The LevelBlue USM Anywhere XDR platform (replacing the former AlienVault USM) delivers threat detection, incident response, and compliance management.
$1,075
per month
Sophos Intercept X
Score 8.9 out of 10
N/A
Sophos Endpoint Protection (Sophos EPP) with Intercept X is an endpoint security product providing an antivirus / antimalware solution that when upgraded with Intercept X or Intercept X Advanced provides advanced threat detection and EDR capabilities.
$28
per year per user
Pricing
LevelBlue USM Anywhere
Sophos Intercept X
Editions & Modules
Essentials
$1,075
per month
Standard
$1,695
per month
Premium
$2,595
per month
Intercept X Advanced
$28
per year per user
Intercept X Advanced with XDR
$48
per year per user
Sophos Managed Threat Response
$79
per year per user
Offerings
Pricing Offerings
LevelBlue USM Anywhere
Sophos Intercept X
Free Trial
Yes
No
Free/Freemium Version
Yes
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
Optional
No setup fee
Additional Details
—
Pricing is for a 3-year commitment. Government and Education pricing available.
More Pricing Information
Community Pulse
LevelBlue USM Anywhere
Sophos Intercept X
Considered Both Products
LevelBlue USM Anywhere
Verified User
Anonymous
Chose LevelBlue USM Anywhere
AlienVault USM offers a user-friendly interface and comprehensive features at a lower cost compared to QRadar, making it our preferred choice for effective threat detection and response.
I have used Splunk and QRadar which are quite manual and resource-intensive to get set up. On the other hand, AlienVault USM seems to have everything you need out of the box to get set up.
QRadar is one of the top SIEMs on the market. AlienVault USM is more suitable for companies or clients having a smaller budget, as AlienVault USM is cheaper than QRadar. Regarding features, QRadar trumps AlienVault USM, as it is a product with a vast array of features.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
I evaluated Crowd Strike. It didn't provide any insight into my network equipment, only Mac and Windows clients. I wanted a complete SIEM and log manager.
The only other product I've used similar to AlienVault is SolarWinds SIEM (formerly TriGeo). It too could be difficult to implement and maintain, but it's user interface was much worse. While AlienVault USM Anywhere charges for the amount of data being processed, SolarWinds was …
Darktrace - While also a fantastic product, its use case is slightly different from a SIEM, and we found that AlienVault's broad SIEM capabilities complemented Darkrace's focussed use case well. CyberShark - Cloud SIEM solutions do not often allow full control of or access to …
AlienVault USM Anywhere provided the right gamut of features at the right price, with not a great deal of time or effort required to fully implement. As an added bonus, we can tick many checkboxes for various compliance standards, all from one solution. Complexity is an enemy …
We already had familiarity with the platform but we needed cloud support so we upgraded to USM. We reviewed a few other options but decided USM was the best fit our requirements and price point.
The tools reviewed were quite sophisticated. The reason for choosing AlienVault USM was mainly inclusiveness (multiple services integrated) of the solution as well as the cost-benefit ratio. Integrating the solution into our current infrastructure also appeared relatively …
AlienVault USM is considerably more user-friendly, but it does fall short with the search functionality that a query language offers when looking for specific logs/statistics/data.
USM anywhere is easy to deploy and has sufficient documentation to guide administrators throughout the process of configuration and log creation. It also verifies threats against the Open Threat Exchange platform. USM gives remediation advice and insights to all threats …
The price and the ease-of-use, and the support from AlienVault are better. I had a lot of trouble starting out, but they guided me very well. The training provided by AlienVault was fantastic, because I could play without the fear of breaking anything.
In terms of user-friendliness and overall navigation, I think AlienVault USM has the advantage. Also, AlienVault USM provides its own threat intelligence and then integrates it into its SEIM, which is a very helpful feature.
AlienVault was given to us, even though we already had Secureworks. Both SecureWorks and Fireye are more of a managed solution. It's fine to say we'll use AlienVault but it requires a lot of expertise to get it running and alerting correctly. And even then, if no one is …
We had used Splunk, which is not even close to its pricing not at all budget-friendly. Splunk implementation requires more man-power and is a time-consuming process because no default directives are present and in implementation, each and every case needs to be checked. …
I didn't select either product but I have used both. I suspect IBM Qradar is more expensive, however, it is also more responsive, includes support for e-streamer, does parse the "blocked" field in source fire logs, and includes UEBA.
Sophos Intercept X is one of the industry leaders for a reason. Apart from integration issues, Sophos Intercept X stands above the rest when it comes to protection and usability. I have used at least 30 different antiviruses, antimalware, and antiransomeware programs and none …
Sophos Intercept X offers a far more comprehensive and stable product when pitted up against Comodo Advanced Endpoint Protection and Watchguard Endpoint Security - both of which we offer as low cost alternatives for customers who are adamant about not paying for Sophos …
Sophos Intercept X is easy to manage and deploy under your business. I think it is comparable to BitDefend with the ability to send out deployment via email or directly add it to the computer. I have noticed that Bitdefender seems to eat a lot of resources during its scans …
Webroot endpoint protection is not even in the same league as Sophos Intercept-X. I have tested and compared both sides by side, run simulations and it's not even close. Plus the Sophos central management is so much better. Easier to view user activities and apply policies and …
I personally found Sophos Intercept X GUI to be easy to use. The agent is easy to deploy on client machines and runs in the background silently. It has a very good virus, malware scan engine that picks out a high percentage of malicious software. The price was also very …
Sophos is much more user friendly and scalable for partners who wish to [centralize] all security across the IT industry, from email security, server security, phish threat management and more.
We have used Avast, AVG, Panda, Sophos' original antivirus product, and Symantec before and it is better than each of them. The cloud console is the star of the show and it dramatically reduces the cost and effort needed to install the product. Other products were only …
It provides more features for the same price. These added features differentiate Sophos from the rest of the pack, making it a better solution. Also, the ability to integrate with your Sophos firewall if you have one adds another level of integration and protection. This …
We didn’t evaluate any other products. I used Sophos at a previous company and when I started here, they were using the on-prem version. We immediately migrated to central and haven’t looked back. I am aware of the competitors, but once you are comfortable with a quality …
Sophos offered better value for money whilst beating the above products on detection and prevention. The GUI is fantastic and easy to use and works seamlessly on top of other features like DLP, application control and web monitoring. I would recommend getting the XG firewall as …
Sophos Intercept X is a little less expensive than the comparable package from Trend Micro and a little more expensive than a comparable package from Symantec, but in my opinion, it's easier to operate and it's got better centralized controls than both of the others. But the …
Trend Micro offered similar protection, however at the time did not offer EDR as a solution. The big benefit to Trend Micro was the capability to push out the installation of the agent to assets within the Trend Micro console, eliminating the need for a GPO or deployment …
Sophos is by far the simplest of the products to setup and going in a very short period of time at a very similar price point. Trend is overly complex and relied on an appliance for each ESX node meaning you lose one appliance and then you lose protection across multiple …
Besides legacy malware protection, Sophos is doing a good job in protecting against ransomware, thanks to their Intercept X and its behavioral analytics that would stop ransomware that was never seen in wild.
Best in class... PERIOD... Bit Defender is a good AV product by itself, but it lacks in Next Gen Heuristic detection. It has allowed malware to get past it in our client environments, even with Admin permissions restricted. Sophos is hands down a superior product when paired …
Sophos I feel is a better product upon installation we had a few systems that reported threats that ESET did not catch. Sophos also has multiple other products that we were able to bundle together and still have one interface to do. Intercept X, Endpoint Protection, and …
In our analysis we discovered that for the price and feature set, Sophos was able to rise above the rest. Pricing is always a large consideration, however it isn't the only consideration - the feature set that Sophos Endpoint Protection provided over its competitors made the …
We used to use Symantec Endpoint Protection. At the time we were using it (it may very well be different by now), it required a bit more maintenance and we were constantly having issues with definitions not being downloaded as well as issues updating the software itself. We …
AlienVault Unified Security Management (USM) Anywhere is a cloud-based security information and event management solution that provides effective and affordable threat detection, incident response, and compliance management capabilities. USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors. USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
Sophos Intercept-X is well suited for any environment big or small. There is even a home version that is free that I highly recommend for anyone at home. If you are looking for endpoint protection that is centrally managed, catches everything, and has many features this is the product for you.
The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
The usability has never been a problem. Sophos Intercept X is a program you can install and let protect your company without much intervention. Apart from a few policies, Sophos will keep you protected better than most any product on the market. Sophos Intercept X works quite well when you are looking to "tighten your grip" on user's access to websites, programs, and add-ons.
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
Support is friendly but response time has been spotty. Also initially when we signed up there was a lot of pointing us at the documentation, which has been spotty and ad-hoc for what is supposed to be a commercial product. Overall the feel of AlienVault and the support has been of a very new and startup company that is trying to grow up out of it's open source roots, and I'm not sure if they've totally been able to make the transition to being able to meet the expectations of the enterprise customers.
Most of the support reps are fantastic. There have been a few though that have had to be escalated via Account Manager when they haven't followed up but this is a rare instance, and often followed up by the Support Manager for APAC.
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
The instructor gave detailed overview and went through the labs before allowing us to attempt using them. I enjoyed the balance of time and level of instruction received. The content went deeper that usual and the lab environment was easy to use and all results were consistent. I came away from the course knowing more than i did if I had just read the course notes.
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
I don't feel it's fair to compare Sophos Intercept X with the versions of Symantec and AVG that I have used in the past - as that was such a long time ago. I'm sure those other companies have released far more features than I used all those years ago
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
AlienVault brings all the information to one place which makes it much quicker to track down problems.
Before we had Intercept X, we had several infections of ransomware. Since that time it has stopped at least 10 attempts, saving us thousands of man-hours and hundreds of thousands of dollars.
By decreasing the time needed for malware remediation, it has saved us the cost of .25 FTE in the IT department.
Initial setup was cumbersome and cost us .1 FTE in additional costs the first year.