We performed a comparison between Cortex XDR by Palo Alto Networks and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Overall, users of Cortex XDR by Palo Alto Networks give the product higher ratings because its deployment is easier, it has a great set of features, it is affordable, and the technical support is helpful.
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"Microsoft 365 Defender is a good solution and easy to use."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"The threat intelligence is excellent."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"The tool's use cases are relevant to security."
"I've found the solution to be highly scalable for enterprises."
"We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"Threat identification and detection are the most valuable features of this solution."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"The most valuable features are ease of use and the GUI."
"One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it."
"The threat analysis center is nice."
"The initial setup is pretty straightforward."
"A valuable feature offered by Sophos is called Naked Security, and it entails the control managed by the firewall on the site regarding the desktop client interfacing with our cloud client."
"Intercept X helps with internal alerts, application access, and triggering support teams."
"There do not seem to be any limitations to the scalability of this product."
"Sophos Intercept X has a host of valuable features, including its anti-malware feature, which we considered key."
"The support team is not competent or responsive."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The tool gives inconsistent answers and crashes a lot."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"Advanced attacks could use an improvement."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"The price should be adjustable by region."
"The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"The licensing model is complex to understand. It requires expertise to explain how the licensing works. You need expertise to guide you through the subscription plan."
"I would like to see them include NDR (Network Detection Response)."
"The solution needs better reports. I think they should let the customer go in and customize the reports."
"In general, the price could be more competitive."
"Stability-wise, we had issues with some clients which had to be dealt with manually. The issue was with that installation part."
"It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first."
"As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of."
"If we can lower the price, it will be fantastic because it will generate more revenue for us."
"We are considering switching from this solution as a result of the closer integration needed between the firewall systems and the EDR."
"I would like to see better support for virtual and desktop infrastructures."
"The solution's pricing could be better."
"The choices offered for the on-premises and cloud-based platforms are the reverse of each other."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Intercept X Endpoint is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trend Micro Apex One, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Bitdefender GravityZone EDR. See our Cortex XDR by Palo Alto Networks vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.