Assistant Manager, Information Technology at Swades Foundation
Reseller
Top 10
Sep 9, 2025
To make Sophos EPP Suite better, some features could be added, but currently, whatever I require is available, and the interface is good. I think there should be templates in place so I do not have to make everything from scratch; having templates for NATing, de-NATing, and LAN to WAN rules would save us time.
I don't think I have any concerns about what should be improved in Sophos EPP Suite right now because it is working quite well. We require a fast response from Sophos, but currently, in the last three to four months, it has become lengthy; the support has become lengthy. Regarding the cost, Sophos EPP Suite is not expensive nor reasonable, but if they provide some reasonable pricing, it would be very good. If I compare Sophos EPP Suite with SecureRight, it is a little bit more expensive.
The Sophos EPP Suite should work on key areas, especially in data management, specifically the data retention part. The data lake storage has certain limits. Users have noted that daily upload limits per device, overall data lake storage capacity tied to licenses, and daily API query limits can be restrictive, which can lead to data not being uploaded or older data being purged.
The automation side of the setup is a pain. I have to run the installers manually. The enterprise integration is very poor, requiring a lot of manual work. I need an on-premises Active Directory that syncs to the cloud to make it work.
The resource usage of the agent should be less intensive on the CPU and RAM. This would make Sophos EPP Suite a better antivirus solution, especially for clients with only the minimum required specifications.
Pre-Sales at Comstar - Information Systems Associates Ltd.
Real User
Top 10
May 7, 2024
Sophos EPP Suite focuses completely on security and lacks managerial features or a management console. Competitors like Kaspersky have management control over endpoints. With Sophos EPP Suite, inventory cannot be checked, and external applications cannot be installed. In the future version, a virtual patching feature can be included.
In terms of improvement, the main challenge is setting up VPN connections. I have tried online resources and even turned to Kubernetes for help, but the primary issue I face is the complexity of creating VPN connections, and I'm seeking ways to make this process easier. Additionally, I have also faced difficulties with web filtering. In future Sophos releases, I would like to see simplified processes. For example, make port forwarding setup take just two or three clicks, streamline web filtering to two or three steps, and ease the separation of PCs from mobile devices within five clicks. The aim is to make these tasks more user-friendly and less time-consuming.
The encryption features are not as good as McAfee's. Sophos can only do the entire encryption of a hard disk, whereas McAfee can do file encryption, too. The product should introduce file encryption features. McAfee provides a key for encryption. We can still decrypt the file using the key if the encryption is not connected to the server. Sophos could provide such features.
The product's resource utilization is a concern, especially regarding memory usage on systems with older specifications such as lower memory and less powerful processors. Installing the product on these systems can lead to slowdowns due to resource consumption. If the product's resource demands can be reduced, it would greatly improve the user experience, especially for end users with less powerful hardware.
Pre-Sales Engineer IT Infrastructures & Cloud at a tech services company with 1-10 employees
Reseller
Jul 10, 2023
There could be an equipment inventory feature for the solution. It will help us make lists of CPUs, memory, and other essential components similar to Kaspersky and a few other vendors.
CTO at a tech consulting company with 51-200 employees
Real User
Apr 7, 2023
We have to use additional third-party solutions to fill the gaps in the capabilities of Sophos EPP Suite, such as using a mobility scanner. It would be helpful to add this feature. The synchronization security should be improved or optimizing the use of the Sophos XGS firewall and endpoints. It's unnecessary to activate both web filters in this scenario. More integrated intelligence added to all of the solutions would beneficial.
The solution could be improved in terms of the performance of the appliances. Sometimes the appliances in the market can be quite large. Additionally, in comparison to other appliances, such as FortiGate, Cisco Firepower, or ASA, it could be improved in terms of package processing or traffic handling.
The solution is expensive and can be improved by lowering the cost. I would like to have the capability to support legacy operating systems because the majority now don't support Windows XP, and Windows 2000. We still have business applications that have vendors using Windows XP.
Program Architect - Service Quality at Afiniti.com
Real User
Sep 30, 2022
Sophos EPP Suite demands significant resources just to operate. For example, it takes up more than 50% of the resources on our laptop to run it. So, even if we buy a laptop i7 and use 50% resources for Sophos, it will cost us more because every computer needs energy. I don't know why or what the exact problem is.
My use case is very, very simple. The solution gives me protection from the latest attacks, and visibility into the cloud. I don't have any integration use cases, so from our enrollment perspective, I would say maybe it could be a little lighter in terms of agent usage so that there is less computer utilization.
Networking and Security Engineer at IE Network Solutions PLC (Ethiopia)
Real User
Sep 8, 2022
One area for improvement in Sophos EPP Suite is the support response time, particularly of the management team. It could be faster because I only got a response from the manager after a few days. If you open a case directly from the website, the response from the technical support agent may have been faster. I didn't open the request from the website, so that could be the reason why the response time took longer.
Sophos EPP Suite could improve the way it can be installed. They used to have one installer and now they have two, one for the server and one for the client. I don't know the difference, it brings confusion.
IT-Systemingenieur at a educational organization with 5,001-10,000 employees
Real User
Mar 31, 2022
This signature-based malware prevention method is a little out of date. We are currently attempting to migrate to a newer, cloud-based solution in which we not only use signature-based antivirus scanning but also EDR with processes and similar tools to better recognize potential attacks, which is what the actual version cannot do. It has not been developed in the last few years. There are also issues with the compatibility of the OS. When using Sophos with Windows and devices, most of them work well, but as soon as we work with macOS and Linux, many issues arise that we do not want to have. macOS is incompatible.
In my country, having an on-premises deployment model is preferred. In this part of the world, on-premises is still the way many companies want to go. Therefore, they should supply some sort of option that allows for that reality.
Chief Executive Officer at a consultancy with 1-10 employees
Real User
Oct 1, 2020
We use cloud services quite a bit. Therefore, I would like to see integration with other security tools besides endpoint so that I'm not managing different tools separately. I would prefer to have a single security solution for my laptop and for managing other security things like passwords.
Sophos Certified Technician at a tech services company with 51-200 employees
Real User
Sep 17, 2020
The one challenge of this product is the lack of support. I know they are busy but the response time should be quicker. Even if they had someone to just pick the call up and then generate the cases, that would be an improvement. It could be like Cyberoam where they have one dedicated person who receives the calls and generates the case for the customer and then the engineer responds. With Sophos you can wait on the phone for two to three hours before you get anybody from the technical support team. It's a real challenge. For endpoint, if they could add the start and stop scanning or abort scanning button to the endpoints, that would be an improvement. Sometimes what happens is that the scan is being used but my system is slow and I have to do some urgent work, but I'm not able to pause the scan. I have to forcefully restart it or try something else. The inclusion of a feature like that would be helpful for end users.
Director at a non-tech company with 11-50 employees
Real User
Sep 10, 2020
Technical support needs to be improved. In the future, I would like to see better third-party integration so that it can work in conjunction with our ticket system.
Manager of Information Security at a healthcare company with 1,001-5,000 employees
Real User
Jul 22, 2020
I'm not sure if the solution is missing anything. For us, it seems to be covering our needs quite well. The solution has a strange technical support process where you need to move through all of these tiers before you can get to someone who can help you. They should streamline the process and make it easier to speak to the correct level of support from the outset. SentinelOne has what they call a rollback feature. It would be great if something similar was added to Sophos.
Information Security Manager at KIK Custom Products
Real User
Jun 25, 2020
The solution isn't quite accurate enough. It provides a lot of false positives. For example, if you log onto the portal, you'll be able to see the endpoints. You'll see the health status, but when you click on one, you'll find everything right there, even though it might not be clear from the health status overview. The accuracy of the status needs to be better represented.
In the future, we're looking forward to having a new synchronization firewall on the endpoint. The management console need improvement. I'd address the deployment side. If we could upgrade the deployment side to hand it off to the end-user, it would make it easier, as our campuses are far apart. We'd appreciate if the solution could offer us assistance with a later deployment.
Network & Endpoint Security Consultant at a tech company with 1-10 employees
Consultant
Jan 16, 2020
The support could be improved. The response times are slow. Most of my clients are comfortable with the product and how it operates, but I'm sure there could be improvements that could be made. The solution needs to move from small businesses to large enterprises so they can compete with the 40 gig Check Point. They need to build a product for that environment.
The area improvement is something very specific. Windows firewall security allows an exception where the user of a specific device can turn the firewall on or off. We need to configure our Windows firewall security in an active directory via group policy. We do not want to allow the exception or for individual users to be able to make this change. When using Sophos, instead of doing this in an active directory, we have to create a policy on the Sophos portal itself. In the Sophos policy, we can indicate which port is allowed and which port is not allowed for the Windows firewall and how it is handled. Previously, we were using ESET smart security which also has a Windows firewall base. We could control each and every link and port for everything. Like for people taking their desktop remotely, we could allow VNC (Virtual Network Computing) remote connections on a specific port only. All other ports are blocked from this type of access. This feature is something only ESET had. I am pretty much sure Sophos does not have this kind of policy available. They should make this adaptation. The rest of the Sophos product and the technology and utility of the suite is beautiful. I believe all network system administrators would be glad to have this feature. What I would also like to see added is information about update compatibilities. This should be included in a notification for upgrades from Sophos as to whether there is any reason to update Windows for Endpoint or not. The problem stems from the fact that Microsoft is releasing these updates and the patches for security every month. A lot of those patches have issues and incompatibilities. After Microsoft releases the updates, they sometimes have to release a fix to the update with patches. They usually do this in the next two to three days. It would be helpful if Sophos did the testing of the updates to inform all their clients so we can be sure these updates are OK. Then, in turn, we can inform our clients if updates are compatible with their servers or not.
ICT Director at a university with 201-500 employees
Real User
Dec 15, 2019
The solution is a challenge in terms of setting up the rules and managing them. Since the solution runs silently, you do not know whether the antivirus database has been updated or not. I'm not so sure whether I'm even using an updated antivirus database or if it even scanning every time that I insert a flash disk. I just need that scan and I need to know it's happening. I'm not getting that. Even if it does a scan, I don't know if hazards have been dealt with. For example, did it clean the disk after it scanned it? In other products, it's much more clear. There needs to be some sort of report that lets you know if it's running if it found something, and what it did with it, etc. We're concerned the Sophos partners may not necessarily have the right skill sets to deploy the solution in a way that meets our expectations. The solution is not easy to use in comparison to other endpoint security solutions.
I would like to have more logging features to help more deeply analyze traffic. This would provide us with more control over the products, incidents, issues, and so on. It would be helpful to have more control of the devices attached to the desktop, giving us better visibility and manageability. This would help us to prevent Traversal attacks, where the user can plug in external USB devices, for example.
They should consider giving the devices for free when they are charging for licensing. In the next release, I would like to see the phishing attached included in the firewall. Normally getting junk mail and phishing in emails is a problem for us. We are protected with other solutions but we would like to see it in the is one.
General Manager at a tech services company with 11-50 employees
Reseller
Oct 2, 2019
Deployment and central management need to be improved. In the next release, the solution should add anti-spam. They should add a plugin and or a browser plugin for security.
If you are not an IT expert, the solution is difficult to use. So it needs to be simpler for a non-IT person so that when you have an issue, you can you know that the solution is just a click away. Except for the more advanced things. So in terms of usage, the management tools, monitoring, and dashboard should be easier to use.
Part of the product that can be improved is the detection of other antivirus software. We had some trouble one time installing the product because there was a third-party antivirus product that we needed to remove before we could install Sophos. That detection in the installer could be better. It can easily be solved but does not have to be a problem in the first place. Pricing could be improved because it is a bit expensive. It would be nice if there were more capability to configure the notifications. We do get some notifications when a virus is detected or something is wrong, but we get notifications that the machine has to be restarted or other issues that should be handled by different people or different departments. There should be some distinction as to which notification type we want to send to a particular destination. That's something that should definitely be better in an enterprise solution.
Protect every user and every device from malware, spam, data loss and more with our Enduser Protection bundles. Only Sophos delivers best-of-breed endpoint, mobile, encryption, email and web security solutions licensed per user and backed by the best support in the industry.
To make Sophos EPP Suite better, some features could be added, but currently, whatever I require is available, and the interface is good. I think there should be templates in place so I do not have to make everything from scratch; having templates for NATing, de-NATing, and LAN to WAN rules would save us time.
I don't think I have any concerns about what should be improved in Sophos EPP Suite right now because it is working quite well. We require a fast response from Sophos, but currently, in the last three to four months, it has become lengthy; the support has become lengthy. Regarding the cost, Sophos EPP Suite is not expensive nor reasonable, but if they provide some reasonable pricing, it would be very good. If I compare Sophos EPP Suite with SecureRight, it is a little bit more expensive.
The Sophos EPP Suite should work on key areas, especially in data management, specifically the data retention part. The data lake storage has certain limits. Users have noted that daily upload limits per device, overall data lake storage capacity tied to licenses, and daily API query limits can be restrictive, which can lead to data not being uploaded or older data being purged.
The automation side of the setup is a pain. I have to run the installers manually. The enterprise integration is very poor, requiring a lot of manual work. I need an on-premises Active Directory that syncs to the cloud to make it work.
Pricing is a consideration for us; for the Indian market, it is slightly expensive.
The resource usage of the agent should be less intensive on the CPU and RAM. This would make Sophos EPP Suite a better antivirus solution, especially for clients with only the minimum required specifications.
Sophos EPP Suite focuses completely on security and lacks managerial features or a management console. Competitors like Kaspersky have management control over endpoints. With Sophos EPP Suite, inventory cannot be checked, and external applications cannot be installed. In the future version, a virtual patching feature can be included.
The solution’s performance could be improved for the end-users.
There could be more integration included in Sophos EPP Suite.
There has been an increase of about 7-10% in recent months. That's why we face issues with customers who have been using it since 2017.
The user interface is not responsive.
In terms of improvement, the main challenge is setting up VPN connections. I have tried online resources and even turned to Kubernetes for help, but the primary issue I face is the complexity of creating VPN connections, and I'm seeking ways to make this process easier. Additionally, I have also faced difficulties with web filtering. In future Sophos releases, I would like to see simplified processes. For example, make port forwarding setup take just two or three clicks, streamline web filtering to two or three steps, and ease the separation of PCs from mobile devices within five clicks. The aim is to make these tasks more user-friendly and less time-consuming.
The encryption features are not as good as McAfee's. Sophos can only do the entire encryption of a hard disk, whereas McAfee can do file encryption, too. The product should introduce file encryption features. McAfee provides a key for encryption. We can still decrypt the file using the key if the encryption is not connected to the server. Sophos could provide such features.
Sophos EPP Suite's support services need improvement. They take a long time to reply to queries every time.
The product's resource utilization is a concern, especially regarding memory usage on systems with older specifications such as lower memory and less powerful processors. Installing the product on these systems can lead to slowdowns due to resource consumption. If the product's resource demands can be reduced, it would greatly improve the user experience, especially for end users with less powerful hardware.
There could be an equipment inventory feature for the solution. It will help us make lists of CPUs, memory, and other essential components similar to Kaspersky and a few other vendors.
The product must consolidate all the consoles. The product should improve support and provide more scalable clustering.
The solution could be more stable.
We have to use additional third-party solutions to fill the gaps in the capabilities of Sophos EPP Suite, such as using a mobility scanner. It would be helpful to add this feature. The synchronization security should be improved or optimizing the use of the Sophos XGS firewall and endpoints. It's unnecessary to activate both web filters in this scenario. More integrated intelligence added to all of the solutions would beneficial.
The solution could improve in configuration and the central logging and dashboard.
The solution could be improved in terms of the performance of the appliances. Sometimes the appliances in the market can be quite large. Additionally, in comparison to other appliances, such as FortiGate, Cisco Firepower, or ASA, it could be improved in terms of package processing or traffic handling.
The solution is expensive and can be improved by lowering the cost. I would like to have the capability to support legacy operating systems because the majority now don't support Windows XP, and Windows 2000. We still have business applications that have vendors using Windows XP.
Sophos EPP Suite demands significant resources just to operate. For example, it takes up more than 50% of the resources on our laptop to run it. So, even if we buy a laptop i7 and use 50% resources for Sophos, it will cost us more because every computer needs energy. I don't know why or what the exact problem is.
My use case is very, very simple. The solution gives me protection from the latest attacks, and visibility into the cloud. I don't have any integration use cases, so from our enrollment perspective, I would say maybe it could be a little lighter in terms of agent usage so that there is less computer utilization.
One area for improvement in Sophos EPP Suite is the support response time, particularly of the management team. It could be faster because I only got a response from the manager after a few days. If you open a case directly from the website, the response from the technical support agent may have been faster. I didn't open the request from the website, so that could be the reason why the response time took longer.
Sophos EPP Suite could improve by decreasing the number of resources it uses. There are other solutions that use one-fifth of the resources.
Sophos EPP Suite could improve the way it can be installed. They used to have one installer and now they have two, one for the server and one for the client. I don't know the difference, it brings confusion.
This signature-based malware prevention method is a little out of date. We are currently attempting to migrate to a newer, cloud-based solution in which we not only use signature-based antivirus scanning but also EDR with processes and similar tools to better recognize potential attacks, which is what the actual version cannot do. It has not been developed in the last few years. There are also issues with the compatibility of the OS. When using Sophos with Windows and devices, most of them work well, but as soon as we work with macOS and Linux, many issues arise that we do not want to have. macOS is incompatible.
There are no missing features. We're fine with its capabilities. It would be ideal if the price could be lowered a little bit.
The solution could improve on the resource management, it is a bit heavy on the resources.
Additional security is always good; it would be helpful if the technical support could be improved.
Sophos is lacking in the granularity of optimization, so having more control would be better.
In my country, having an on-premises deployment model is preferred. In this part of the world, on-premises is still the way many companies want to go. Therefore, they should supply some sort of option that allows for that reality.
We use cloud services quite a bit. Therefore, I would like to see integration with other security tools besides endpoint so that I'm not managing different tools separately. I would prefer to have a single security solution for my laptop and for managing other security things like passwords.
The one challenge of this product is the lack of support. I know they are busy but the response time should be quicker. Even if they had someone to just pick the call up and then generate the cases, that would be an improvement. It could be like Cyberoam where they have one dedicated person who receives the calls and generates the case for the customer and then the engineer responds. With Sophos you can wait on the phone for two to three hours before you get anybody from the technical support team. It's a real challenge. For endpoint, if they could add the start and stop scanning or abort scanning button to the endpoints, that would be an improvement. Sometimes what happens is that the scan is being used but my system is slow and I have to do some urgent work, but I'm not able to pause the scan. I have to forcefully restart it or try something else. The inclusion of a feature like that would be helpful for end users.
Technical support needs to be improved. In the future, I would like to see better third-party integration so that it can work in conjunction with our ticket system.
If we could bypass the first couple of levels of support when we have a problem then it would be easier and quicker when we need an issue resolved.
I'm not sure if the solution is missing anything. For us, it seems to be covering our needs quite well. The solution has a strange technical support process where you need to move through all of these tiers before you can get to someone who can help you. They should streamline the process and make it easier to speak to the correct level of support from the outset. SentinelOne has what they call a rollback feature. It would be great if something similar was added to Sophos.
The solution isn't quite accurate enough. It provides a lot of false positives. For example, if you log onto the portal, you'll be able to see the endpoints. You'll see the health status, but when you click on one, you'll find everything right there, even though it might not be clear from the health status overview. The accuracy of the status needs to be better represented.
In the future, we're looking forward to having a new synchronization firewall on the endpoint. The management console need improvement. I'd address the deployment side. If we could upgrade the deployment side to hand it off to the end-user, it would make it easier, as our campuses are far apart. We'd appreciate if the solution could offer us assistance with a later deployment.
The support could be improved. The response times are slow. Most of my clients are comfortable with the product and how it operates, but I'm sure there could be improvements that could be made. The solution needs to move from small businesses to large enterprises so they can compete with the 40 gig Check Point. They need to build a product for that environment.
The area improvement is something very specific. Windows firewall security allows an exception where the user of a specific device can turn the firewall on or off. We need to configure our Windows firewall security in an active directory via group policy. We do not want to allow the exception or for individual users to be able to make this change. When using Sophos, instead of doing this in an active directory, we have to create a policy on the Sophos portal itself. In the Sophos policy, we can indicate which port is allowed and which port is not allowed for the Windows firewall and how it is handled. Previously, we were using ESET smart security which also has a Windows firewall base. We could control each and every link and port for everything. Like for people taking their desktop remotely, we could allow VNC (Virtual Network Computing) remote connections on a specific port only. All other ports are blocked from this type of access. This feature is something only ESET had. I am pretty much sure Sophos does not have this kind of policy available. They should make this adaptation. The rest of the Sophos product and the technology and utility of the suite is beautiful. I believe all network system administrators would be glad to have this feature. What I would also like to see added is information about update compatibilities. This should be included in a notification for upgrades from Sophos as to whether there is any reason to update Windows for Endpoint or not. The problem stems from the fact that Microsoft is releasing these updates and the patches for security every month. A lot of those patches have issues and incompatibilities. After Microsoft releases the updates, they sometimes have to release a fix to the update with patches. They usually do this in the next two to three days. It would be helpful if Sophos did the testing of the updates to inform all their clients so we can be sure these updates are OK. Then, in turn, we can inform our clients if updates are compatible with their servers or not.
The solution is a challenge in terms of setting up the rules and managing them. Since the solution runs silently, you do not know whether the antivirus database has been updated or not. I'm not so sure whether I'm even using an updated antivirus database or if it even scanning every time that I insert a flash disk. I just need that scan and I need to know it's happening. I'm not getting that. Even if it does a scan, I don't know if hazards have been dealt with. For example, did it clean the disk after it scanned it? In other products, it's much more clear. There needs to be some sort of report that lets you know if it's running if it found something, and what it did with it, etc. We're concerned the Sophos partners may not necessarily have the right skill sets to deploy the solution in a way that meets our expectations. The solution is not easy to use in comparison to other endpoint security solutions.
I would like to have more logging features to help more deeply analyze traffic. This would provide us with more control over the products, incidents, issues, and so on. It would be helpful to have more control of the devices attached to the desktop, giving us better visibility and manageability. This would help us to prevent Traversal attacks, where the user can plug in external USB devices, for example.
They should consider giving the devices for free when they are charging for licensing. In the next release, I would like to see the phishing attached included in the firewall. Normally getting junk mail and phishing in emails is a problem for us. We are protected with other solutions but we would like to see it in the is one.
Deployment and central management need to be improved. In the next release, the solution should add anti-spam. They should add a plugin and or a browser plugin for security.
If you are not an IT expert, the solution is difficult to use. So it needs to be simpler for a non-IT person so that when you have an issue, you can you know that the solution is just a click away. Except for the more advanced things. So in terms of usage, the management tools, monitoring, and dashboard should be easier to use.
Part of the product that can be improved is the detection of other antivirus software. We had some trouble one time installing the product because there was a third-party antivirus product that we needed to remove before we could install Sophos. That detection in the installer could be better. It can easily be solved but does not have to be a problem in the first place. Pricing could be improved because it is a bit expensive. It would be nice if there were more capability to configure the notifications. We do get some notifications when a virus is detected or something is wrong, but we get notifications that the machine has to be restarted or other issues that should be handled by different people or different departments. There should be some distinction as to which notification type we want to send to a particular destination. That's something that should definitely be better in an enterprise solution.
Sometimes there are issues with the antivirus backlogs.