We performed a comparison between Crowdstrike Falcon and Sophos Intercept X based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, the two products are very similar. Crowdstrike Falcon comes out ahead in this comparison simply because it is easier to deploy than Sophos Intercept X.
"The integration between all the Defender products is the most valuable feature."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"It's given me a level of confidence that my network is secure."
"Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down."
"It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints."
"Its integration capability is valuable. It integrates easily with any OS."
"I like the detection rates of mobile threats."
"We haven't had any infections or down time."
"The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed."
"It is a very scalable solution."
"The most valuable feature of Intercept X its ability to stay ahead of the infection. By the time the ransomware spreads to the next machine in line, the data has already been encrypted on that workstation. It didn't matter what the ransomware did because could go in and get it back."
"Synchronization with the firewall is most valuable."
"Offers artificial intelligence, security metrics and a lot of information gathered to make decisions."
"We find all features valuable. It has zero-day protection, which is the most valuable feature of Intercept X. We have Intercept X with EDR. EDR is a very important feature. It gives an idea about the source of a particular attack. An administrator gets to know everything, which helps in understanding the things that need to be done or protected in the organization. Based on this information, an administrator can decide what needs to open or allowed in the network. Without EDR, Intercept X is like an antivirus, and the administrator won't get to know the things going on at the organizational level. I recommend purchasing an EDR solution for every organization."
"The patches on offer are very helpful."
"One of the best use cases involves synchronized security staff, which allows us to manage both the firewall and the anti-virus features from the cloud."
"It is not just a simple virus scanning product. It handles more advanced needs."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"Whenever there is a feature release (upgrade) where we push to all the endpoints, it causes something to be blocked without us knowing."
"To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features."
"The pricing is a bit too high."
"I would like to see a more accurate integration and an option to check the local machine."
"Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply."
"We would like more application control in order to be able to schedule times and access."
"It consumes a lot of resources, and something needs to be done for that."
"They should keep doing what they're doing. Both of them have entered the EDR/MDR space, and they're keeping up with their competitors. I have a hard time understanding why their capabilities aren't garnering more attention."
"The integration has room for improvement, especially with Mac OS."
"Stability-wise, we had issues with some clients which had to be dealt with manually. The issue was with that installation part."
"In my opinion, there have been significant developments in the product. In my opinion, I don’t have any suggestions as of now, however I can suggest a cost deduction which will be beneficial for all the parties. It will also relieve our budget and benefit our team."
"They need to focus on their SLA or technical support. They also need to focus on their UI. They should also improve their content filtering tool and update it so that correct categories are there. Sometimes, when I want to block an online gaming website, it is not shown under the correct category. It is shown under another category. They need to review their content filtering tool on a bi-weekly or monthly basis and update the sites and categories. This will be really helpful for them."
"The performance offered by the product needs improvement."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 106 reviews while Intercept X Endpoint is ranked 7th in Endpoint Protection Platform (EPP) with 101 reviews. CrowdStrike Falcon is rated 8.8, while Intercept X Endpoint is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete, Fortinet FortiClient and Fortinet FortiEDR. See our CrowdStrike Falcon vs. Intercept X Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.