Item: Sophos Intercept X
Rating: 7
Author: Verified User

Use Cases and Deployment Scope

Sophos is utilized across the whole organization. It provides the layer of protection needed for endpoints and servers against various forms of viruses and attacks that batter the technology industry. The need for protection of assets is well provided with the Sophos product and its components with little interaction or annoying notifications to users.

Pros and Cons

Alert notifications can be sent directly to email as soon as any suspicious activity or files are discovered.
The endpoint agent is delivered in one installer package, allowing for ease of deployment.
Sophos works with common SIEM products and integrates well, giving visibility of events to security analysts for pattern detection.

Sophos is heavy on resource utilization for scanning and detecting.
Upon installation and use, there are approximately 17 services that are installed and run the product.
Sophos could make it easier on deployment by being able to scan a domain and push the agent out to assets that don't have protection.

Return on Investment

Positive: Sophos has allowed the organization many forms of proof of protection for auditing and compliance.
Positive: Sophos has detected and automatically cleaned suspicious files and blocked malicious activity for several assets.
Negative: End-user feedback of intensive scanning and high CPU/Memory usage by Sophos.

Alternatives Considered

Trend Micro Apex One (formerly OfficeScan)

Trend Micro offered similar protection, however at the time did not offer EDR as a solution. The big benefit to Trend Micro was the capability to push out the installation of the agent to assets within the Trend Micro console, eliminating the need for a GPO or deployment solution. Sophos was chosen as the need for EDR in an evolving industry was a deciding factor.

Support Rating

The customer support for Sophos has not been satisfactory from day one. I have managed the product on my own for over 900 assets, manually fixing over 200 assets where several Sophos services have become corrupted and figuring out fixes on my own for this common issue. The online support always wanted logs from their Diagnostic Utility, but that was not possible as it was corrupted on the asset. I have only had the "dedicated" support rep reach out once in nearly 2 years to see how things were going. This is a great product, however, customer support needs great improvement.

Key Insights

Do you think Sophos Intercept X delivers good value for the price?

Yes

Are you happy with Sophos Intercept X's feature set?

Yes

Did Sophos Intercept X live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Sophos Intercept X go as expected?

Would you buy Sophos Intercept X again?

Other Software Used

Malwarebytes Endpoint Protection

Likelihood to Recommend

Sophos works well in smaller organizations where the number of assets to be protected can be managed. If assets are not higher-end technology/memory, Sophos will "slow down" the asset with its scanning and detecting. There are, however, global settings to "tune" the product and disable scanning from files, folders, and processes that are known to be good. This does greatly alleviate utilization problems.

Quick alerting and automated responses for better security

Overall Satisfaction with Sophos Intercept X