Sophos Intercept X Advanced review: AI-powered protection
An exceptional range of endpoint protection measures, easily managed from a smart cloud portal
These days AI seems to be everywhere, and Sophos Intercept X proudly exploits it to help identify unknown malware. It also blocks ransomware attacks using behavioral analysis, and provides tools to investigate potential threats to see how and why they occurred.
This may sound complicated, but everything is rolled neatly into a single web portal for easy access. You can also pick and choose which features you want: along with standard workstation and laptop support, separate modules are available for protecting servers and mobile devices. If you only need core protection services then you can go for the Intercept X Essentials subscription, but we trialled the Intercept X Advanced service, which adds support for multiple security policies, application and web protection and device controls.
An Advanced subscription also enables the threat analysis centre, where you can review attacks and explore event chain diagrams, which track how a malware incident unfolded, including details of which processes and files were accessed. If you’ve gone for the optional XDR (extended detection and response) licence, you can also make use of the Live Discover feature, which uses SQL queries to create detailed reports for selected endpoints – as well as providing access to the Sophos Data Lake, where you can store up to 30 days of report data in the cloud.
All of this is administered from the Sophos Central portal (which also takes care of any Sophos firewalls in your business). The main dashboard shows recent alerts, a summary of devices and users and details on how web access controls are performing.
Deploying the client software is fairly straightforward. You can create users in the portal and email them a link to install the agent, or you can install the Mac and Windows software from a central distribution point like any regular application. Either way, the agent takes around ten minutes to fully install; protection then starts immediately, with the agent picking up a base set of security policies from your portal account. These can be device-specific or, if you use the Sophos Active Directory sync tool or Azure sync service to import users and groups, you can create policies that follow users regardless of which device they’re logged into.
When it comes to customising your policies, there’s a wide range of options to choose from. The base policies for web, application and device controls can be tweaked to your preferences, or you can create new ones. Data-loss prevention policies set rules that prevent certain types of information from being copied or transferred; we tested this with a policy that looked for files containing payment information and found it worked perfectly, blocking all attempts to share a text file containing credit card numbers.
The new frontier of endpoint management
How analytics and security stacks are driving employee experience initiativesFree download
The CryptoGuard feature, meanwhile, neuters ransomware by monitoring all file writes; when a program tries to overwrite an existing file, a temporary clean copy is cached on the local drive. The software then analyses the updated file, and if it determines that it’s been maliciously encrypted, it automatically restores the original cached copy of the file.
All of these features can be configured and customised, but if you want to keep things simple you can just enable the AI-powered Deep Learning service, tick the “recommended settings” box and leave the rest up to the software.
SMBs that want a wide-ranging security solution need look no further than Sophos Intercept X. It’s loaded with powerful features, yet remains easy to use and simple to manage from the Sophos Central cloud portal.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now