What is our primary use case?
We were recently the target of a ransomware attack and we used this product to clean it from our environment. Our in-place endpoint protection is just signature-based and it was not able to identify which device had passed the malware.
I am in charge of monitoring at this time.
How has it helped my organization?
Once we installed Intercept X, it was able to detect and remove malware that could not be found by the simple endpoint security solution.
What is most valuable?
The most valuable feature is the behavioral, non-signature-based threat detection.
We like Sophos Central, where you have access to a security console. It provides you with information such as recommendations on what to do next. Using this, we were able to trace the affected devices, which were then cleaned. If new alerts are given then we know which devices are still affected and we can take the appropriate action.
Sophos Central also shows us which alerts have not yet been attended to, which is nice.
What needs improvement?
Sophos Central does not provide all of the information that is available, so it requires us to take the additional step of retrieving details from the firewall. It would be more productive if the information between Sophos products were automatically correlated and updated in Sophos Central.
When there is an event generated by either the firewall or Intercept X, and the originating IP address is the same, these should be merged into a single event rather than two. Automatically correlating these events would save us time.
For how long have I used the solution?
We began using Sophos Intercept X a few days ago.
What do I think about the stability of the solution?
We use Intercept X on a daily basis and it is quite stable.
What do I think about the scalability of the solution?
My impression is that this product is scalable.
We have only deployed Intercept X at one hospital, which has about 300 people that it protects. We have approximately six hospitals for which we are recommending its use.
How are customer service and technical support?
We have only dealt with the sales team in the Philippines. Our concerns were commercial in nature, for the most part, rather than technical.
Which solution did I use previously and why did I switch?
Prior to Intercept X, we were using the signature-based endpoint protection by Sophos. Our license was just recently up for renewal and we are in the process of upgrading to Intercept X.
In my previous company, we were using Cisco AMP. The beauty of Sophos Intercept X is that it does both signature-based on behavioral threat protection in one agent. With some other solutions, you have to install a different product for each approach.
How was the initial setup?
The initial setup is very simple. We were able to install it in a few minutes and then it automatically begins detection. Completing the initial scan involves rebooting the computer a couple of times, so it takes a little while to complete and clean out the malware if it is there.
What about the implementation team?
The interface is very user-friendly and we were able to deploy and operate it ourselves.
Our company does not have 24/7 monitoring, so we are now looking at a managed SOC that we can subscribe to. Ideally, this type of service will give recommendations, above simply alerting us to problems.
What's my experience with pricing, setup cost, and licensing?
We were able to eliminate the ransomware using the one-month, full-featured trial license. Our intention now is to upgrade our systems to the full product. We were given a corporate rate.
Our licensing includes local support for each of our offices, nationwide. This something that we like.
What other advice do I have?
Overall, this is a good product that seems to address our concerns and I can recommend it.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?