We performed a comparison between Crowdstrike Falcon and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, the two products are very similar. Crowdstrike Falcon comes out ahead in this comparison simply because it is easier to deploy than Sophos Intercept X.
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"The solution offers great stability."
"The most valuable aspects of CrowdStrike Falcon for me are its device observability, identification, and software and OS recognition."
"The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate."
"Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"It's very easy to set up."
"I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
"The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions."
"Sophos Intercept X is a very effective solution and its being cloud-based is a benefit. Wherever my users are, I can apply policies to them. In the era of mobility, when users are out of the office or they're in different locations, it doesn't matter."
"The most valuable features of Intercept X are server lockdown, auto-remediation, and encryption monitoring."
"Sophos Intercept X is a complete endpoint solution."
"Since it's cloud-managed, the solution is easy to administer, especially if the person using it is in a different geophysical location."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The most valuable features are ease of use and the GUI."
"The forensics within the solution are quite good. The ransomware mitigation is also impressive."
"The Managed Detection and Response service provided by Intercept X Endpoint is highly valuable. With a team of 600-700 individuals monitoring systems, they swiftly respond to attacks, either informing us to isolate or directly removing threats. This full MDR service is especially recommended for sectors like finance, where data security is critical. The deep learning technology within Intercept X Endpoint enhances our security posture by analyzing behaviors and algorithms to differentiate between legitimate users and threats, effectively preventing attacks on our network infrastructure."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Advanced attacks could use an improvement."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"I have worked with their technical support on several problems that were never fully resolved."
"The Integration with tools, SOC tools, could be better."
"CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."
"Forensic controls have room for improvement."
"CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition."
"I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization."
"Crowdstrike Falcon XDR can improve the integration. There are some locks on the cloud to on-premise integrations."
"Too many false positives."
"They should keep doing what they're doing. Both of them have entered the EDR/MDR space, and they're keeping up with their competitors. I have a hard time understanding why their capabilities aren't garnering more attention."
"There is some issue with the reporting and refreshing information on resources that have been eliminated."
"They need to focus on their SLA or technical support. They also need to focus on their UI. They should also improve their content filtering tool and update it so that correct categories are there. Sometimes, when I want to block an online gaming website, it is not shown under the correct category. It is shown under another category. They need to review their content filtering tool on a bi-weekly or monthly basis and update the sites and categories. This will be really helpful for them."
"This product does not handle USB drives well."
"The cloud management console could be a little more user-friendly."
"It would be beneficial if you could expand support for Windows 7 and Windows Server 2008 without charging an additional fee."
"The integration has room for improvement, especially with Mac OS."
"The EDR could be improved, and perhaps the User Interface."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. CrowdStrike Falcon is rated 8.8, while Intercept X Endpoint is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete, Fortinet FortiClient and Fortinet FortiEDR. See our CrowdStrike Falcon vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.