We performed a comparison between Cortex XDR by Palo Alto Networks and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Overall, users of Cortex XDR by Palo Alto Networks give the product higher ratings because its deployment is easier, it has a great set of features, it is affordable, and the technical support is helpful.
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The summarization of emails is a valuable feature."
"Microsoft 365 Defender is simple to upgrade."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The threat intelligence is excellent."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
"The initial setup is pretty easy."
"The stability of this product is very good."
"Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
"It'll not slow down your system when compared to others."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"The most valuable feature of Intercept X its ability to stay ahead of the infection. By the time the ransomware spreads to the next machine in line, the data has already been encrypted on that workstation. It didn't matter what the ransomware did because could go in and get it back."
"It is a very scalable solution."
"I find the security heartbeat feature with synchronized security very useful. It's a very nice feature that allows you to basically switch off an endpoint. When an endpoint has got a virus or something like that, or it's infected or compromised, you can isolate it from the network, but only if you've got an XG Firewall as well. It also provides ease of use. It is the only antivirus that can recognize 25 out of the 36 ransomware and virus techniques that have been often used in terms of the behavior base using heuristics. It's beautiful, utterly amazing. No other antivirus can do that."
"There are products that are technically stronger. However, this product has everything in one solution, which makes it a strong endpoint option."
"The patches on offer are very helpful."
"Technical support is responsive and adept."
"The most valuable feature of the solution is that it is less hash-based than competitors."
"The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this."
"The price should be adjustable by region."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"Sometimes, configurations take much longer than expected."
"At times, there may be delays in the execution of certain actions and their effects."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The mobile app support for Android and iOS is difficult and needs improvement."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"If they had pulse rate detection, it would be better."
"It'll help if customization was easier."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"The playbooks could be improved to include more functionalities or actions."
"The Data Loss Prevention module can be better. It should also have threat hunting capabilities."
"It could be a bit easier to implement."
"I am not very satisfied with the product's reporting overall, and it needs improvement in this area."
"It would be a value-add if they can include integration with other technologies or solutions, like Fortinet, Blue Coat, etc."
"Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."
"Should include additional integration."
"We had some initial problems with our deployment, and they were more around uninstalling Sophos Basic and installing Sophos Intercept X. We had some challenges with some of the uninstallation scripts. They can improve the deployment of Sophos Intercept X when there is already an existing Sophos version. They can also provide more information in the form of best practices and lessons learned from previous findings. A knowledge base with this type of information would be helpful."
"They should work on the logs and events. Sophos Intercept X needs to increase the interface test so that it can export to a live event."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Intercept X Endpoint is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trellix Endpoint Security, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Bitdefender GravityZone EDR. See our Cortex XDR by Palo Alto Networks vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.