We performed a comparison between Crowdstrike Falcon and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, the two products are very similar. Crowdstrike Falcon comes out ahead in this comparison simply because it is easier to deploy than Sophos Intercept X.
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"Microsoft Defender XDR is scalable."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"Its most significant advantage lies in its affordability."
"The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"The solution can scale easily."
"I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
"The most valuable aspects of CrowdStrike Falcon for me are its device observability, identification, and software and OS recognition."
"It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
"The solution offers great stability."
"The stability is good; we haven't experienced any glitches or bugs."
"The updates and a lot of the day-to-day fiddling that you would have to do with it, can all be done from the cloud so it's easy to manage, and very easy to administer."
"There are products that are technically stronger. However, this product has everything in one solution, which makes it a strong endpoint option."
"We find the app control and its threat protection to be the best features."
"One of the best features of Sophos Intercept is that it repairs without slowing down the system."
"The product efficiently prevents data leakages."
"The threat analysis center is nice."
"All of the features are very important for anyone who is supporting a large number of computers."
"The most valuable features of Intercept X are server lockdown, auto-remediation, and encryption monitoring."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"The licensing is a nightmare and has room for improvement."
"The management and automation of the cloud apps have room for improvement."
"The data recovery and backup could be improved."
"The web filtering solution needs to be improved because currently, it is very simple."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"It is cloud-based, and this does make some weary of the data being held on the cloud. Privacy requirements must be taken into account."
"As the company has grown, the technical support has felt less personal."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"Falcon could include more integrative features."
"The performance could be better."
"Crowdstrike Falcon XDR can improve the integration. There are some locks on the cloud to on-premise integrations."
"CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."
"Through Sophos Central I would like to see the ability to zero in and produce a report about the challenges being faced by a particular machine and user, to know if a virus is appearing only on that specific machine or also on others."
"The product’s DDoS and AI features must be improved."
"From the management side, we receive detailed information. Sophos has many features, such as Threat Hunting but that comes with the XDR version of the solution. There's Sophos Intercept X and then there's Sophos Intercept X with XDR technology. We bought the XDR and then now the MTR, Managed Threat Response version available too. They have different packages for clients which gives them different options to pick from. If Sophos could combine more features into one package it would be beneficial."
"The initial setup can be a bit challenging."
"When we load Intercept X, it puts a load on the device. When it is scanning, it slows down the device. A system with basic specifications completely slows down till the scan is complete. They should improve this part."
"Technical support can be improved. There could be shared support, i.e. where someone in Egypt can respond."
"The integration has room for improvement, especially with Mac OS."
"This solution is not in the high ratings on many of the top review sites. This solution has to be near the top for me to continue using it."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. CrowdStrike Falcon is rated 8.8, while Intercept X Endpoint is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trellix Endpoint Security, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete, Fortinet FortiClient and Bitdefender GravityZone EDR. See our CrowdStrike Falcon vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.