Sophos Intercept X Advanced review: AI-powered protection

An exceptional range of endpoint protection measures, easily managed from a smart cloud portal

Sophos Intercept X Advanced screenshot
Price
$28 per user, 1yr subscription, 500-999 users
  • Huge range of policy customisation options
  • Smart AI features
  • Straightforward management

These days AI seems to be everywhere, and Sophos Intercept X proudly exploits it to help identify unknown malware. It also blocks ransomware attacks using behavioral analysis, and provides tools to investigate potential threats to see how and why they occurred.

This may sound complicated, but everything is rolled neatly into a single web portal for easy access. You can also pick and choose which features you want: along with standard workstation and laptop support, separate modules are available for protecting servers and mobile devices. If you only need core protection services then you can go for the Intercept X Essentials subscription, but we trialled the Intercept X Advanced service, which adds support for multiple security policies, application and web protection and device controls. 

An Advanced subscription also enables the threat analysis centre, where you can review attacks and explore event chain diagrams, which track how a malware incident unfolded, including details of which processes and files were accessed. If you’ve gone for the optional XDR (extended detection and response) licence, you can also make use of the Live Discover feature, which uses SQL queries to create detailed reports for selected endpoints – as well as providing access to the Sophos Data Lake, where you can store up to 30 days of report data in the cloud.

Sophos Intercept X Advanced screenshot

All of this is administered from the Sophos Central portal (which also takes care of any Sophos firewalls in your business). The main dashboard shows recent alerts, a summary of devices and users and details on how web access controls are performing.

Deploying the client software is fairly straightforward. You can create users in the portal and email them a link to install the agent, or you can install the Mac and Windows software from a central distribution point like any regular application. Either way, the agent takes around ten minutes to fully install; protection then starts immediately, with the agent picking up a base set of security policies from your portal account. These can be device-specific or, if you use the Sophos Active Directory sync tool or Azure sync service to import users and groups, you can create policies that follow users regardless of which device they’re logged into.

When it comes to customising your policies, there’s a wide range of options to choose from. The base policies for web, application and device controls can be tweaked to your preferences, or you can create new ones. Data-loss prevention policies set rules that prevent certain types of information from being copied or transferred; we tested this with a policy that looked for files containing payment information and found it worked perfectly, blocking all attempts to share a text file containing credit card numbers.

Related Resource

The new frontier of endpoint management

How analytics and security stacks are driving employee experience initiatives

Green and grey coverFree download

The CryptoGuard feature, meanwhile, neuters ransomware by monitoring all file writes; when a program tries to overwrite an existing file, a temporary clean copy is cached on the local drive. The software then analyses the updated file, and if it determines that it’s been maliciously encrypted, it automatically restores the original cached copy of the file.

All of these features can be configured and customised, but if you want to keep things simple you can just enable the AI-powered Deep Learning service, tick the “recommended settings” box and leave the rest up to the software.

SMBs that want a wide-ranging security solution need look no further than Sophos Intercept X. It’s loaded with powerful features, yet remains easy to use and simple to manage from the Sophos Central cloud portal.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022