Sophos vs. Symantec Endpoint [Review]

Submitted by Daniel Gray on Tue, 11/ 05/ 19 - 12: 00 PM

Review of Sophos vs. Symantec Endpoint


Weak endpoint security creates a host of gaps that hackers can exploit to break into your company's network. Maintaining strong endpoint security is crucial to protecting your valuable assets such as financial information and customer data. Sophos and Symantec both have great endpoint security offerings, but how do they compare to one another? Read more to see how Sophos and Symantec's endpoint security products stack up.

[Quick Summary] For our Sophos vs. Symantec Endpoint review, we found that while Symantec's product has a wide array of features and machine learning capabilities, Sophos' product has high rankings from third-party tests and industry-leading anti-ransomware protection, which tips the scales in their favor.


Not a lot of time? Jump to:

Sophos Intercept X/Endpoint Review

Symantec Endpoint Protection Review

The Verdict

Sophos Intercept X/Endpoint Review

Sophos vs. Symantec


Industry-leading anti-ransomware protection

Sophos' behavioral detection technology can detect ransomware based on its behavior. This allows for the software to stop the ransomware from encrypting files and un-encrypt files that were encrypted before detection.

Seamless integration with other Sophos products

With Sophos products, network endpoints share information and coordinate protection with other Sophos products, allowing users to coordinate software use with ease. 

Minimal administrative effort

Customers can manage multiple Sophos products from a cloud-based console, making managing cyber security easier. Administrators can control installation, track usage, or block execution of over 1,000 applications by using an app list maintained by SophosLabs.

Though Symantec has a similar feature, it isn't as advanced.

High rankings from third-party tests

NSS Labs tested 19 different endpoint security vendors, including Symantec, and Sophos had the best protection and lowest total cost of ownership out of the group.

Root cause analysis 

The root cause analysis feature can help you figure out how attacks originated. It also lists steps that engineers can take to fix the problem. 

Data loss prevention

This feature is integrated into Sophos endpoints. No additional plugins are required, and it's simply enabled and configured in the endpoint policy. 

There are a large set of pre-defined detection rules for common data types, and, if required, customers can build their own custom rules. Symantec does not offer free data loss prevention.

Web restriction services

For employers looking to restrict employees from accessing inappropriate sites dealing with anything from social media to gambling to pornography, Sophos allows you to easily block endpoints from accessing certain sites.


Can't buy products directly from Sophos

Since you can't purchase Sophos products directly from them, you would need to rely on a third party vendor to buy Sophos products. This can become a nuisance for companies trying to cut out the middleman and buy Sophos products themselves.

Overwhelming amount of policy customization options

There are so many options available to build a policy that it can become confusing to some. Make sure you conduct thorough research before building a policy.

Difficult to uninstall

The configuration of the software can make it a bit of a challenge to uninstall, leading to user frustration. However, keep in mind that many cyber security software are configured this way to prevent malware from easily uninstalling it to avoid detection.

Slightly slows down computers  

Some people have complained that Sophos' Intercept X slows their computers a little in order to operate. If you're a company whose bottom line would be hurt if computers slowed down even a little, this might be worth a second glance. 

However, for most people, the speed difference wouldn't affect day-to-day operations.

For more information about Sophos' Endpoint Protection and Intercept X, check out the product page here.

Symantec Endpoint Protection Review

Endpoint Protection Review


Wide array of features

Symantec's endpoint protection technology offers many useful features, from web filtering to client firewalls. 

Isolation, Deception, and Defense for Active Directory features

There are a few features in Symantec's bundle that stick out. "Application Isolation" limits the actions low reputation applications can perform. "Deception" involves decoys being deployed to client machines.

"Defense for Active Directory" monitors a customer’s active directory structure for signs of an attack. Keep in mind though, while these are all advanced tools, they require extensive expertise to deploy and manage.

High rankings from third-party tests

Symantec has won acclaim from various third party testers. For instance, they won Best Enterprise Endpoint from SE Labs in 2019.

Machine learning capabilities

Symantec's endpoint protection offering includes machine learning technology for pre-execution analysis of files. Clients have three machine learning models at any given time, with a new one deployed every few weeks (at which point the oldest model is removed).

Different levels of confidence are assigned to each model, with the oldest being the most trusted. Sophos has a similar deep learning model as well.


Lacks behavioral anti-ransomware technology

Symantec doesn't have a specific anti-ransomware feature, which means that instead, it highlights its other protection features, such as machine learning, as ways to detect ransomware.

Integrated Cyber Defense platform isn't user-friendly

Symantec's Integrated Cyber Defense (ICD) platform allows a user to connect multiple products but it requires more manual integration.

Lack of all-inclusive data loss prevention bundle

While Sophos offers data loss prevention as a feature built into their packages, Symantec doesn't. Instead, data loss prevention is a separate feature that costs extra. 

Slower full-computer scans

In a test conducted by, Symantec's full computer scan was 1/3 as fast as BitDefender's scan that was looking through 22% more items.

For more information on Symantec's Endpoint Protection, check out the product page here.

The Verdict

Sophos Intercept X

When it comes to making a decision on which brand of endpoint protection you want, the choice is ultimately yours. Your choice can be based on a number of factors, from a desire for a user-friendly platform to wanting a platform with strong anti-ransomware protection. 

Each brand has its pros and cons. When evaluating which one to pick, keep in mind your business' needs for its size, because a company with 10 employees may have certain needs in a software while a company with 500 employees most likely has a different set of needs.

Figuring out how to strengthen your cyber security plan by yourself can be a hassle. Google research can only answer so many of your questions.

If you are a company looking to invest in an all-inclusive cyber security plan, consider talking to a managed IT services provider. Managed IT services installs multiple security layers, including endpoint protection, on your network.

Besides keeping your network updated with the latest security software, managed IT services employs a team of IT experts to address any security threats that arise. 

Managed IT services can save you money in the long run too. Because they pay to own software such as anti-virus and anti-ransomware, your cost to lease this software from them is usually cheaper than if you tried to buy the software yourself.

While endpoint protection, firewalls, and anti-virus software are great starts to keeping your valuable data safe, don't stop there. Hackers' tactics are constantly evolving, which means you need to evolve to keep up with them. 

Get Your Questions Answered Now

Posted by Daniel Gray


cyber security solutions for small business, small business cyber security, small business cyber security solutions