We performed a comparison between Elastic Security and Intercept X Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The comprehensiveness of Microsoft's threat detection is good."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The solution is well integrated with applications. It is easy to maintain and administer."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"The product has huge integration varieties available."
"The performance is good and it is faster than IBM QRadar."
"It is scalable."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"Elastic is straightforward, easy to integrate, and highly customizable."
"The stability of the solution is good."
"It's open-source and free to use."
"The most valuable feature is that it literally works. We have reduced a lot of complaints after switching to Sophos."
"The most valuable feature is the CryptoGuard in Sophos. In a case of a ransomware attack, this feature comes into action to protect us."
"A valuable feature offered by Sophos is called Naked Security, and it entails the control managed by the firewall on the site regarding the desktop client interfacing with our cloud client."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"The package we use also comes with spam filtering features, which are quite useful."
"It is one of the best in terms of technicality."
"The security on offer is pretty good. We are happy with it."
"Sophos Intercept X is easy to install and has a lower price than similar solutions."
"The data recovery and backup could be improved."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"At times, there may be delays in the execution of certain actions and their effects."
"The support could be more knowledgable to improve their offering."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"The training that is offered for Elastic is in need of improvement because there is no depth to it."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"Email notification should be done the same way as Logentries does it."
"There isn't really a very good user experience. You need a lot of training."
"The pricing could be a bit lower to match the normal retail pricing."
"When we load Intercept X, it puts a load on the device. When it is scanning, it slows down the device. A system with basic specifications completely slows down till the scan is complete. They should improve this part."
"If we can lower the price, it will be fantastic because it will generate more revenue for us."
"They should keep doing what they're doing. Both of them have entered the EDR/MDR space, and they're keeping up with their competitors. I have a hard time understanding why their capabilities aren't garnering more attention."
"I recommend that Intercept X Endpoint should include a patch assessment feature. Various vendors offer virtual patching solutions, which could be a game-changer, especially for the financial sector where frequent service restarts are challenging. These solutions allow patching servers without the need for restarts. Incorporating these features into Intercept X Endpoint would enhance its effectiveness in securing endpoints and servers."
"Intercept X could enhance its support services, particularly in terms of response time and resource allocation."
"Sophos Intercept X could improve on its setup process. They could make it easier to have a baseline set up for the system, or at least provide more understanding of what the baseline is when you first install it. This could be a matter of lack of training on my part, but it's difficult to receive training on solutions that are not Cisco. Cisco is the only vendor with classes or courses."
"The endpoint detection and response (EDR) technology has room for improvement because the information that it gives us to resolve our problems is poor nowadays."
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 59 reviews while Intercept X Endpoint is ranked 4th in Endpoint Detection and Response (EDR) with 101 reviews. Elastic Security is rated 7.6, while Intercept X Endpoint is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Fortinet FortiClient. See our Elastic Security vs. Intercept X Endpoint report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.