We changed our name from IT Central Station: Here's why

RSA NetWitness Endpoint vs Sophos EPP Suite comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about RSA NetWitness Endpoint vs. Sophos EPP Suite and other solutions. Updated: January 2022.
564,729 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It doesn't impact the devices. It is an agent-based solution, and we see no performance knock on cell phones. That was a big thing for us, especially in the mobile world. We don't see battery degradation like you do with other solutions which really drain the battery, as they're constantly doing things. That can shorten the useful life of a device.""The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious.""Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP.""It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.""Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source.""Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us.""The most valuable feature is signature-based malware detection.""The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."

More Cisco Secure Endpoint Pros →

"This solution allows us to locate the malware in real-time.""They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."

More RSA NetWitness Endpoint Pros →

"The most valuable feature is data loss prevention.""Sophos EPP Suite's most valuable feature is ease of use.""It's easy to deploy.""Great cloud management.""Synchronized security is a great feature. My firewall knows exactly what is happening in my endpoint.""The central management of the anti-virus features for our end user is a very valuable aspect of the solutions.""The solution's most valuable aspect, for us, is the DLP portion of the product.""It's very simple to use. The managing of the endpoints is very easy."

More Sophos EPP Suite Pros →

Cons
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time.""I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products.""...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal.""The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications.""I would like to see integration with Cisco Analytics.""We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way.""The GUI needs improvement, it's not good.""We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."

More Cisco Secure Endpoint Cons →

"I would like to see Security Orchestration and Response Automation (SOAR) integration."

More RSA NetWitness Endpoint Cons →

"Technical support needs to be improved.""It would be ideal if the price could be lowered a little bit.""The solution isn't quite accurate enough. It provides a lot of false positives.""The management console need improvement.""If we could bypass the first couple of levels of support when we have a problem then it would be easier and quicker when we need an issue resolved.""The solution lacks technical support.""Sophos is lacking in the granularity of optimization, so having more control would be better.""In the future, I would like to see better third-party integration so that it can work in conjunction with our ticket system."

More Sophos EPP Suite Cons →

Pricing and Cost Advice
  • "The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost."
  • "Whenever you are doing the licensing process, I would highly advise to look at what other Cisco solutions you have in your organization, then evaluate if an Enterprise Agreement is the best way to go. In our case, it was the best way to go. Since we had so many other Cisco products, we were able to tie those in. We were actually able to get several Cisco security solutions for less than if we had bought three or four Cisco security solutions independently or ad hoc."
  • "In our case, it is a straightforward annual payment through our Enterprise Agreement."
  • "Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection."
  • "There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization."
  • "The Enterprise Agreement is like an all-you-can-eat buffet of Cisco products. In that vein, it was very affordable."
  • "We can know if something bad is potentially happening instantaneously and prevent it from happening. We can go to a device and isolate it before it infects other devices. In our environment, that's millions of dollars saved in a matter of seconds."
  • "The pricing and licensing are reasonable. The cost of AMP for Endpoints is inline with all the other software that has a monthly endpoint cost. It might be a little bit higher than other antivirus type products, but we're only talking about a dollar a month per user. I don't see that cost as being an issue if it's going to give us the confidence and security that we're looking for. We have had a lot of success and happiness with what we're using, so there's no point in changing."
  • More Cisco Secure Endpoint Pricing and Cost Advice →

  • "The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
  • "The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
  • More RSA NetWitness Endpoint Pricing and Cost Advice →

  • "We purchased a three-year license, which gave us a large discount."
  • "Pricing could always be lower. It costs around $120 per seat per year."
  • "Sophos is cheaper than some competing products."
  • "We are on an annual license to use the solution."
  • More Sophos EPP Suite Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Endpoint Protection for Business (EPP) solutions are best for your needs.
    564,729 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    The most valuable feature is signature-based malware detection.
    Top Answer: 
    Licensing fees are on a yearly basis and I am happy with the pricing.
    Top Answer: 
    The GUI needs improvement, it's not good. There are false positives in emails. At times, the emails are blocked and… more »
    Top Answer: 
    They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web… more »
    Top Answer: 
    There are different licenses available for the use of this solution. The license that comes with support is more… more »
    Top Answer: 
    RSA NetWitness Endpoint is used to get an instant detection response from network threats. Additionally, it has the… more »
    Top Answer: 
    This product is quite stable and there are no problems with it.
    Top Answer: 
    Sophos is lacking in the granularity of optimization, so having more control would be better.
    Comparisons
    Also Known As
    Cisco AMP for Endpoints
    RSA ECAT
    EPP Suite
    Learn More
    Overview

    Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.

    RSA NetWitness Endpoint is an endpoint detection and response solution that employs a combination of live memory analysis, continuous behavioral monitoring, and advanced machine learning to detect known, new, unknown, and non-malware threats that other solutions miss entirely. RSA NetWitness Endpoint helps focus investigations amid thousands of alerts and offers 3X the impact for security teams by considerably reducing attacker dwelltime and accelerating threat response.
    Protect every user and every device from malware, spam, data loss and more with our Enduser Protection bundles. Only Sophos delivers best-of-breed endpoint, mobile, encryption, email and web security solutions licensed per user and backed by the best support in the industry.
    Offer
    Learn more about Cisco Secure Endpoint
    Learn more about RSA NetWitness Endpoint
    Learn more about Sophos EPP Suite
    Sample Customers
    Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank
    ADP, Ameritas, Partners Healthcare
    EK Services
    Top Industries
    REVIEWERS
    Healthcare Company13%
    Manufacturing Company13%
    Government13%
    University7%
    VISITORS READING REVIEWS
    Comms Service Provider24%
    Computer Software Company23%
    Government7%
    Financial Services Firm5%
    VISITORS READING REVIEWS
    Computer Software Company30%
    Comms Service Provider21%
    Government7%
    Financial Services Firm5%
    REVIEWERS
    Healthcare Company25%
    University13%
    Construction Company13%
    Non Profit13%
    VISITORS READING REVIEWS
    Comms Service Provider24%
    Computer Software Company23%
    Government5%
    Retailer4%
    Company Size
    REVIEWERS
    Small Business39%
    Midsize Enterprise18%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise21%
    Large Enterprise51%
    REVIEWERS
    Small Business63%
    Midsize Enterprise13%
    Large Enterprise25%
    REVIEWERS
    Small Business65%
    Midsize Enterprise13%
    Large Enterprise22%
    Find out what your peers are saying about RSA NetWitness Endpoint vs. Sophos EPP Suite and other solutions. Updated: January 2022.
    564,729 professionals have used our research since 2012.

    RSA NetWitness Endpoint is ranked 31st in Endpoint Protection for Business (EPP) with 2 reviews while Sophos EPP Suite is ranked 18th in Endpoint Protection for Business (EPP) with 12 reviews. RSA NetWitness Endpoint is rated 10.0, while Sophos EPP Suite is rated 8.4. The top reviewer of RSA NetWitness Endpoint writes "Good performance and reporting, and can discover unknown malware using signatureless detection methods". On the other hand, the top reviewer of Sophos EPP Suite writes "Great DLP, very easy initial setup, and quite stable". RSA NetWitness Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Symantec End-User Endpoint Security, Carbon Black CB Defense and Cortex XDR by Palo Alto Networks, whereas Sophos EPP Suite is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Trend Micro Deep Security, Cortex XDR by Palo Alto Networks and Seqrite Endpoint Security. See our RSA NetWitness Endpoint vs. Sophos EPP Suite report.

    See our list of best Endpoint Protection for Business (EPP) vendors.

    We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.