Sophos Intercept X Review

Great reporting and good training with a pretty straightforward setup

What is our primary use case?

We primarily use the solution for malware protection.

How has it helped my organization?

Without a doubt, this product has helped our organization. We've been deploying Sophos Firewall for probably 15 years now. We haven't had a lot of trouble, and prior to using the Sophos product, we were using a lot of Symantec products and occasionally some others. We have not had a lot of problems with infections. By that I mean, if we had three attacks over the 15 years I'd be kind of surprised, That's usually due to the fact that somebody was doing something stupid. Otherwise, we've been very well protected. Basically, if a lot of people are looking maliciously at any of our clients, they aren't getting very far.

What is most valuable?

The reporting is pretty good up on the Sophos side. We can see if anything's going on, at least from Sophos' perspective. 

The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer. 

Occasionally, we do get noticed, however, we don't always get noticed, and I sometimes wonder is that just due to the fact that our client computers are tough to get at? We also deploy the Sophos Firewall on client sites, and it's relatively difficult for a bad guy to get in there.

We've been happy with it and we've been happy with the training that Sophos has. They keep us up to date on any changes that the solution has.

What needs improvement?

I don't know how many infections this protected us from. It might be nice to have a view of what has come at us. You're blocking certain types of traffic. It's not malware per se. You would get a message for this, however, you never really know if this was really a bad guy or just some 16-year-old who knows computers.

There's always room for improvement in pricing. 

From a corporate perspective and from a customer perspective, switching is very difficult to do. It's not an easy task. 

The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them.

I would like to see a templated selection of items that ought to be implemented, that right out of the gate, you can just turn on. This is what we recommend for standard workstations that are running under normal circumstances. It's not that you can't have a template in there. You can create your own template and stuff like that, however, they haven't yet spent a whole lot of time figuring out if you're in the, I don't know, medical business and you need HIPAA and you need this and that, these are all the standard things you ought to deploy. It would be ideal if you could just flip the switch, and it turns them all on.

Also, after you've turned this stuff on in mass like that, you sometimes don't immediately know what the problem is if they all of a sudden can't talk to vendor X. Like in banking, they get a lot of offsite services. You should be able to say "Okay, so I blocked them somehow with one of these things. I don't know which one it is, Help me find it so I don't have to turn everything off." Otherwise, I've got to turn off the whole thing and switch them on one by one, which is time-consuming.

For how long have I used the solution?

I've been dealing with the solution for a year and a half. The company has been deploying Sophos for 15 years or so.

What do I think about the stability of the solution?

Thinking back on it, we only ran into maybe one bug in the whole time we've used the product. One time, when we upgraded Windows, it wasn't compliant and I remembered that my business partner told me that he had to go to Sophos for help. They quickly resolved the problem.

We've had very few issues. A company should not fear installing it. It's pretty reliable.

What do I think about the scalability of the solution?

Our clients are all small businesses generally. The solution seems to be quite easy to scale in the market that we serve, which would be up to a hundred or so users. We haven't had any problems, however, I haven't deployed it for 10,000 users -which would be a totally different thing. Therefore, while it scales well for small businesses, I can't speak to how it would scale at an enterprise-level.

We do work with a university, and we do some work with a couple of different school districts in the San Diego area. We do some consulting for all three of those. If they asked us to recommend a product, we do recommend a product like this and we help people out with that sort of thing.

How are customer service and technical support?

Technical support could be faster. We can't really get a hold of them when we need to. They really need to improve their services.

Issues get resolved quick enough. However, there are just issues that cause a lot of unnecessary back and forth. For example, we had a client for who we had installed a temporary license for Intercept X, and then subsequent to that, when we tried to put on the real license, bought it, paid for it, got the key, tried to plug it in, that worked fine. However, all of a sudden it started telling us it was having problems with the temporary license, which was supposed to have been replaced. That was a back and forth. It really took us about two weeks to get that resolved with them. Not a huge problem, not causing alarms that people were getting in, that shouldn't get in, however, I kind of thought somebody would get back to me in a day or two. It didn't take them two weeks to get back to me, but there was a fair amount of back and forth about how to resolve this.

I would say that the quality of the support when you talk to them is very good. I would rate that a nine out of ten. That said, the lack of availability at times of support is concerning, particularly if we were to have an ongoing hack. Sophos now offers a service where they will jump in there for quite a large fee and mitigate everything quickly. However, when you already have bought a product that's supposed to be doing that same job, it seems strange they would charge you again to actually do the job.

Having talked to some of those guys on the tech side, they are extreme. Those guys on that side are super knowledgeable and they can jump in there quickly and check a lot of things way faster than I could ever do it, simply due to the fact that they're so much more familiar with the product and with the way that attacks run.

I don't see them every day so, even though I go to training and I watch it on the training and so forth, it's not something that I fiddle with all the time. I simply don't need to, which is great. It keeps me a step removed from it.

Which solution did I use previously and why did I switch?

We previously used Symantec among other products.

Symantec has changed a lot over the last 10 years. They used to be a totally different company. We were not only concerned about the product and the quality of the product and the availability of support and all of these sorts of things at first. However, they were also beginning to fall behind in terms of their technical capabilities on their product, and then we also already had a relationship with Sophos because of the firewalls, so it was a natural transition away from Symantec.

We were deploying the UTMs or what they call the SG line, and they've subsequently come out with the XG line, and if you have their cloud-based management solution, you can manage the XG line of firewalls with Intercept X, and they can look at each other's data and make decisions, AI kinds of decisions, or just scripted decisions, based on what the other is finding. It's much more advanced.

How was the initial setup?

The initial setup isn't too difficult. Once you learn it, it's pretty straightforward.

There is a learning curve, and if you haven't learned it, and I would assume this is the same with anybody's product, then you're not really sure what options you want to enable and not enable and so forth. If you turn on too much stuff, let's put it that way, your end user's computer ends up running slowly. You have to be smart about what you're doing.

What's my experience with pricing, setup cost, and licensing?

It doesn't have every function that's out there in the universe. However, it's really quite good and it's a reasonable value for the money compared to some of the alternatives that I've seen. However, I'm not super familiar with the alternatives. I know their names, I kind of know what they do, I read the reviews on your site and others, and we're always looking at it, however, I haven't really studied them.

What other advice do I have?

We're Sophos partners and resellers.

We always deploy the latest version of the solution. We deploy the Intercept X Advanced with EDR.

All the management is done through the cloud. Then there's a client piece you put on, on-premises. We do the management through the cloud and we put the client piece on the premises.

I like a lot of the things that Sophos is doing. They didn't have one this year, however, they have an annual conference, and one of the things they had done, this was right before they got bought by this other company, is they had hired a lot of really top talent. These guys, when I was at the conference for a few days, just listening to them talk, you're mesmerized with how sharp and bright these guys are and what they're adding into the program. Not to say that others aren't getting some of this stuff too, however, it was really impressive. You felt like they had it together. You trust that by sticking with these guys, you're absolutely going to have minimal, to no issues at all.

I'd recommend the solution. It's a really good product. I realized that there are other good products out there and it's not that other companies shouldn't take a look at other products. However, it works, it does what it's supposed to do, and, once you learn it, it's easy to manage and the link to the firewall is really good and a great idea. It's smart to implement a single plan across people's networks. It just makes a lot of sense.

Overall, I would rate the solution nine out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
More Sophos Intercept X reviews from users
Learn what your peers think about Sophos Intercept X. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,372 professionals have used our research since 2012.
Add a Comment
ITCS user