Sophos EPP Suite Reviews

I use this solution to protect my endpoints from malware, ransomware, and viruses. My company also implements this solution for some of our customers. 

The web control and the application control are two good features. 

My use case is very, very simple. The solution gives me protection from the latest attacks, and visibility into the cloud. I don't have any integration use cases, so from our enrollment perspective, I would say maybe it could be a little lighter in terms of agent usage so that there is less computer utilization.

I started using this solution recently, about four or five months ago. 

It's a stable product. So far, I haven't had any issues from an endpoint perspective with it blocking something that I'm trying to use, or anything of that sort. 

Around 10 people are using this solution in my company. It's definitely scalable. I know people who are using it for over 500,000 users.

I don't plan to increase its capacity because my number of users won't be increasing much, so I would rather look at moving from endpoint protection to VDR. Then I would have the basic protection, and on top of that I would get the Zero-day endpoint protection and advanced protection for user-less attacks.

If we require any support for integration, performance, or product-related issues, we reach out to technical support. We have been surprised that they have continued to improve their services in terms of response time and everything else.

I would rate the support as a five out of five. 

I used McAfee before I switched to this solution. I wanted to use this product to get our team used to it since we give it to our customers. Our renewal for McAfee came up, and I started looking for something we could install and manage centrally because previously, we were working with single-user legacies and standalone endpoints. I wanted something that was corporate-friendly and manageable.

The setup was very straightforward. First, you need to have an account, and then you just install the agents, and communication between the cloud and the agents happens.

I'm the technical person, so I did the implementation. It took me about a day. I would rate the setup as a four out of five because there is always room for improvement. 

Since it is a cloud product, updates happen automatically. The only thing is that from time to time, an update happens, and the agent does not automatically restart, so it requires a restart.

If you compare this to other solutions from a pricing perspective, the enterprise version of Sophos turns out to be cost-effective. For example, if you currently have endpoint protection from Felix, Sophos would be comparatively cost-effective. In terms of the difference, I would say around 15% to 20%. I would rate the pricing as a four out of five. 

My advice to those considering this solution would be to look for compatibility with the operating system. If you have a heterogeneous environment like Linux or Aqua, make sure they're compatible in terms of version support and everything. Nowadays, endpoint protection is quite mature for almost all of the ends, so the only thing you need to look at is the compatibility. Otherwise, it's simple because most of the time the server management is the most difficult thing, but it's all taken care of in the cloud version, so you don't have to do anything. You just install the license and push the policies on the central server. 

I would rate this solution as a nine out of ten. 

I am using Sophos EPP Suite for protecting the endpoint.

Sophos EPP Suite's most valuable feature is ease of use.

The solution could improve on the resource management, it is a bit heavy on the resources.

I have been using Sophos EPP Suite for approximately two years.

Sophos EPP Suite is stable.

I have found the solution to be scalable.

We have approximately 20 people using the solution in my organization.

The technical support should try to understand the customer inquiry better. There are times we have already explained the issue to the support and they still ask us to try something that we have already tried.

We previously used Windows Defender.

The installation is straightforward and takes approximately five minutes for one endpoint.

We did the implementation ourselves with a team of three. We have five managers, a technical team, and one admin involved with the solution.

We are on an annual license to use the solution.

I rate Sophos EPP Suite a nine out of ten.

We use EPP Suite for a lot of things including DLP, EDR, device management, and application control.

The most valuable feature is data loss prevention.

The rollback feature that SentinelOne has would be a great addition to Sophos.

If we could bypass the first couple of levels of support when we have a problem then it would be easier and quicker when we need an issue resolved.

I have been using the Sophos EPP Suite for about six months.

This product has been very stable and we haven't had any issues.

We have been scaling its use to other parts of the organization and so far, that experience has gone fairly well. We have about 700 people using it at this point. The users include administrations, first-level users, who are reviewers, and the support team. The security team uses it for reporting purposes.

Technical support is very responsive and also very timely in their responses. It does take time to get through the first, second, and third-level calls, but for the most part, they are timely.

This is our first EDR product.

The initial setup is very simple.

Our in-house team deployed it. We did have a conversation with Sophos on how to get it deployed and testing it in our environment.

We purchased a three-year license, which gave us a large discount.

I have seen CarbonBlack and McAfee, although I have not worked with them enough to know the differences.

My advice for anybody who is implementing EPP Suite is to work with their integration team to learn the ins and outs of the product. They have got to spend a lot of time planning the process with Sophos, and Sophos has a team in place to help with that.

Overall, I would say that it is a good endpoint solution. I think that we're using every feature that they have. That said, I'm sure that there are some things that I'm missing.

I would rate this solution a nine out of ten.

We use the Sophos suite for a lot of things. We use it for the DLP and we can use it for the EDR. We use it for mobile device management and in application control as well. Those are some of the main uses of the application.

The solution's most valuable aspect, for us, is the DLP portion of the product. 

It's just a good endpoint solution. I can't say that it's better or worse than any other product, however, it has a pretty good feature set. There are good rules, etc.

That application, so far, is actually able to tell us if there are any issues with the machine and what they are.

I'm not sure if the solution is missing anything. For us, it seems to be covering our needs quite well.

The solution has a strange technical support process where you need to move through all of these tiers before you can get to someone who can help you. They should streamline the process and make it easier to speak to the correct level of support from the outset.

SentinelOne has what they call a rollback feature. It would be great if something similar was added to Sophos.

We've been using the solution for the past six months.

We've only been using the solution for six months. That said, it appears to be stable. We haven't had any issues. There aren't bugs and glitches, at least, not that I've experienced. It doesn't crash. It's been good.

So far, we've been able to scale the solution quite well. In terms of where we are right now, it's scaling quite well to other parts of the organization, and the experience has been pretty painless so far.

We've probably got about 700 to 800 people on it so far. We have administrators, and then first-level users, which I guess are just reviewers or support, and then support teams. That's probably about it. The security team, which is what I'm a part of, too, has access to the solution for reporting purposes.

We've been in touch with technical support.

They're very responsive and very timely in their responses. We find them to be quite knowledgeable as well. That said, you hate everything with the first level call and the second level call and the third level call. However, for the most part, they're very timely.

This is our first EDR solution, I probably don't have much to compare it to.

The initial setup was not complex at all. It was a straightforward implementation. Everything was very simple.

We handled the implementation ourselves completely in-house. We didn't hire any integrators or outside consultants.

I'm not sure of what our licensing costs are. There are two and three-year packages available. I know we took a three-year package with a large discount applied to it. I'm not sure if there are different tiers, like silver or platinum. There might be. I don't know what the differences would be between them if there are.

I've seen other solutions such as SentinalOne, Carbon Black, and McAfee. I've seen them, however, to be truthful, I can't really explain what I'm missing and what features these options offer instead.

We're just a Sophos customer. We don't have a special relationship with the client.

We're using the latest version of the solution.

In terms of adopting this technology, I'd advise other organizations to work with their integration team and know the products in and out before getting started. They will have to spend a lot of time planning the process with Sophos. However, Sophos has a team that will help companies do that, which really helps simplify the process.

We personally didn't use them for the integration piece, but we did have the conversation with how to get it deployed, and testing, and all those kind of things within our environment.

I'd rate the solution nine out of ten.

We primarily use the solution for endpoint protection. We use it as an antivirus and for web filtering.

There isn't an easy way to describe how it's helped our company. It's just a good source of protection.

The anti-malware and web filtering are the solutions most valuable aspects.

The solution has the capability to detect and prevent attacks.

The solution isn't quite accurate enough. It provides a lot of false positives.

For example, if you log onto the portal, you'll be able to see the endpoints. You'll see the health status, but when you click on one, you'll find everything right there, even though it might not be clear from the health status overview. The accuracy of the status needs to be better represented.

I've been using the solution for several years.

The stability is pretty good. the only complaint is the operation of the solution.

The solution is only capable of being used on a Linus or Mac. It's limiting.

We don't plan to increase usage at this time. We already use 80% of its capabilities and we don't plan to expand beyond that.

I'd rate the technical support as average. It's not outstanding, however, it's also not the worst we've dealt with.

I'm not sure if another solution was used previously. By the time I was hired, the company was already using Sophos.

The initial setup is pretty straightforward. It's a typical setup. It's just a regular implied agent.

I don't have any information about the cost or how much we pay. I'm not involved in the finance aspect of managing the solution.

Although I don't know the version number, I'm using the most up to date one.

I'd advise organizations considering implementing the solution to first consider their requirements. They need to know what they are looking for. There are a lot of vendors out there that offer many of the same features. However, if there's just one critical feature that's necessary, you need to be sure it will work correctly for your company.

You also need to make sure you are choosing something that is compatible with other solutions that intersect. We've had experiences where we thought that a certain piece of software would work with Sophos and we realized that it didn't.

I'd rate the solution seven out of ten.

We primarily use the solution on our endpoints for end-user security. We are planning to move to their new product, the XG.

The central management of the anti-virus features for our end user is a very valuable aspect of the solutions. 

We find it very good as a product. 

In the future, we're looking forward to having a new synchronization firewall on the endpoint.

The management console need improvement. 

I'd address the deployment side. If we could upgrade the deployment side to hand it off to the end-user, it would make it easier, as our campuses are far apart.

We'd appreciate if the solution could offer us assistance with a later deployment.

I've been using the solution for three or four years.

The stability is good. Everything is working fine at the moment.

The scalability is good. Our subscriptions are around 1500, and we have 600 to 700 users deployed. We don't plan to expand on-premises usage and will be moving to the cloud.

I was in touch with technical support last week, with the Phillippine country manager in Venado. So far, their assistance has been very helpful.

We previously used Trend Micro. We replaced it with Sophos. Trend Micro just didn't work for us. There were issues with the management file.

From our initial reporting, the system wasn't difficult to install. We didn't face any complexity or have any problems.

We need about four people for maintenance and deployment because we have different campuses.

We're looking forward to moving to the cloud and replacing our existing firewall when we move to Sophos XG.

I'd rate the solution eight out of ten.

The use case is that many businesses are trying to make an effort to secure their IT assets more rigorously. Right now, in 2020, and last year, in 2019, a lot of businesses became aware of the incidents that are happening in digital media with security issues. There were many incidents involving ransomware, hacking attempts, botnet — all those things. This made the people more aware and scared about the security of their systems. That is the reason we are selecting products to try and provide the best security endpoints possible for our clients. 

The main reason why we choose the Sophos EPP Suite is because of its capabilities to stop infections from spreading around the internal network once the problems have infiltrated it. For example, one computer gets infected. When that computer attempts to communicate with another computer — one client to another client — Sophos checks the behavior of the computer. It looks at what it is trying to communicate and what resources the computer is using. If it does something that is suspicious, like move an application that may be a virus, Sophos will stop the activity and disconnect the computer from the rest of the network immediately. It does this automatically without an administrator having to do or even be aware of anything. This is the main thing we like about the Sophos product. It is constantly monitoring all points and has the capability to detect and act on intrusions without other intervention.  

The area improvement is something very specific. Windows firewall security allows an exception where the user of a specific device can turn the firewall on or off. We need to configure our Windows firewall security in an active directory via group policy. We do not want to allow the exception or for individual users to be able to make this change. When using Sophos, instead of doing this in an active directory, we have to create a policy on the Sophos portal itself. In the Sophos policy, we can indicate which port is allowed and which port is not allowed for the Windows firewall and how it is handled.  

Previously, we were using ESET smart security which also has a Windows firewall base. We could control each and every link and port for everything. Like for people taking their desktop remotely, we could allow VNC (Virtual Network Computing) remote connections on a specific port only. All other ports are blocked from this type of access. This feature is something only ESET had. I am pretty much sure Sophos does not have this kind of policy available. They should make this adaptation. The rest of the Sophos product and the technology and utility of the suite is beautiful. I believe all network system administrators would be glad to have this feature. 

What I would also like to see added is information about update compatibilities. This should be included in a notification for upgrades from Sophos as to whether there is any reason to update Windows for Endpoint or not. The problem stems from the fact that Microsoft is releasing these updates and the patches for security every month. A lot of those patches have issues and incompatibilities. After Microsoft releases the updates, they sometimes have to release a fix to the update with patches. They usually do this in the next two to three days. It would be helpful if Sophos did the testing of the updates to inform all their clients so we can be sure these updates are OK. Then, in turn, we can inform our clients if updates are compatible with their servers or not.  

We deploy this solution to clients and have only been deploying it for several months after testing at our facilities.  

I do not have any experience regarding technical support for Sophos EPP directly. But to compare that to the technical support from SonicWall, which I researched on the web, the technical support for Sophos is currently just as good. I don't know personally. From what I have read, they responsive and they are quick to give users a solution. They resolve problems in a few seconds or within five minutes or ten minutes and are as fast and as accurate as SonicWall support. Once we engage in the full licenses, then we'll be able to find out for certain how the Sophos people will respond to help me out for any incidents that we have.  

We did not really previously use a particular solution — for ourselves or our clients — that will take care of all the things that the Sophos suite will as a unified product. We are constantly evaluating different products by checking out demos. We have used Sophos products for ourselves and with clients in the past but we still need to activate the Sophos EPP (Endpoint Protection Platform) for ourselves internally with formal licenses. We previously had a license and it is still valid, but we need to upgrade for more users.  

The solution we are using right now with most clients is ESET (Essential Security against Evolving Threats) Endpoint Security. We are going to Sophos Intercept X to replace this. We had also been looking into how Intercept X works with the endpoint firewall including how well they communicate with each other and how that may impact our infrastructure. So I've been very interested in the concept of adopting Sophos. As soon as possible, we will get the licenses. About 250 client machines and 55 for our actual and virtual servers.  

I very much impressed with the Sophos product called Intercept X. It is  a wonderful concept because it is protecting the end-user in a different way. It is working with a proactive model, not just an active model. So now Sophos will be actively protecting us before some problem is acquired by our systems.  

Our current antivirus solution will expire on the 8th of February in 2020. Before that date, we will activate Sophos for our organization backup systems to do further testing. We are currently using a third-party product called Mimecast for email security. We still have one year on the licenses for that. So Mimecast will expire in 2021. Then we will be ready to adopt the Sophos solution that fills this need. We are starting with the Sophos Endpoint solution first, and in July next year, we will check how everything is going with the Endpoint solution and hopefully we will see everything is going well. Then we will move forward adopting additional Sophos products. We will improve like that, one by one, to unify our solutions into the Sophos Suite.

We are currently checking into the actual licensing costs. We are waiting for a quotation for 250 end-users and 55 service licenses. We are hoping for a reduced contract price by directly contacting the Sophos company for the licenses. Because we are in the UAE, they have a lot of connecting partners for Sophos already, so it is hard to say if they need more partners or that they will want to give a significant discount. We still think we hold significant interest for them.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Sophos as a nine.  

Our customers mainly use the Sophos Endpoint Protection Suite for an all-rounded solution, including simple DLP, next-generation firewall, antivirus, EDR, and rollback capabilities for ransomware.

Sophos EPP Suite provides effective threat detection by identifying suspicious behavior and terminating malicious processes. It also offers rollback capabilities for ransomware, which is not available in some other antivirus solutions.

The AI and EDR features are the most effective for threat detection and security. The behavioral-based AI can recognize suspicious activities and terminate malicious processes. The rollback capability for ransomware is also a valuable feature.

The resource usage of the agent should be less intensive on the CPU and RAM. This would make Sophos EPP Suite a better antivirus solution, especially for clients with only the minimum required specifications.

I have been working with Sophos Endpoint Protection Suite for over two years.

I rate the stability of Sophos Endpoint Protection Suite as a seven. It can be resource-intensive, consuming significant CPU and RAM, which can affect performance.

I have not faced any scalability issues. Even if the number of licenses exceeds the limit, Sophos EPP Suite still provides coverage for all endpoints.

For tech support, I rate it between seven and eight. It might take some time to get a response, however, the support is considered good.

Neutral

Previously, I worked with McAfee, an on-premise solution where the agent could be pushed directly from the antivirus server.

Setting up Sophos EPP Suite is relatively easy, and I would rate it as a nine out of ten. The deployment process for one PC takes about 30 to 40 minutes, considering the time needed to download signatures and files from the cloud.

The response time of Sophos EPP Suite is effective if the customer has their security operation center (SOC). Proper alerts are generated and can be analyzed by security operation engineers.

Sophos EPP Suite is relatively expensive. If I were to rate the cost, it would be an eight out of ten.

I have evaluated other vendors. That said, currently, I only have experience working with Sophos EPP Suite.

The protection offered by Sophos EPP Suite is versatile. It can detect hidden Trojans before they execute and protect vulnerable versions of Windows from exploitation.

I'd rate the solution nine out of ten.