 customers."
"There needs to be more support."
"We had some initial problems with our deployment, and they were more around uninstalling Sophos Basic and installing Sophos Intercept X. We had some challenges with some of the uninstallation scripts. They can improve the deployment of Sophos Intercept X when there is already an existing Sophos version. They can also provide more information in the form of best practices and lessons learned from previous findings. A knowledge base with this type of information would be helpful."
"The pricing could be a bit lower to match the normal retail pricing."
"They don't have the full stack of offerings as compared to the other competitive products that we see."
"This solution is not in the high ratings on many of the top review sites. This solution has to be near the top for me to continue using it."
"There is some issue with the reporting and refreshing information on resources that have been eliminated."
"It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first."
"Technical support is too slow to schedule meetings."
"Should include additional integration."
ExtraHop Reveal(x) 360 is ranked 23rd in Extended Detection and Response (XDR) with 3 reviews while Intercept X Endpoint is ranked 8th in Extended Detection and Response (XDR) with 101 reviews. ExtraHop Reveal(x) 360 is rated 8.6, while Intercept X Endpoint is rated 8.4. The top reviewer of ExtraHop Reveal(x) 360 writes "A competitive choice for network detection and response with exceptional user interface, ease of implementation and minimal false positives". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". ExtraHop Reveal(x) 360 is most compared with ExtraHop Reveal(x), Forescout Platform and Corelight, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Fortinet FortiClient. See our ExtraHop Reveal(x) 360 vs. Intercept X Endpoint report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
