Sophos' cloud offering works well but Secure Boot messes it up
Overall Satisfaction with Sophos Intercept X
Sophos Intercept X is our chosen endpoint security solution for all of our Windows endpoints (Windows and Windows Server) across the entire enterprise. We were already using Sophos before, and we replaced an older Sophos appliance with the cloud-based "Sophos Control" version instead, and we abandoned our on-prem Sophos web appliance.
Pros
- Sophos is a little too good at DLP. But it is indeed very good at not allowing our data to leave our endpoints without strict adherence to policy.
- Sophos is very good at protecting endpoints against viruses and other malware.
- Sopho is really good at informing us of what is happening on our endpoints. OOTB reporting is way better than expected.
Cons
- Sophos OOTB policies are very strict and they don't offer anything less strict without you creating new custom policies. I'm sure this is deliberate because the product starts you out in the safest way possible but it means that you will have lots of calls to your tech support desk when you first deploy it unless you do somewhat extensive testing beforehand.
- Sophos Intercept X is currently broken (at least the DLP component) by having secure boot turned on in the UEFI/BIOS. If any user wants to be able to write data to a USB drive or floppy from their PC (yes we still have a couple users who need to use floppies) we have to turn off secure boot on their PC, even if the DLP policy for that user/PC combination specifies that the user and PC are allowed to write to USB/floppy. This would be a very serious problem if it weren't for the fact that we have very few users who need to write files to USB. For us it's OK but I bet it would be a deal-breaker for others.
- I don't see a whole lot of evidence that Intercept X is any different than any other anti-virus, so maybe their admin alerts just don't clearly identify when they have identified a zero-day threat or maybe we just haven't had any zero-day threats.
- This product costs almost exactly the same as it's predecessor that we were using, which was an on-prem Sophos Web Appliance. However, the newly separated "Windows Server" endpoint license is a lot more expensive than the old endpoint device license on the web appliance. So we are now paying about 4x as much for coverage on a Windows Server as we did before we changed to Sophos Intercept X simply because Sophos created a new license (and a different client. It was the same client as PCs before now) that is specific to Windows Servers and we decided to buy a few. I'll admit that the new Server client covers more areas than the PC client so that's how the price is justified.
- We've had LOTS of evidence that Sophos Intercept X has protected us from all manner of malware, ransomware, viruses and data loss. We would never ever be without it because it's value as an antivirus and anti-malware product is inestimable. We don't have a clue how much time and money we would have lost without it, but as you all know, we MUST have a good antivirus. Sophos Intercept X is just that, a good antivirus.
Sophos Intercept X is a little less expensive than the comparable package from Trend Micro and a little more expensive than a comparable package from Symantec, but in my opinion, it's easier to operate and it's got better centralized controls than both of the others. But the primary reason why I selected Sophos Intercept X this time is because I already had an on-prem Sophos web appliance and they had a nifty scripting tool that migrated all of my endpoints at a given site (we did the migration to the new client on a site-by-site phased plan), literally within minutes, with a click. It was very easy to update the endpoint client using this scripted migration tool. So if you already have an older Sophos client running on your endpoints and you want to upgrade to Sophos Intercept X, holy moly, it's easy. I am now wondering if the other solutions also have problems with secure boot being turned on but I have not asked around.
Do you think Sophos Intercept X delivers good value for the price?
Yes
Are you happy with Sophos Intercept X's feature set?
Yes
Did Sophos Intercept X live up to sales and marketing promises?
Yes
Did implementation of Sophos Intercept X go as expected?
No
Would you buy Sophos Intercept X again?
Yes
Comments
Please log in to join the conversation