We performed a comparison between Cortex XDR by Palo Alto Networks and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Overall, users of Cortex XDR by Palo Alto Networks give the product higher ratings because its deployment is easier, it has a great set of features, it is affordable, and the technical support is helpful.
"The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"Microsoft 365 Defender is a stable solution."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"WildFire AI is the best option for this product."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
"We can visualize and control the activities in the environment from anywhere."
"It integrates well into the environment."
"After that, the client switched to Sophos to get the protection they lacked. It either works or it doesn’t and Sophos works."
"The EDR (Enhanced Data Detection and Response) and the DLP (Data Loss Prevention) components are valuable assets."
"The base product and the anti-malware feature are most valuable."
"What I have found the most valuable about Sophos Intercept X is the ease of use with management administration and the solution's ability to stop exploits and ransomware."
"I have found the most valuable feature to be the EDR."
"I consider the heuristics to be most valuable, the fact that the solution does not work solely on signatures."
"This is really good because it's applicable to zero-day threats."
"There are products that are technically stronger. However, this product has everything in one solution, which makes it a strong endpoint option."
"Intrusion detection and prevention would be great to have with 365 Defender."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"At times, there may be delays in the execution of certain actions and their effects."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The tool gives inconsistent answers and crashes a lot."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"The price should be adjustable by region."
"The playbooks could be improved to include more functionalities or actions."
"The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results."
"We would also like to have advanced tech protection and email scanning."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"It'll help if customization was easier."
"I would like to see some additional features related to email protection included."
"The product's pricing could be better."
"Intercept X needs more reporting and device management features, so I can get messages from PCs that let me know if I need to do something with them."
"I'm not clear on what features need improvement. Everything is mostly fine."
"When I use a proxy, I can bypass Sophos, which is an area that needs improvement."
"When there is an event generated by either the firewall or Intercept X, and the originating IP address is the same, these should be merged into a single event rather than two."
"It's a bit heavy on the computers. So once you install it, the computer slows down. It is a resource-intensive solution."
"The majority of our systems are MacBooks and their solution release cycle is slow to endorsing or support the MacBook's latest OS or hardware platform. For example, when Sophos macOS Big Sur version 11 was released, it took them a while to support this version of OS. A similar situation occurred when the MacBook M1 hardware CPU was released. They have not fully supported the native M1 CPU to this day. They need to speed up the solutions release cycle."
"Sophos Intercept X could improve on its setup process. They could make it easier to have a baseline set up for the system, or at least provide more understanding of what the baseline is when you first install it. This could be a matter of lack of training on my part, but it's difficult to receive training on solutions that are not Cisco. Cisco is the only vendor with classes or courses."
"The number one thing I would like is if their support could be a little faster and it would be a little easier to get a hold of support when you need them."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Intercept X Endpoint is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trend Micro Apex One, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Bitdefender GravityZone EDR. See our Cortex XDR by Palo Alto Networks vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.