Intercept X Endpoint Reviews

We use Intercept X Advanced along with Sophos EDR (Enhanced Data Detection and Response).  

We use it for our servers and clients as advanced protection. It is not just a simple virus scanning product.  

We use it to work with clients and it is installed on five servers. At this time we have only installed it at one customer site. But we plan to continue to expand.  

The most valuable part of the solution in our use case is client isolation. It is a good feature.  

What I think Sophos can improve is with the data-loss feature, especially when it comes to using USB sticks and USB hard disks. The feature blocks access to these USB sticks and disks and there seems to be no immediate workaround for that. Our customer was not satisfied with the feature. We actually ended up having to deactivate this feature because it is too aggressive and could not meet the client's needs.  

We started using Sophos Intercept X in December of 2019.  

We have not had a problem at all with the stability.  

It is easy to scale this product. As far as the typical organization size that it fits, I would say it is suited for smaller and medium-sized companies. We have not yet installed it at a large customer site, so I cannot answer about large or enterprise companies specifically.  

To this point, I have not had a need to use Sophos support for Intercept X specifically.  

I have used Sophos support for other products that we use. Sophos support for XG is okay if it is just regarding questions about the product. I did not have any problems with them in getting a good answer to questions about the product or installations. But when it comes to device defects, then it can take four to six weeks to get a solution. In that case, the support is really not satisfactory. It does not satisfy me and it is really unacceptable.  

We did use other solutions in the past, including Trend Micro, Symantec, and Kaspersky. The main difference between Sophos Intercept X and the other products is the client reservation feature. I believe that is a standalone point for Sophos as it is the only product that has it. It allows particular hosts to always use the same IP address which is sometimes desirable.  

The administration of Trend Micro is one thing which I like about that product. It is very easy to use. I would say that Trend Micro is better than Sophos on that point.  

We switched to Sophos because we are selling Sophos firewalls already. The Sophos Intercept X product works better with these firewall solutions than other virus scanning products from different vendors. We decided to keep to the same vendor for a more unified solution.  

We started to work with Sophos Endpoint Protection originally and we are on Bonfire XG as well. It is convenient to expand out working with the brand as a partner.  

The initial setup for the product is not simple. It is medium to complex to install and setup.  

After deploying it takes only me and the customer team for maintenance. Really one person can do it. So there is just one person at my company and I have communication with one colleague at the customer site.  

We did not need outside help from a vendor to handle the deployment. I did it myself and we are a partner with Sophos.  

Advice that I would have for people considering using virus scanning is that I, personally, would not use Sophos Endpoints. That is the simplest edition of the Sophos virus protection product line. I would use Intercept X Advanced as the entry-level product as the other, simpler product, is not robust enough to provide acceptable protection for businesses in my estimation.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Sophos Intercept X as a seven. First, I never give a ten because every product can be improved. Second, I subtract two points because of my experience with the data loss feature and how it behaves with USB drives.  

We primarily use the solution to protect our company from ransomware and malware attacks.

The product is very complete.

There are products that are technically stronger. However, this product has everything in one solution, which makes it a strong endpoint option. 

There are good functionalities for advanced incorporation and good ADI functionalities that work well specifically against dangerous strains of malware and ransomware.

Since 2015, Sophos is trying to integrate its products with synchronized security. The communication from UTM to the agent goes both ways. It allows the platform to gain a very high amount of data about the Endpoint's telemetry and to give the administrators a lot of visibility. A lot of other platforms cannot synchronize with other security ICT solutions and cannot guarantee the same visibility at all. 

The ADR functionalities feel like they aren't mature enough. It hasn't been a long time since Sophos has offered reproduction. Due to the fact that it's so young, it has fewer functionalities than other and more mature ADR solutions. 

Sophos would benefit from a cloud server implementation on top of the cloud provider (whether it's Google, Amazon, Azure, etc.). The solution is great, however, it's still intended for traditional off-cloud usage. It's focused on endpoint protection of the end-user. It's less targeted on servers, especially Linux or newer implementations that have microservices contained within the environment.

I've been using the solution for about five years now.

The stability is good. We haven't seen any issues that would make us believe it is unreliable. We haven't had crashes. I don't really recall bugs or glitches.

The solution really targets medium-sized enterprises. Therefore, it's not a problem to scale until it reaches 5,000 users. Most of the Italian market would fit into this category, and therefore, it works pretty well for most organizations here.

I can say that I'm happy with the level of technical support we've received so far. In my experience, they are quick. There also isn't a language barrier. There is an Italian support team, which means we can speak with them in Italian. It's always easier than trying to explain difficult problems in other languages. They are quite efficient so I'm quite satisfied.

I am a customer, however, I also have a partnership relationship with Sophos due to the fact that we are a security system integrator and post-security system integrator. That means we not only use Sophos, but we also propose it to our clients. 

I'd rate the solution nine out of ten.

I would recommend Sophos as one of the platforms to take into account when looking for a solution that would work for a mid-sized company. Whether it's the ideal solution or not depends on what objectives and goals the organization has. Those need to be taken into account when evaluating a potential solution.  

That said, generally speaking, I would recommend Sophos. If you compare the environment, the scope, objectives, and goals of the organization, you'll be able to decide if Sophos would be right for you.

The forensics within the solution are quite good. The ransomware mitigation is also impressive.

We haven't had any issues with the solution, so I can't speak to any improvements that can be made at this time.

The solution is stable.

The solution is scalable.

The technical support of the solution is satisfactory. We've never had any problems or issues dealing with them.

We're a reseller for Sophos.

The newest release has got the EDR, so I think they're moving in the right direction in terms of the development. 

I'd rate the solution ten out of ten.

The primary use case is for protection. We sell this solution to our customers.

The most valuable features are the range and restriction. This is why our users choose Intercept X.

To be a perfect product, the price would have to be a bit better.

This solution is stable.

We haven't had any issues with Sophos Intercept X and we haven't had any complaints from our customers.

This solution is scalable.

We have one customer who is scaling quickly, increasing by ten to twenty users each month. We sell them new licenses, put them in their client central, and all they have to do is pull it out to their new devices. 

We have contacted Sophos technical support in the past, but not Intercept X.

For our customers, the deployment of Sophos Intercept X is easy and it's easy to manage.

The price is pretty good.

For my customers who do not want the range and restriction features, I instead recommend using Windows Defender.

I would recommend this solution if they want endpoint protection.

Always check the Sophos Central to make sure that the device is activated with the current updates and scanning.

Customers should log onto the portal to see if the scan has been updated.

I would rate this solution an eight out of ten.

Clients primarily use the solution for ransomware.

There isn’t a specific feature; the solution itself secures your infrastructure. We had a partner whose client was using a different solution that was hit by ransomware recently. It was an inferior product and it didn’t protect them. They didn’t buy a license to protect them for ransomware. After that, the client switched to Sophos to get the protection they lacked. It either works or it doesn’t and Sophos works.

We’ve only been using the solution for two months, so we don’t have a grasp of the full system to comment too much.

They might want to offer an MSP model for licensing, to offer the solution as a software as a service.

The solution is pretty stable.

The solution is easily scalable to thousands of users. It’s very capable.

So far, we haven’t had to deal with technical support at all.

The initial setup is easy.

We are distributors of Sophos.

I’d rate the solution ten out of ten. I think Sophos is at the top of their game and offering a good protection solution.

I work with a number of Sophos products, mainly those managed through Sophos Central.

I provide general support for this solution, and my experience is with deployment and some configuration. I have been using the premium edition at home for more than a year, and have been dealing with training and support for approximately six months.

We are using this solution for cloud-based support, and using a cloud-based deployment.

We provide managed services to Sophos clients as part of our business offering.

The performance of this solution is good. This product does not overload the machine, even on relatively old hardware. It is a good experience in terms of CPU utilization, and how many of the cycles are going to the antivirus scanner.

This solution is easy to install, and it is flexible in terms of configuration.

The centralized management is a great feature for assigning certain policies to machines.

All of the features are very important for anyone who is supporting a large number of computers.

The price of this solution can be improved. The lesser the price, the more people will purchase it in the future, and it will become more popular and more widespread.

I have never seen the "Blue Screen of Death" based on interactions between Sophos and the operating system. Similarly, I have not seen the computer stuck, or frozen during the virus scanning process. My overall impression of stability is very good.

I would rate the technical support for this solution a nine out of ten.

This product works as expected. From the point of view of a Sophos Trainee and Sophos Support Specialist, I admire what this product is doing. It is flexible and the management console is easy to work with.

Overall, this product is doing fine and I have nothing to complain about.

My advice to anybody who is researching similar solutions is that if they are looking for something that is simple and reliable, then this is a good choice. There will be less effort from the local IT support, and they will have well covered and protected endpoints. If they are not willing to spend a lot of time designing policies, precisely tuning everything for maximum performance and protection, then Sophos is the best choice. With very little effort you have a fully functional and very secure system.

Sophos is the best in its class, although there are no perfect systems.

I would rate this solution a nine out of ten.

We are providing this product and support for it in many sectors like health care, retail, sports, and communication sectors. We are also working with Sophos, but with Sophos Endpoint, not XG, or Sophos UTM. We work with Raya (Contact Center) that provides services here in Egypt (they are also using Sophos 550 XG models).

It improves organizations by providing dependable, intelligent attack defenses.

The most valuable feature in Intercept is its engine for machine learning. It is awesome. Its detection capabilities are saving many of our customers' databases from ransomware and other random attacks. The most interesting thing in the Sophos center is the EDR. It is easy to manage and work with. There is no need to have a cyber-security team define its tasks. In the next few years, it will be an agent EDR.

I guess really the best part of the package is the same thing that could use the most improvement. The machine learning is good and it is already developed in the database and its engine. I guess they already have processes to cover more intelligent attacks. I am not sure about the improvements possible in this area. They have developed it to discover new attacks. But it is just an engine. There are no features that users have to look inside it. I think allowing more user modification could improve this at least for purposes of customization. But I don't know if it is possible and it is just to continue to improve on what already works.

As far as added features, I would like to see some type of event management in the product. It should not just depend on the logs only. It would be something to deal with the events on PCs in a similar way to enhance the effectiveness of Intercept X and EDR. 

The stability of the product is very good as is the performance. As it works in the background there is never instability in the form of hanging at the work stations or producing false positives. It is very easy to deploy, very simple to use, very light on the operating systems' resources. But there are some guidelines that customers or anyone making the deployment have to keep in mind. They have to make rules and use the product intelligently to avoid any extra false positives or any performance issues. For example, they will want to make full scanning of the environment in times where there is a lower load on the system — in off-hours and not during the prime-time hours. But that responsibility is on the operator. 

The performance of the product itself is very stable and very good.

Scalability can happen in one click. If you have another device to add to the environment, you just make the deployment from the server on-premises. The customer does not have to depend only on the cloud server to scale. They also have an on-premise server that makes the rules between the cloud and the LAN environment to avoid any internet disconnects, or bandwidth and performance issues. They can depend on the cache server to communicate on behalf of the client to the on-cloud dashboards.

I personally think the company's technical support is perfect. They always address issues satisfactorily.

The initial setup is very straightforward.

I am not just using it in our department, we are also dealing with installations for customers. We play the role of IT. We enable Sophos products for partners. We do all the work if the customer doesn't have a technical team. We make projects for implementation and providing training.

On a scale from one to ten, I would rate Intercept X as a nine out of ten. I don't think I can rate any software security product a ten because nothing in software security is100%. 

We are deploying Intercept X on Cloud, not on-premises. The reason for this is because the previous versions of Sophos made the agents different between the anti-virus, endpoint and the Intercept X. Now with the Cloud, Sophos is making one agent for the three technologies — the endpoint, Intercept X, and EDR (Intelligent Endpoint Detection and Response). The three components are in one agent and managed by one dashboard, Sophos Central.

Our primary use case for this solution is to offer a complete and monitored solution regarding ransomware protection to all my clients & servers.

Sophos improved our organization allowing us to setup a very efficient solution, cloud managed, introducing a new modern concept: Syncronized Security (between Firewall and end-point)

A valuable feature offered by Sophos is called Naked Security and it entails the control managed by the firewall on the site regarding the desktop client interfacing with our cloud client. So we have a central management console where we can observe and act and manage all our customers. It's like a proper perfect solution.

Something that could be improved is to better integrate all different platform available at the moment (not only allow pcs, servers but also other o.s. platforms, Android & IOS and so on too). It should be more user-friendly, automated and able to manage and analyze the logging of the operation, provided that Intercept X is one part of a more complete security solution (Syncronized Security - between firewall, endpoint, mobile devs). Logging & reporting is very important for us, especially in Italy.

I am satisfied with the program's stability. There were some maintenance problems, but very rarely. We generally receive an alert from Sophos when there will be maintenance operations, so we can plan accordingly.

The program is very scalable. We have about 300 computers, servers, work stations and mobile devices in our company. We have one staff member who is responsible for maintenance. We are all system integrators in our office and we plan to increase our usage soon.

The support wasn't very good initially, but they became better. Compared to other brands' support, I'm quite satisfied about the support we get now.

We used a few different products to achieve one objective, but now, with Sophos Intercept, we've solved our problem, reducing dramatically manual monitoring activities.

The initial setup was not very user-friendly, but it improved during the evolution. It was rather difficult at first. Our deployment took half a day. Especially if we consider the Intercept X inside the final solution. We had to plan the setup. It all depends on the number of clients, of course. We did everything by ourselves because we are certified partners; we don't need external consultants.

We pay an annual license fee.

My advice to others would be to get certification over time because without certification, it's not so easy to setup and use. Users should familiarize themselves with all the features of the program. On a scale of one to ten, my rating is nine, because of the few missing features that I think should be added in a close future.