We performed a comparison between Cortex XDR by Palo Alto Networks and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Overall, users of Cortex XDR by Palo Alto Networks give the product higher ratings because its deployment is easier, it has a great set of features, it is affordable, and the technical support is helpful.
"The product integrates security into one tool instead of having third-party security tools."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The integration with other Microsoft solutions is the most valuable feature."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"Microsoft Defender XDR is scalable."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
"The tool's use cases are relevant to security."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"Cortex XDR's most valuable feature is its intelligence-based dashboards."
"They did what they said. This solution could apply to any scenario."
"The interface is easy to use and it is more up to date than our previous solution."
"The dashboard is user-friendly."
"The most valuable feature is the anti-ransomware capability. It's been helpful because we have been seeing a lot of information around what the ransomware hit."
"The initial setup is simple."
"We find all features valuable. It has zero-day protection, which is the most valuable feature of Intercept X. We have Intercept X with EDR. EDR is a very important feature. It gives an idea about the source of a particular attack. An administrator gets to know everything, which helps in understanding the things that need to be done or protected in the organization. Based on this information, an administrator can decide what needs to open or allowed in the network. Without EDR, Intercept X is like an antivirus, and the administrator won't get to know the things going on at the organizational level. I recommend purchasing an EDR solution for every organization."
"The thing that I like about it is the synchronized security. You can tie endpoint protection and firewalls and a whole range of other services and products. You can get your servers taken in under this."
"Everything in Intercept X Endpoints is much centralised which makes it easy for our team to work with. The functions are in a single portal."
"This solution is easy to configure."
"Intercept X helps with internal alerts, application access, and triggering support teams."
"The web filtering solution needs to be improved because currently, it is very simple."
"The price should be adjustable by region."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"Stability could be improved by avoiding frequent changes to the interface."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"The product's pricing could be better."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"The solution needs better reports. I think they should let the customer go in and customize the reports."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"The solution should offer more dashboards and they should be better customized."
"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."
"It would be better if it can automatically generate a report for each and every user so that the users get to know the things that shouldn't be accessed from their PCs. It can have information about malicious and non-malicious sites so users are aware of them, and they don't access malicious websites. Such reports can be generated at the end of the day. We should also be able to get through to their support team quickly. Currently, it takes more than half an hour to get through to a technical person."
"I would like the solution to have more functions and to be more user-friendly."
"Through Sophos Central I would like to see the ability to zero in and produce a report about the challenges being faced by a particular machine and user, to know if a virus is appearing only on that specific machine or also on others."
"The problem is that if you have a lot of different components going on, each managed under a different umbrella, then you're going to be spending a lot of time hopping back and forth between the different components to see, "Well, I got hit here. What did my firewall see? I got hit in the firewall, the firewall says it allowed that attack in, did it land on anything to compromise any of my endpoints?""
"I recommend that Intercept X Endpoint should include a patch assessment feature. Various vendors offer virtual patching solutions, which could be a game-changer, especially for the financial sector where frequent service restarts are challenging. These solutions allow patching servers without the need for restarts. Incorporating these features into Intercept X Endpoint would enhance its effectiveness in securing endpoints and servers."
"When there is an event generated by either the firewall or Intercept X, and the originating IP address is the same, these should be merged into a single event rather than two."
"Mobile device management is a challenging area, and it can be improved. Some areas in the DLP solution can also be improved. It has the DLP capability, but it is not an all-out DLP program. I would like to see them improve the DLP solution in terms of reporting and possibly network monitoring. Currently, they only do the reporting parts of it."
"Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Intercept X Endpoint is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trellix Endpoint Security, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Bitdefender GravityZone EDR. See our Cortex XDR by Palo Alto Networks vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.