We performed a comparison between Crowdstrike Falcon and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, the two products are very similar. Crowdstrike Falcon comes out ahead in this comparison simply because it is easier to deploy than Sophos Intercept X.
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"The threat intelligence is excellent."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints."
"CrowdStrike Falcon's most valuable feature is the fact that it's not getting in the way of our workforce and their workflow."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution."
"It is an easy product to deploy."
"I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
"I like the overall reports of this solution. They are crisp, and to the point."
"The automatic alert feature is the most important feature of the solution."
"The Managed Detection and Response service provided by Intercept X Endpoint is highly valuable. With a team of 600-700 individuals monitoring systems, they swiftly respond to attacks, either informing us to isolate or directly removing threats. This full MDR service is especially recommended for sectors like finance, where data security is critical. The deep learning technology within Intercept X Endpoint enhances our security posture by analyzing behaviors and algorithms to differentiate between legitimate users and threats, effectively preventing attacks on our network infrastructure."
"The package we use also comes with spam filtering features, which are quite useful."
"I consider the heuristics to be most valuable, the fact that the solution does not work solely on signatures."
"It provides a feature for scanning and analyzing endpoints, which is a value-add for our infrastructure. With the advancements in the Advanced Persistent Threats (APTs), Sophos Intercept X analyzes an APT and the behavior of the endpoints. It then gives us a detailed dashboard with more information about the endpoints and their security and risk level. While deploying Sophos Intercept X, we identified a lot of vulnerability and risky endpoints that our previous solution didn't cover, which proved that this solution is the best."
"I am impressed with the tool's common dashboard feature. The solution is also easy to deploy and manage. Reporting is also easy with the software."
"It is easy to interact with, and its cost is also good."
"The pricing is fair. It's not too costly for our small organization."
"We have found the pricing to be reasonable."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"I've found that CrowdStrike's technical support could benefit from increased technical expertise."
"In the six months that I have been using CrowdStrike, it has not been able to detect anything."
"I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it."
"I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization."
"The management reporting functionality needs to be improved."
"I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CloudStrike."
"CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization."
"We'd like to see more integration capabilities."
"The solution's pricing could be better."
"In my opinion, there have been significant developments in the product. In my opinion, I don’t have any suggestions as of now, however I can suggest a cost deduction which will be beneficial for all the parties. It will also relieve our budget and benefit our team."
"We've had difficulty with uninstalling the solution. When we try to uninstall an old version of the basic Sophos Antivirus, it doesn't seem to uninstall completely."
"They need to focus on their SLA or technical support. They also need to focus on their UI. They should also improve their content filtering tool and update it so that correct categories are there. Sometimes, when I want to block an online gaming website, it is not shown under the correct category. It is shown under another category. They need to review their content filtering tool on a bi-weekly or monthly basis and update the sites and categories. This will be really helpful for them."
"I have not done it, but integrating it with authenticating the users on the Windows system looks a bit complicated to me. It could be because I don't understand it."
"It's a bit heavy on the computers. So once you install it, the computer slows down. It is a resource-intensive solution."
"The performance offered by the product needs improvement."
"The product’s DDoS and AI features must be improved."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. CrowdStrike Falcon is rated 8.8, while Intercept X Endpoint is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trellix Endpoint Security, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete, Fortinet FortiClient and Bitdefender GravityZone EDR. See our CrowdStrike Falcon vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.