We performed a comparison between Microsoft Defender For Endpoint and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Sophos Intercept X comes out on top. While the Microsoft Defender For Endpoint solution is good, it lacks in certain areas that Sophos Intercept X don’t have to worry about. Overall, users of Sophos Intercept X have mainly positive feedback on the product, agreeing that its set of features is excellent.
"Ability to get forensics details and also memory exfiltration."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Forensics is a valuable feature of Fortinet FortiEDR."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The product detects and blocks threats and is more proactive than firewalls."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The setup is pretty simple."
"The product efficiently prevents data leakages."
"The most valuable features are ease of use and the GUI."
"This solution offers very good performance and it has great features."
"The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are valuable assets."
"It is not just a simple virus scanning product. It handles more advanced needs."
"There are products that are technically stronger. However, this product has everything in one solution, which makes it a strong endpoint option."
"It is a very scalable solution."
"This product integrates well with Sophos firewalls and should be seriously considered by Sophos Firewall clients."
"Microsoft Defender for Endpoint is different from other security tools because we can configure it to use multiple types of scanning or archiving."
"The solution has an easy-to-use interface, is always updated, and is user-friendly."
"It has Kusto Query Language (KQL), so we can use our own queries to find anything."
"Defender's analytics are much better than CrowdStrike's."
"The features I have found most valuable are the ransomware and malware protection. The solution detects malware live and whenever it detects suspicious activity, it quarantines it."
"Auto-remediation: When the product sees malware, it resolves the issue immediately. This protects the machine."
"The solution's threat protection is mostly AI and machine-learning based. That is the most important feature of the product. It also offers centralized management so I can remotely manage devices."
"Provides good security features and you can view it in the central console."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The support needs improvement."
"We'd like to see more one-to-one product presentations for the distribution channels."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"Making the portal mobile friendly would be helpful when I am out of office."
"We would like to deploy across a variety of machines simultaneously through the network."
"I would like to have a built-in firewall, rather than having to integrate one."
"Better protection in the endpoint, server, and mobile is needed."
"I'm not clear on what features need improvement. Everything is mostly fine."
"When I use a proxy, I can bypass Sophos, which is an area that needs improvement."
"We had some initial problems with our deployment, and they were more around uninstalling Sophos Basic and installing Sophos Intercept X. We had some challenges with some of the uninstallation scripts. They can improve the deployment of Sophos Intercept X when there is already an existing Sophos version. They can also provide more information in the form of best practices and lessons learned from previous findings. A knowledge base with this type of information would be helpful."
"There is room for improvement in terms of stability and updates."
"The tool is not stable on Linux systems."
"The documentation could be better. When they update their manuals, sometimes they refer to products by their old names, so it is a little confusing. For example, the documentation might still say "Advanced Threat Protection" instead of Defender for Endpoint."
"There is room to improve the security of the solution."
"Integrating this with third-party systems has some complexity involved."
"Threat intelligence has the potential for improvement, particularly by integrating more sources."
"The frequency of the patching, and the frequency of the updates, are not included with the free version."
"It needs to improve the cybersecurity for lateral movements. For example, when a hacker tries to enter a machine, they try to get the password by doing a lateral movement."
"Notifications are always popping up — I hate that."
"I would like to see integrations with other products, such as Spunk and other CM solutions. That would create possibilities for me, and for a SOC, to consolidate all events in an older console, not one provided by Microsoft but provided by a third party, and use it to create more insights."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. Intercept X Endpoint is rated 8.4, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Intercept X Endpoint is most compared with CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete, Fortinet FortiClient and Seqrite Endpoint Security, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, CrowdStrike Falcon, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Fortinet FortiClient. See our Intercept X Endpoint vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.