We performed a comparison between Crowdstrike Falcon and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, the two products are very similar. Crowdstrike Falcon comes out ahead in this comparison simply because it is easier to deploy than Sophos Intercept X.
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The comprehensiveness of Microsoft's threat detection is good."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"Microsoft 365 Defender is simple to upgrade."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The integration with other Microsoft solutions is the most valuable feature."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."
"CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
"I like the feature called RTC, the remote time connector."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
"CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools."
"There's almost no maintenance required. It's very low if there's any at all."
"The most effective features of Intercept X Endpoint for threat prevention are ransomware protection, miscellaneous behavior detection, and network threat protection."
"The most valuable features are ease of use and the GUI."
"The most valuable feature is the supervisory side of it where we can watch the throughputs, and even the loading of the device, to see how much traffic is happening."
"It's quite simple to use and user friendly."
"It is a practically maintenance free intelligent system that independently protects environments from malicious attacks."
"It is a very scalable solution."
"The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this."
"The most valuable feature of Intercept X its ability to stay ahead of the infection. By the time the ransomware spreads to the next machine in line, the data has already been encrypted on that workstation. It didn't matter what the ransomware did because could go in and get it back."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"There could be a way to proactively monitor unusual activity ."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"The management and automation of the cloud apps have room for improvement."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"They offered a white glove service that was extremely costly. When we got into it, we saw it was relatively easy. If I was being nitpicky, I'd say that I don't like being sold something that's unnecessary. That's the only downside I've seen to the solution."
"Forensic controls have room for improvement."
"The technical support team often just replies to an issue with a link to an article rather than actually calling back and talking to someone and making sure the problem is solved. To me, that's kind of weak."
"There are some areas where some customers would prefer a different service."
"The performance could be better."
"They should provide us with good visibility for everything."
"Unfortunately, native applications are not supported."
"I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool."
"The customer service and support could be improved in regards to response time. It could be faster."
"Mobile device management is a challenging area, and it can be improved. Some areas in the DLP solution can also be improved. It has the DLP capability, but it is not an all-out DLP program. I would like to see them improve the DLP solution in terms of reporting and possibly network monitoring. Currently, they only do the reporting parts of it."
"Technical support can be improved. There could be shared support, i.e. where someone in Egypt can respond."
"Sophos Intercept X doesn't have its own firewall that utilizes the Windows Firewall or intrusion prevention."
"The solution is expensive, and it could be made cheaper."
"They don't have the full stack of offerings as compared to the other competitive products that we see."
"They might want to offer an MSP model for licensing, to offer the solution as a software as a service."
"The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. CrowdStrike Falcon is rated 8.8, while Intercept X Endpoint is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete, Fortinet FortiClient and Fortinet FortiEDR. See our CrowdStrike Falcon vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.