We performed a comparison between Intercept X Endpoint and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"Microsoft 365 Defender is simple to upgrade."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"Its most significant advantage lies in its affordability."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"Offers artificial intelligence, security metrics and a lot of information gathered to make decisions."
"The most valuable features are the anti-ransomware engine, deep learning, web filtering, and the cloud manageability."
"We find the app control and its threat protection to be the best features."
"It is a very scalable solution."
"The solution is easy to install."
"The most valuable feature is that it literally works. We have reduced a lot of complaints after switching to Sophos."
"One reason why I have stuck with Sophos is because it grabs it and deals with it, and if it's known malware, it can quarantine it or delete it."
"The most valuable feature is the supervisory side of it where we can watch the throughputs, and even the loading of the device, to see how much traffic is happening."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"It's stable."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"Its cost-effectiveness is the most valuable aspect."
"The configuration assessment and Pile integrity monitoring features are decent."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Sometimes, configurations take much longer than expected."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"It's a challenge to do system maintenance work on a notebook. You always have to disable Sophos first."
"The tool is not stable on Linux systems."
"If we can lower the price, it will be fantastic because it will generate more revenue for us."
"There should be a report including a flowchart or diagram. It will be useful to evaluate the software’s effectiveness."
"The technical support is the lone sore-point when dealing with this product."
"There are not any solutions that are a 10 out of 10. A 10 would be perfect protection with no impact on the performance of the device. This is not the case, there is some impact on the performance of the device."
"Better protection in the endpoint, server, and mobile is needed."
"As for improvement, more notifications or emails about what to watch out for globally would be nice. For instance, information about the spread of a current phishing campaign or ransomware would be very helpful. I find that I have to dig in the back to find out what is happening on the global scene for things to be aware of."
"It would be great if there could be customization for the decoder portion."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"Some features, like alerting, are complex with Wazuh."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"A lack of certain features creates limitations."
Intercept X Endpoint is ranked 9th in Extended Detection and Response (XDR) with 101 reviews while Wazuh is ranked 4th in Extended Detection and Response (XDR) with 38 reviews. Intercept X Endpoint is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Trend Vision One, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security and AlienVault OSSIM. See our Intercept X Endpoint vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.