IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Sophos Intercept X Advanced review: AI-powered protection

An exceptional range of endpoint protection measures, easily managed from a smart cloud portal

Sophos Intercept X Advanced screenshot
Price
$28 per user, 1yr subscription, 500-999 users
  • Huge range of policy customisation options
  • Smart AI features
  • Straightforward management

These days AI seems to be everywhere, and Sophos Intercept X proudly exploits it to help identify unknown malware. It also blocks ransomware attacks using behavioral analysis, and provides tools to investigate potential threats to see how and why they occurred.

This may sound complicated, but everything is rolled neatly into a single web portal for easy access. You can also pick and choose which features you want: along with standard workstation and laptop support, separate modules are available for protecting servers and mobile devices. If you only need core protection services then you can go for the Intercept X Essentials subscription, but we trialled the Intercept X Advanced service, which adds support for multiple security policies, application and web protection and device controls. 

An Advanced subscription also enables the threat analysis centre, where you can review attacks and explore event chain diagrams, which track how a malware incident unfolded, including details of which processes and files were accessed. If you’ve gone for the optional XDR (extended detection and response) licence, you can also make use of the Live Discover feature, which uses SQL queries to create detailed reports for selected endpoints – as well as providing access to the Sophos Data Lake, where you can store up to 30 days of report data in the cloud.

Sophos Intercept X Advanced screenshot

All of this is administered from the Sophos Central portal (which also takes care of any Sophos firewalls in your business). The main dashboard shows recent alerts, a summary of devices and users and details on how web access controls are performing.

Deploying the client software is fairly straightforward. You can create users in the portal and email them a link to install the agent, or you can install the Mac and Windows software from a central distribution point like any regular application. Either way, the agent takes around ten minutes to fully install; protection then starts immediately, with the agent picking up a base set of security policies from your portal account. These can be device-specific or, if you use the Sophos Active Directory sync tool or Azure sync service to import users and groups, you can create policies that follow users regardless of which device they’re logged into.

When it comes to customising your policies, there’s a wide range of options to choose from. The base policies for web, application and device controls can be tweaked to your preferences, or you can create new ones. Data-loss prevention policies set rules that prevent certain types of information from being copied or transferred; we tested this with a policy that looked for files containing payment information and found it worked perfectly, blocking all attempts to share a text file containing credit card numbers.

Related Resource

The new frontier of endpoint management

How analytics and security stacks are driving employee experience initiatives

Green and grey coverFree download

The CryptoGuard feature, meanwhile, neuters ransomware by monitoring all file writes; when a program tries to overwrite an existing file, a temporary clean copy is cached on the local drive. The software then analyses the updated file, and if it determines that it’s been maliciously encrypted, it automatically restores the original cached copy of the file.

All of these features can be configured and customised, but if you want to keep things simple you can just enable the AI-powered Deep Learning service, tick the “recommended settings” box and leave the rest up to the software.

SMBs that want a wide-ranging security solution need look no further than Sophos Intercept X. It’s loaded with powerful features, yet remains easy to use and simple to manage from the Sophos Central cloud portal.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

What is machine learning?
Business strategy

What is machine learning?

19 Jul 2022
Government launches Defence Centre for AI Research
artificial intelligence (AI)

Government launches Defence Centre for AI Research

15 Jul 2022
What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022