We performed a comparison between Crowdstrike Falcon and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, the two products are very similar. Crowdstrike Falcon comes out ahead in this comparison simply because it is easier to deploy than Sophos Intercept X.
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The most valuable aspect is undoubtedly the exploration capability"
"The most valuable feature is the network security."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The product integrates security into one tool instead of having third-party security tools."
"The integration between all the Defender products is the most valuable feature."
"The summarization of emails is a valuable feature."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"We are now able to find the root cause analysis on any threat. We can figure out where the issue came in versus just dealing with where it is at the moment."
"We like Falcon's network visibility. We can see how threats are evolving on PCS or in the company network. The solution's real-time incident response is very fast."
"It is an easy product to deploy."
"The initial setup was straightforward."
"The most valuable aspects of CrowdStrike Falcon for me are its device observability, identification, and software and OS recognition."
"I like the feature called RTC, the remote time connector."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"The most valuable features are the anti-ransomware engine, deep learning, web filtering, and the cloud manageability."
"The dashboard is user-friendly."
"One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it."
"There are products that are technically stronger. However, this product has everything in one solution, which makes it a strong endpoint option."
"The package we use also comes with spam filtering features, which are quite useful."
"The performance is good."
"I am impressed with the tool's common dashboard feature. The solution is also easy to deploy and manage. Reporting is also easy with the software."
"Everything in Intercept X Endpoints is much centralised which makes it easy for our team to work with. The functions are in a single portal."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"At times, there may be delays in the execution of certain actions and their effects."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"They should provide us with good visibility for everything."
"I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CloudStrike."
"CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR."
"The management reporting functionality needs to be improved."
"An improvement would be to extend support to legacy and unsupported servers."
"I would like CrowdStrike to provide some correlation in the threat analysis, so we can visualize things better."
"CrowdStrike should add support for ransomware protection."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"We would like more application control in order to be able to schedule times and access."
"The technical support is the lone sore-point when dealing with this product."
"There are not any solutions that are a 10 out of 10. A 10 would be perfect protection with no impact on the performance of the device. This is not the case, there is some impact on the performance of the device."
"The performance offered by the product needs improvement."
"I'm not clear on what features need improvement. Everything is mostly fine."
"It would be better if it can automatically generate a report for each and every user so that the users get to know the things that shouldn't be accessed from their PCs. It can have information about malicious and non-malicious sites so users are aware of them, and they don't access malicious websites. Such reports can be generated at the end of the day. We should also be able to get through to their support team quickly. Currently, it takes more than half an hour to get through to a technical person."
"They need to focus on their SLA or technical support. They also need to focus on their UI. They should also improve their content filtering tool and update it so that correct categories are there. Sometimes, when I want to block an online gaming website, it is not shown under the correct category. It is shown under another category. They need to review their content filtering tool on a bi-weekly or monthly basis and update the sites and categories. This will be really helpful for them."
"In terms of the site-to-site VPN elements, they tend to concentrate. It's quite simple when there are Meraki devices at both ends of the VPN but if there is another user at one end, on another device, it can be a bit tricky. So they could really simplify that process a bit."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. CrowdStrike Falcon is rated 8.8, while Intercept X Endpoint is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Fortinet FortiEDR, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete, Fortinet FortiClient and Fortinet FortiEDR. See our CrowdStrike Falcon vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.