We performed a comparison between SentinelOne and Sophos Intercept X based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: SentinelOne comes out on top in this comparison due to its easy setup, high performance, attractive price, and impressive ROI.
"The integration between all the Defender products is the most valuable feature."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"Its most significant advantage lies in its affordability."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable feature of Sophos Intercept X is a web filtering and URL sanity checks. Overall the solution is well balanced with all its features."
"The performance is good."
"It's a good antivirus software and has a lot of features. It now integrates with their on-premises firewall, which is perfect."
"The stability on offer is fine."
"Sophos Intercept X is easy to install and has a lower price than similar solutions."
"The package we use also comes with spam filtering features, which are quite useful."
"It is easy to change the size of its capabilities, i.e. to expand processes or scale the size of users."
"The most valuable features are ease of use and the GUI."
"The most valuable aspect, in any scenario, was the rollback feature."
"When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help."
"The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."
"The visibility and, obviously, the protection aspects are second to none when it comes to speed. Another thing we fall back on is the option to roll back an endpoint if it is infected. There is a shadow copy so that if a PC downloads malicious content, we can roll it back to the state it was in before that package was imported."
"SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice."
"The customer support for this solution is good."
"The most valuable features include the agent installation and update processes."
"I appreciate the network control as well as the device control."
"The licensing is a nightmare and has room for improvement."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The web filtering solution needs to be improved because currently, it is very simple."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"Intercept X Endpoint is a very heavy solution that consumes a lot of RAM and should be made lighter."
"We would like to deploy across a variety of machines simultaneously through the network."
"The majority of our systems are MacBooks and their solution release cycle is slow to endorsing or support the MacBook's latest OS or hardware platform. For example, when Sophos macOS Big Sur version 11 was released, it took them a while to support this version of OS. A similar situation occurred when the MacBook M1 hardware CPU was released. They have not fully supported the native M1 CPU to this day. They need to speed up the solutions release cycle."
"The tool is not stable on Linux systems."
"I have not done it, but integrating it with authenticating the users on the Windows system looks a bit complicated to me. It could be because I don't understand it."
"It has a performance hit on a local laptop. There's an agent installed and we are bothered a lot by it because it seems to be using a lot of computer resources."
"The pricing could be a bit lower to match the normal retail pricing."
"Technical support is too slow to schedule meetings."
"They need to improve how we install the software."
"Communication and documentation could be improved."
"It's fine. It's correcting all the EFC files with a virus. All the achievements, maximum EFC files. Many EFC files will be flagged as a virus. Some virus databases need to be updated. The model is good at finding many EFC files. The trouble is it needs to be updated."
"Security could always be better."
"I rate Singularity Complete a seven out of ten for affordability. It's more expensive than our previous solution, but it does its job well. At the same time, there is some room for improvement. Cheaper is always better."
"The solution should include USB blocking for specific machines."
"There is an area of improvement is agent health monitoring, which would give us the ability to cap and manage resources used by the SentinelOne agent. We had issues with this in our environment. We reached out to SentinelOne about it, and they were very prompt in adding it into their roadmap."
"The performance could be better. Singularity lags a bit, and it's a resource-hungry application, so it takes a while to load."
More SentinelOne Singularity Complete Pricing and Cost Advice →
Intercept X Endpoint is ranked 4th in Endpoint Detection and Response (EDR) with 101 reviews while SentinelOne Singularity Complete is ranked 2nd in Endpoint Detection and Response (EDR) with 177 reviews. Intercept X Endpoint is rated 8.4, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, Fortinet FortiClient and Fortinet FortiEDR, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Cortex XDR by Palo Alto Networks. See our Intercept X Endpoint vs. SentinelOne Singularity Complete report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Endpoint Protection Platform (EPP) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.