Sophos EPP Suite Reviews

Its primary use is for endpoint protection. 

Reduced our exposure to cyber risk while working from home during the pandemic.

It is doing its job. We use it for standard antivirus purposes and for making sure that people aren't downloading infected attachments. 

Because we use the cloud version, it is easy to maintain. We don't have to do anything to really maintain it. It gets updated automatically.

We use cloud services quite a bit. Therefore, I would like to see integration with other security tools besides endpoint so that I'm not managing different tools separately. I would prefer to have a single security solution for my laptop and for managing other security things like passwords.

I have been using this solution for over two years.

It is quite stable.

We haven't really tested the scalability because we are a small firm. We have just a few installations.

We haven't directly interacted with them. It is easy enough to self administer, so we haven't had the need to contact technical support.

It is very easy to set up.

Its installation is simple enough. We just installed it ourselves.

Price could always be lower of course, but I feel it is good value.

I would recommend this solution. It is a good solution for small firms that don't have very sophisticated requirements. If you are a large firm with a lot of specific requirements, then obviously, you need to do your homework, but for a small firm, it is fine. It is easy to install and administer.

I would rate Sophos EPP Suite an eight out of ten.

We use EPP Suite for a lot of things including DLP, EDR, device management, and application control.

The most valuable feature is data loss prevention.

The rollback feature that SentinelOne has would be a great addition to Sophos.

If we could bypass the first couple of levels of support when we have a problem then it would be easier and quicker when we need an issue resolved.

I have been using the Sophos EPP Suite for about six months.

This product has been very stable and we haven't had any issues.

We have been scaling its use to other parts of the organization and so far, that experience has gone fairly well. We have about 700 people using it at this point. The users include administrations, first-level users, who are reviewers, and the support team. The security team uses it for reporting purposes.

Technical support is very responsive and also very timely in their responses. It does take time to get through the first, second, and third-level calls, but for the most part, they are timely.

This is our first EDR product.

The initial setup is very simple.

Our in-house team deployed it. We did have a conversation with Sophos on how to get it deployed and testing it in our environment.

We purchased a three-year license, which gave us a large discount.

I have seen CarbonBlack and McAfee, although I have not worked with them enough to know the differences.

My advice for anybody who is implementing EPP Suite is to work with their integration team to learn the ins and outs of the product. They have got to spend a lot of time planning the process with Sophos, and Sophos has a team in place to help with that.

Overall, I would say that it is a good endpoint solution. I think that we're using every feature that they have. That said, I'm sure that there are some things that I'm missing.

I would rate this solution a nine out of ten.

We use the Sophos suite for a lot of things. We use it for the DLP and we can use it for the EDR. We use it for mobile device management and in application control as well. Those are some of the main uses of the application.

The solution's most valuable aspect, for us, is the DLP portion of the product. 

It's just a good endpoint solution. I can't say that it's better or worse than any other product, however, it has a pretty good feature set. There are good rules, etc.

That application, so far, is actually able to tell us if there are any issues with the machine and what they are.

I'm not sure if the solution is missing anything. For us, it seems to be covering our needs quite well.

The solution has a strange technical support process where you need to move through all of these tiers before you can get to someone who can help you. They should streamline the process and make it easier to speak to the correct level of support from the outset.

SentinelOne has what they call a rollback feature. It would be great if something similar was added to Sophos.

We've been using the solution for the past six months.

We've only been using the solution for six months. That said, it appears to be stable. We haven't had any issues. There aren't bugs and glitches, at least, not that I've experienced. It doesn't crash. It's been good.

So far, we've been able to scale the solution quite well. In terms of where we are right now, it's scaling quite well to other parts of the organization, and the experience has been pretty painless so far.

We've probably got about 700 to 800 people on it so far. We have administrators, and then first-level users, which I guess are just reviewers or support, and then support teams. That's probably about it. The security team, which is what I'm a part of, too, has access to the solution for reporting purposes.

We've been in touch with technical support.

They're very responsive and very timely in their responses. We find them to be quite knowledgeable as well. That said, you hate everything with the first level call and the second level call and the third level call. However, for the most part, they're very timely.

This is our first EDR solution, I probably don't have much to compare it to.

The initial setup was not complex at all. It was a straightforward implementation. Everything was very simple.

We handled the implementation ourselves completely in-house. We didn't hire any integrators or outside consultants.

I'm not sure of what our licensing costs are. There are two and three-year packages available. I know we took a three-year package with a large discount applied to it. I'm not sure if there are different tiers, like silver or platinum. There might be. I don't know what the differences would be between them if there are.

I've seen other solutions such as SentinalOne, Carbon Black, and McAfee. I've seen them, however, to be truthful, I can't really explain what I'm missing and what features these options offer instead.

We're just a Sophos customer. We don't have a special relationship with the client.

We're using the latest version of the solution.

In terms of adopting this technology, I'd advise other organizations to work with their integration team and know the products in and out before getting started. They will have to spend a lot of time planning the process with Sophos. However, Sophos has a team that will help companies do that, which really helps simplify the process.

We personally didn't use them for the integration piece, but we did have the conversation with how to get it deployed, and testing, and all those kind of things within our environment.

I'd rate the solution nine out of ten.

We primarily use the solution for endpoint protection. We use it as an antivirus and for web filtering.

There isn't an easy way to describe how it's helped our company. It's just a good source of protection.

The anti-malware and web filtering are the solutions most valuable aspects.

The solution has the capability to detect and prevent attacks.

The solution isn't quite accurate enough. It provides a lot of false positives.

For example, if you log onto the portal, you'll be able to see the endpoints. You'll see the health status, but when you click on one, you'll find everything right there, even though it might not be clear from the health status overview. The accuracy of the status needs to be better represented.

I've been using the solution for several years.

The stability is pretty good. the only complaint is the operation of the solution.

The solution is only capable of being used on a Linus or Mac. It's limiting.

We don't plan to increase usage at this time. We already use 80% of its capabilities and we don't plan to expand beyond that.

I'd rate the technical support as average. It's not outstanding, however, it's also not the worst we've dealt with.

I'm not sure if another solution was used previously. By the time I was hired, the company was already using Sophos.

The initial setup is pretty straightforward. It's a typical setup. It's just a regular implied agent.

I don't have any information about the cost or how much we pay. I'm not involved in the finance aspect of managing the solution.

Although I don't know the version number, I'm using the most up to date one.

I'd advise organizations considering implementing the solution to first consider their requirements. They need to know what they are looking for. There are a lot of vendors out there that offer many of the same features. However, if there's just one critical feature that's necessary, you need to be sure it will work correctly for your company.

You also need to make sure you are choosing something that is compatible with other solutions that intersect. We've had experiences where we thought that a certain piece of software would work with Sophos and we realized that it didn't.

I'd rate the solution seven out of ten.

We primarily use the solution on our endpoints for end-user security. We are planning to move to their new product, the XG.

The central management of the anti-virus features for our end user is a very valuable aspect of the solutions. 

We find it very good as a product. 

In the future, we're looking forward to having a new synchronization firewall on the endpoint.

The management console need improvement. 

I'd address the deployment side. If we could upgrade the deployment side to hand it off to the end-user, it would make it easier, as our campuses are far apart.

We'd appreciate if the solution could offer us assistance with a later deployment.

I've been using the solution for three or four years.

The stability is good. Everything is working fine at the moment.

The scalability is good. Our subscriptions are around 1500, and we have 600 to 700 users deployed. We don't plan to expand on-premises usage and will be moving to the cloud.

I was in touch with technical support last week, with the Phillippine country manager in Venado. So far, their assistance has been very helpful.

We previously used Trend Micro. We replaced it with Sophos. Trend Micro just didn't work for us. There were issues with the management file.

From our initial reporting, the system wasn't difficult to install. We didn't face any complexity or have any problems.

We need about four people for maintenance and deployment because we have different campuses.

We're looking forward to moving to the cloud and replacing our existing firewall when we move to Sophos XG.

I'd rate the solution eight out of ten.

The use case is that many businesses are trying to make an effort to secure their IT assets more rigorously. Right now, in 2020, and last year, in 2019, a lot of businesses became aware of the incidents that are happening in digital media with security issues. There were many incidents involving ransomware, hacking attempts, botnet — all those things. This made the people more aware and scared about the security of their systems. That is the reason we are selecting products to try and provide the best security endpoints possible for our clients. 

The main reason why we choose the Sophos EPP Suite is because of its capabilities to stop infections from spreading around the internal network once the problems have infiltrated it. For example, one computer gets infected. When that computer attempts to communicate with another computer — one client to another client — Sophos checks the behavior of the computer. It looks at what it is trying to communicate and what resources the computer is using. If it does something that is suspicious, like move an application that may be a virus, Sophos will stop the activity and disconnect the computer from the rest of the network immediately. It does this automatically without an administrator having to do or even be aware of anything. This is the main thing we like about the Sophos product. It is constantly monitoring all points and has the capability to detect and act on intrusions without other intervention.  

The area improvement is something very specific. Windows firewall security allows an exception where the user of a specific device can turn the firewall on or off. We need to configure our Windows firewall security in an active directory via group policy. We do not want to allow the exception or for individual users to be able to make this change. When using Sophos, instead of doing this in an active directory, we have to create a policy on the Sophos portal itself. In the Sophos policy, we can indicate which port is allowed and which port is not allowed for the Windows firewall and how it is handled.  

Previously, we were using ESET smart security which also has a Windows firewall base. We could control each and every link and port for everything. Like for people taking their desktop remotely, we could allow VNC (Virtual Network Computing) remote connections on a specific port only. All other ports are blocked from this type of access. This feature is something only ESET had. I am pretty much sure Sophos does not have this kind of policy available. They should make this adaptation. The rest of the Sophos product and the technology and utility of the suite is beautiful. I believe all network system administrators would be glad to have this feature. 

What I would also like to see added is information about update compatibilities. This should be included in a notification for upgrades from Sophos as to whether there is any reason to update Windows for Endpoint or not. The problem stems from the fact that Microsoft is releasing these updates and the patches for security every month. A lot of those patches have issues and incompatibilities. After Microsoft releases the updates, they sometimes have to release a fix to the update with patches. They usually do this in the next two to three days. It would be helpful if Sophos did the testing of the updates to inform all their clients so we can be sure these updates are OK. Then, in turn, we can inform our clients if updates are compatible with their servers or not.  

We deploy this solution to clients and have only been deploying it for several months after testing at our facilities.  

I do not have any experience regarding technical support for Sophos EPP directly. But to compare that to the technical support from SonicWall, which I researched on the web, the technical support for Sophos is currently just as good. I don't know personally. From what I have read, they responsive and they are quick to give users a solution. They resolve problems in a few seconds or within five minutes or ten minutes and are as fast and as accurate as SonicWall support. Once we engage in the full licenses, then we'll be able to find out for certain how the Sophos people will respond to help me out for any incidents that we have.  

We did not really previously use a particular solution — for ourselves or our clients — that will take care of all the things that the Sophos suite will as a unified product. We are constantly evaluating different products by checking out demos. We have used Sophos products for ourselves and with clients in the past but we still need to activate the Sophos EPP (Endpoint Protection Platform) for ourselves internally with formal licenses. We previously had a license and it is still valid, but we need to upgrade for more users.  

The solution we are using right now with most clients is ESET (Essential Security against Evolving Threats) Endpoint Security. We are going to Sophos Intercept X to replace this. We had also been looking into how Intercept X works with the endpoint firewall including how well they communicate with each other and how that may impact our infrastructure. So I've been very interested in the concept of adopting Sophos. As soon as possible, we will get the licenses. About 250 client machines and 55 for our actual and virtual servers.  

I very much impressed with the Sophos product called Intercept X. It is  a wonderful concept because it is protecting the end-user in a different way. It is working with a proactive model, not just an active model. So now Sophos will be actively protecting us before some problem is acquired by our systems.  

Our current antivirus solution will expire on the 8th of February in 2020. Before that date, we will activate Sophos for our organization backup systems to do further testing. We are currently using a third-party product called Mimecast for email security. We still have one year on the licenses for that. So Mimecast will expire in 2021. Then we will be ready to adopt the Sophos solution that fills this need. We are starting with the Sophos Endpoint solution first, and in July next year, we will check how everything is going with the Endpoint solution and hopefully we will see everything is going well. Then we will move forward adopting additional Sophos products. We will improve like that, one by one, to unify our solutions into the Sophos Suite.

We are currently checking into the actual licensing costs. We are waiting for a quotation for 250 end-users and 55 service licenses. We are hoping for a reduced contract price by directly contacting the Sophos company for the licenses. Because we are in the UAE, they have a lot of connecting partners for Sophos already, so it is hard to say if they need more partners or that they will want to give a significant discount. We still think we hold significant interest for them.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Sophos as a nine.  

Our primary use is the main service and really the name of the product: Endpoint Protection. It's a firewall, it has antivirus protection and we use it for the encryption of our disks. It's also our web protection to keep out browser intrusion or infections.

It has made our infrastructure more secure.

Some of the most valuable things are very simple. I like the ease of deployment. Intercept X has very good ransomware detection and rollback capabilities.

Part of the product that can be improved is the detection of other antivirus software. We had some trouble one time installing the product because there was a third-party antivirus product that we needed to remove before we could install Sophos. That detection in the installer could be better. It can easily be solved but does not have to be a problem in the first place. 

Pricing could be improved because it is a bit expensive. 

It would be nice if there were more capability to configure the notifications. We do get some notifications when a virus is detected or something is wrong, but we get notifications that the machine has to be restarted or other issues that should be handled by different people or different departments. There should be some distinction as to which notification type we want to send to a particular destination. That's something that should definitely be better in an enterprise solution.

The product is very stable. We never experience any downtime.

Sophos EPP is very scalable. We currently have 200 users and there is never a problem with meeting those demands. The product only solves problems and we can always add more users. We hope we have the opportunity to scale up as the company grows. Use depends on the number of our employees. Before we add more, we have to use more.

I really don't know anything about the company support because I didn't need them. I think that says something about the product. I know that contacting the support team would have been an option, but we never had to.

Before we used Sophos as our main solution we used Trend Micro. It was a good product, but after comparison and the vendor offering a discount to switch, we tried Sophos and were very satisfied.

Our initial installation took a couple of months but, looking back, it could have been faster. A little familiarity with the product and better planning would have made the setup quicker.

We did our own installation.

It was nice of the vendor to offer a discount because we were replacing another antivirus solution. This helped us make the decision to change.

There are also additional charges if you want to have the EEPROM Protection (Electrically Erasable Programmable Read-Only Memory) and Endpoint Protection with antivirus. These additions can cost a lot more.

On a scale from one to ten, where one is the worst and ten is the best, I would rate Sophos EPP (EndPoint Protection) Suite as an eight. I think there's always something which could be better, but I might not know what. Really I could give it a nine because I can recommend the product as an excellent solution.

We sell all Sophos products. We are a distributor. So, I only see the business from the partner's perspective.

We sell the entire EPP product range of Sophos.

It's a pretty good product. It's on level with other products in the market.

The integration within Sophos is pretty good. It is acceptable if you talk about integration with other SIEMs or other technologies, but it is EPP.

It's not a very specialized product for the Endpoint. It's interesting if you are a customer, you buy the next-generation firewall, you buy everything from Sophos, and you have a completely integrated view. And then you don't care about the fact that probably there is a specialized product that can do something more.

Sophos needs to have better CNA and better software solutions.

I would also like to see more integration with different platforms. 

I would rate the stability a six out of ten. 

Our customers are mainly medium-sized companies. There is also a mix of some small companies, as we are in Italy and have very few large companies.

The customer service and support are pretty good. Even they're not an Italian company, they now have a very large support for the Italian company. 

Normally, the business partner that chooses to sell it is because they use Sophos, they know Sophos, and it's pretty accessible in terms of the features that the product has. 

Honestly, Sophos is not our gold mine, it's a product just like another.

If I were to recommend any endpoint, it would be Cylance.

From my perspective, it is not the most expensive, it is aligned with the market.

It's not a very specialized product for the Endpoint. It's interesting if you are a customer, you buy the next-generation firewall, you buy everything from Sophos, and you have a completely integrated view. And then you don't care about the fact that probably there is a specialized product that can do something more.

Overall, I would rate it a seven out of ten. It is an acceptable product but probably not the best you can buy in terms of endpoints. It could be very interesting if you have a complete vision of Sophos products, just like Fortinet.

It is acceptable. You have to consider you want to be a general cybersecurity company. 

So, for specific products, you can find someone who could be more aggressive in terms of being aligned to the latest kind of attack or something like that. 

If you consider the generalist vendor in cybersecurity, just like Fortinet, just like Sophos, they are pretty good.