Sophos' cloud offering works well but Secure Boot messes it up
October 02, 2019

Sophos' cloud offering works well but Secure Boot messes it up

Jane Updegraff | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Overall Satisfaction with Sophos Intercept X

Sophos Intercept X is our chosen endpoint security solution for all of our Windows endpoints (Windows and Windows Server) across the entire enterprise. We were already using Sophos before, and we replaced an older Sophos appliance with the cloud-based "Sophos Control" version instead, and we abandoned our on-prem Sophos web appliance.
  • Sophos is a little too good at DLP. But it is indeed very good at not allowing our data to leave our endpoints without strict adherence to policy.
  • Sophos is very good at protecting endpoints against viruses and other malware.
  • Sopho is really good at informing us of what is happening on our endpoints. OOTB reporting is way better than expected.
  • Sophos OOTB policies are very strict and they don't offer anything less strict without you creating new custom policies. I'm sure this is deliberate because the product starts you out in the safest way possible but it means that you will have lots of calls to your tech support desk when you first deploy it unless you do somewhat extensive testing beforehand.
  • Sophos Intercept X is currently broken (at least the DLP component) by having secure boot turned on in the UEFI/BIOS. If any user wants to be able to write data to a USB drive or floppy from their PC (yes we still have a couple users who need to use floppies) we have to turn off secure boot on their PC, even if the DLP policy for that user/PC combination specifies that the user and PC are allowed to write to USB/floppy. This would be a very serious problem if it weren't for the fact that we have very few users who need to write files to USB. For us it's OK but I bet it would be a deal-breaker for others.
  • I don't see a whole lot of evidence that Intercept X is any different than any other anti-virus, so maybe their admin alerts just don't clearly identify when they have identified a zero-day threat or maybe we just haven't had any zero-day threats.
  • This product costs almost exactly the same as it's predecessor that we were using, which was an on-prem Sophos Web Appliance. However, the newly separated "Windows Server" endpoint license is a lot more expensive than the old endpoint device license on the web appliance. So we are now paying about 4x as much for coverage on a Windows Server as we did before we changed to Sophos Intercept X simply because Sophos created a new license (and a different client. It was the same client as PCs before now) that is specific to Windows Servers and we decided to buy a few. I'll admit that the new Server client covers more areas than the PC client so that's how the price is justified.
  • We've had LOTS of evidence that Sophos Intercept X has protected us from all manner of malware, ransomware, viruses and data loss. We would never ever be without it because it's value as an antivirus and anti-malware product is inestimable. We don't have a clue how much time and money we would have lost without it, but as you all know, we MUST have a good antivirus. Sophos Intercept X is just that, a good antivirus.
Sophos Intercept X is a little less expensive than the comparable package from Trend Micro and a little more expensive than a comparable package from Symantec, but in my opinion, it's easier to operate and it's got better centralized controls than both of the others. But the primary reason why I selected Sophos Intercept X this time is because I already had an on-prem Sophos web appliance and they had a nifty scripting tool that migrated all of my endpoints at a given site (we did the migration to the new client on a site-by-site phased plan), literally within minutes, with a click. It was very easy to update the endpoint client using this scripted migration tool. So if you already have an older Sophos client running on your endpoints and you want to upgrade to Sophos Intercept X, holy moly, it's easy. I am now wondering if the other solutions also have problems with secure boot being turned on but I have not asked around.
Sophos Intercept X support has been good but they didn't always give me the answer that I wanted. The product's secure boot limitation surprised us. But the support staff themselves are very good and they thoroughly answered all of my questions on the few occasions that I asked for support.

Do you think Sophos Intercept X delivers good value for the price?

Yes

Are you happy with Sophos Intercept X's feature set?

Yes

Did Sophos Intercept X live up to sales and marketing promises?

Yes

Did implementation of Sophos Intercept X go as expected?

No

Would you buy Sophos Intercept X again?

Yes

It works just as well as any other modern antivirus and it has a really nice web console that I find easy to use. I like the fact that the built-in OOTB stuff that you start with is really secure and pretty much complete right OOTB, so it's easy to get going fast. But I do not like that the sales and implementation staff did not make it clear that end users would no longer be able to write to USB or floppy (even when the operation that they want to do does not violate the DLP policy or the peripheral device policy in Sophos Intercept X) unless we turn off secure boot in the UEFI of each PC. That's something that has to be done manually on each PC and it's a pain. It makes sense that users can't drag data from a network share to a USB to write, that is not a secure operation, and I like that, but users should be able to copy and paste documents (that they own) from a folder on their own local PC to a USB stick without having to have someone from IT change their boot settings in their UEFI/BIOS. It's only doable for us because we have very few people that need to be able to transport files on physical media.

Sophos Intercept X Feature Ratings

Anti-Exploit Technology
9
Endpoint Detection and Response (EDR)
9
Centralized Management
10
Hybrid Deployment Support
8
Infection Remediation
9
Vulnerability Management
7
Malware Detection
9