IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Sophos Intercept X Advanced review: AI-powered protection

An exceptional range of endpoint protection measures, easily managed from a smart cloud portal

Editor's Choice
Sophos Intercept X Advanced screenshot
$28 per user, 1yr subscription, 500-999 users
  • Huge range of policy customisation options
  • Smart AI features
  • Straightforward management

These days AI seems to be everywhere, and Sophos Intercept X proudly exploits it to help identify unknown malware. It also blocks ransomware attacks using behavioral analysis, and provides tools to investigate potential threats to see how and why they occurred.

This may sound complicated, but everything is rolled neatly into a single web portal for easy access. You can also pick and choose which features you want: along with standard workstation and laptop support, separate modules are available for protecting servers and mobile devices. If you only need core protection services then you can go for the Intercept X Essentials subscription, but we trialled the Intercept X Advanced service, which adds support for multiple security policies, application and web protection and device controls. 

An Advanced subscription also enables the threat analysis centre, where you can review attacks and explore event chain diagrams, which track how a malware incident unfolded, including details of which processes and files were accessed. If you’ve gone for the optional XDR (extended detection and response) licence, you can also make use of the Live Discover feature, which uses SQL queries to create detailed reports for selected endpoints – as well as providing access to the Sophos Data Lake, where you can store up to 30 days of report data in the cloud.

Sophos Intercept X Advanced screenshot

All of this is administered from the Sophos Central portal (which also takes care of any Sophos firewalls in your business). The main dashboard shows recent alerts, a summary of devices and users and details on how web access controls are performing.

Deploying the client software is fairly straightforward. You can create users in the portal and email them a link to install the agent, or you can install the Mac and Windows software from a central distribution point like any regular application. Either way, the agent takes around ten minutes to fully install; protection then starts immediately, with the agent picking up a base set of security policies from your portal account. These can be device-specific or, if you use the Sophos Active Directory sync tool or Azure sync service to import users and groups, you can create policies that follow users regardless of which device they’re logged into.

When it comes to customising your policies, there’s a wide range of options to choose from. The base policies for web, application and device controls can be tweaked to your preferences, or you can create new ones. Data-loss prevention policies set rules that prevent certain types of information from being copied or transferred; we tested this with a policy that looked for files containing payment information and found it worked perfectly, blocking all attempts to share a text file containing credit card numbers.

Related Resource

The new frontier of endpoint management

How analytics and security stacks are driving employee experience initiatives

Green and grey coverFree download

The CryptoGuard feature, meanwhile, neuters ransomware by monitoring all file writes; when a program tries to overwrite an existing file, a temporary clean copy is cached on the local drive. The software then analyses the updated file, and if it determines that it’s been maliciously encrypted, it automatically restores the original cached copy of the file.

All of these features can be configured and customised, but if you want to keep things simple you can just enable the AI-powered Deep Learning service, tick the “recommended settings” box and leave the rest up to the software.

SMBs that want a wide-ranging security solution need look no further than Sophos Intercept X. It’s loaded with powerful features, yet remains easy to use and simple to manage from the Sophos Central cloud portal.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download


Best free malware removal tools 2022

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide

CIAM buyer’s guide

6 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Why India wants to become a chipmaking powerhouse

Why India wants to become a chipmaking powerhouse

28 Jun 2022