We performed a comparison between SentinelOne and Sophos Intercept X based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: SentinelOne comes out on top in this comparison due to its easy setup, high performance, attractive price, and impressive ROI.
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"The dashboard is user-friendly."
"It's a good antivirus software and has a lot of features. It now integrates with their on-premises firewall, which is perfect."
"It is not just a simple virus scanning product. It handles more advanced needs."
"The initial setup is simple."
"Machine learning is used to detect the threat and it does so by prioritizing the suspicious activities."
"The product is user-friendly."
"Intercept X helps with internal alerts, application access, and triggering support teams."
"The solution is easy to install."
"I have found the activity timeline and threat analysis to be particularly useful."
"The external drive scanning is great."
"The solution is easy to set up."
"It seamlessly integrates with other solutions, providing a high level of compatibility and effectiveness."
"They provide a map, a process tree, and that is pretty good for analysis."
"It is easy to collect and retain logs with SentinelOne."
"The most valuable feature of Singularity Complete is the Ranger function."
"SentinelOne gives us visibility into various high-level vulnerabilities on every gateway on the network. It helps us prevent vulnerable devices from being compromised. We primarily use Singularity for its EDR functions. We're happy with that."
"The web filtering solution needs to be improved because currently, it is very simple."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"The management and automation of the cloud apps have room for improvement."
"Advanced attacks could use an improvement."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"I am not very satisfied with the product's reporting overall, and it needs improvement in this area."
"The main real-time scanning takes most of the processing power of my notebook."
"I'm not clear on what features need improvement. Everything is mostly fine."
"The performance is very slow and should be faster."
"They might want to offer an MSP model for licensing, to offer the solution as a software as a service."
"The detection and the AI capabilities should be improved upon."
"I would like to see better support for virtual and desktop infrastructures."
"We are not able to merge the sub-estates. If we create multiple sub-states and there may be instances where a user is in a different sub-state, it may not be possible for us to relocate that user from one sub-state to another through the console. We have to merge them manually which is not ideal."
"Having an additional logic layer could improve the solution, mainly because I run multiple systems with different layers. For example, if I'm running a very important server with this agent, and that server gets infected, I may not necessarily be sure that I want to shut it down right away. Maybe I want to isolate some of the connectivity but not do the entire security remediation automatedly or curtail network access type of activity."
"The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information."
"I would like to see a better mobile app so that I could look through my phone at the alerts and not have to go to the website. They should make it a little more mobile-accessible."
"The setup process could be improved."
"The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do."
"It primarily operates on local machines, monitoring processes, and not always providing detailed insights, relying on external information to determine the nature of a file."
"The application management needs improvements, but I understand that they are working on it. We talked to them a few months ago, and it is something they are trying to get up to speed and fix. This way, we will be able to disable critical apps or vulnerable apps through SentinelOne. We will be able to patch applications or disable applications through the Application Management tab."
"We have had cases where Singularity Complete has caused applications to malfunction."
More SentinelOne Singularity Complete Pricing and Cost Advice →
Intercept X Endpoint is ranked 4th in Endpoint Detection and Response (EDR) with 101 reviews while SentinelOne Singularity Complete is ranked 2nd in Endpoint Detection and Response (EDR) with 177 reviews. Intercept X Endpoint is rated 8.4, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, Fortinet FortiClient and Fortinet FortiEDR, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, Darktrace, CrowdStrike Falcon, ThreatLocker Protect and Kaspersky Endpoint Detection and Response Optimum. See our Intercept X Endpoint vs. SentinelOne Singularity Complete report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Endpoint Protection Platform (EPP) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.