We performed a comparison between SentinelOne and Sophos Intercept X based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: SentinelOne comes out on top in this comparison due to its easy setup, high performance, attractive price, and impressive ROI.
"The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful."
"The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected."
"It's quite simple, and the advantage I see is that I get the trajectory of what happened inside the network, how a file has been transmitted to the workstation, and which files have got corrupted."
"The most valuable feature is signature-based malware detection."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The solution offers excellent detection and integration capabilities."
"SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice."
"The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring."
"The product can scale as needed."
"SentinelOne has helped us to improve our security by fine-tuning our current use cases and creating new ones."
"Sentinel One has improved our organization by protecting the environment we are working in."
"The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."
"The remediation and rollback features are pretty impressive."
"The most valuable feature is the anti-ransomware capability. It's been helpful because we have been seeing a lot of information around what the ransomware hit."
"I have found the most valuable feature to be the EDR."
"The threat analysis center is nice."
"I consider the heuristics to be most valuable, the fact that the solution does not work solely on signatures."
"I like the way it goes beyond the office space. Being a cloud-based solution makes it very easy to manage your endpoints within the office. In this time of COVID, you can also very effectively manage people who are working from home."
"Sophos Intercept X has a host of valuable features, including its anti-malware feature, which we considered key."
"The solution is easy to install."
"Ransomware protection is the most valuable feature of this solution."
"The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"This product has issues with the number of false positives that it reports."
"In terms of the user experience, if the UX design could be much simpler [that would improve things]... if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something."
"Logging could be better in terms of sending more logs to Cisco Firepower or Cisco ASA. That's an area where it could be made better."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"The GUI needs improvement, it's not good."
"SentinelOne can improve by having better integration with Active Directory."
"It would be good to see some small tools to test files or hashes that are a potential threat, I know there are already products offering this."
"I'd like to see more documentation."
"We need to analyze the threats and make decisions based on that, so the analytics could be better at analyzing exactly where the threats are coming from."
"The solution does not have an application security and control module."
"Email security should also integrate with it to get more visibility on it."
"SentinelOne could improve by creating an autopilot or automated way to roll out the solution more efficiently which would be helpful."
"I would like to have the same features such as ransomware that are available on the cloud version of SentinelOne also made available for the on-prem version because a lot of people in our region are not ready for cloud solutions."
"From the management side, we receive detailed information. Sophos has many features, such as Threat Hunting but that comes with the XDR version of the solution. There's Sophos Intercept X and then there's Sophos Intercept X with XDR technology. We bought the XDR and then now the MTR, Managed Threat Response version available too. They have different packages for clients which gives them different options to pick from. If Sophos could combine more features into one package it would be beneficial."
"Sophos Intercept X doesn't have its own firewall that utilizes the Windows Firewall or intrusion prevention."
"Needs more flexible reporting, particularly for medium to large size companies."
"This solution is not in the high ratings on many of the top review sites. This solution has to be near the top for me to continue using it."
"The solution is heavy in the usage of resources, you can notice the performance decrease. This should prove in the future."
"Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."
"It consumes a lot of resources, and something needs to be done for that."
"Through Sophos Central I would like to see the ability to zero in and produce a report about the challenges being faced by a particular machine and user, to know if a virus is appearing only on that specific machine or also on others."
More SentinelOne Singularity Complete Pricing and Cost Advice →
SentinelOne Singularity Complete is ranked 3rd in EPP (Endpoint Protection for Business) with 55 reviews while Sophos Intercept X is ranked 9th in EPP (Endpoint Protection for Business) with 45 reviews. SentinelOne Singularity Complete is rated 8.6, while Sophos Intercept X is rated 8.4. The top reviewer of SentinelOne Singularity Complete writes "Provides deep visibility, helpful and intuitive interface, effectively prevents ransomware attacks ". On the other hand, the top reviewer of Sophos Intercept X writes "Complete solution, scales well, is reliable, has competitive pricing, and has excellent technical support". SentinelOne Singularity Complete is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Darktrace, Bitdefender GravityZone Ultra and Cortex XDR by Palo Alto Networks, whereas Sophos Intercept X is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, ESET Endpoint Security and Cortex XDR by Palo Alto Networks. See our SentinelOne Singularity Complete vs. Sophos Intercept X report.
See our list of best EPP (Endpoint Protection for Business) vendors and best EDR (Endpoint Detection and Response) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.