LevelBlue USM Anywhere vs. Sophos Intercept X

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
LevelBlue USM Anywhere
Score 3.9 out of 10
N/A
The LevelBlue USM Anywhere XDR platform (replacing the former AlienVault USM) delivers threat detection, incident response, and compliance management.
$1,075
per month
Sophos Intercept X
Score 8.9 out of 10
N/A
Sophos Endpoint Protection (Sophos EPP) with Intercept X is an endpoint security product providing an antivirus / antimalware solution that when upgraded with Intercept X or Intercept X Advanced provides advanced threat detection and EDR capabilities.
$28
per year per user
Pricing
LevelBlue USM AnywhereSophos Intercept X
Editions & Modules
Essentials
$1,075
per month
Standard
$1,695
per month
Premium
$2,595
per month
Intercept X Advanced
$28
per year per user
Intercept X Advanced with XDR
$48
per year per user
Sophos Managed Threat Response
$79
per year per user
Offerings
Pricing Offerings
LevelBlue USM AnywhereSophos Intercept X
Free Trial
YesNo
Free/Freemium Version
YesNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeOptionalNo setup fee
Additional DetailsPricing is for a 3-year commitment. Government and Education pricing available.
More Pricing Information
Community Pulse
LevelBlue USM AnywhereSophos Intercept X
Considered Both Products
LevelBlue USM Anywhere
Chose LevelBlue USM Anywhere
AlienVault USM offers a user-friendly interface and comprehensive features at a lower cost compared to QRadar, making it our preferred choice for effective threat detection and response.
Chose LevelBlue USM Anywhere
Easy to deploy and ease of use, good training by ATT
Chose LevelBlue USM Anywhere
I have used Splunk and QRadar which are quite manual and resource-intensive to get set up. On the other hand, AlienVault USM seems to have everything you need out of the box to get set up.
Chose LevelBlue USM Anywhere
QRadar is one of the top SIEMs on the market. AlienVault USM is more suitable for companies or clients having a smaller budget, as AlienVault USM is cheaper than QRadar. Regarding features, QRadar trumps AlienVault USM, as it is a product with a vast array of features.
Chose LevelBlue USM Anywhere
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
Chose LevelBlue USM Anywhere
There are other products like IBM QRadare and HP ArcSight, but they are much expensive than AlienVault USM which provides similar functionality.
Chose LevelBlue USM Anywhere
AlienVault was recommended by our PCI consultants.
Chose LevelBlue USM Anywhere
I evaluated Crowd Strike. It didn't provide any insight into my network equipment, only Mac and Windows clients. I wanted a complete SIEM and log manager.
Chose LevelBlue USM Anywhere
The only other product I've used similar to AlienVault is SolarWinds SIEM (formerly TriGeo). It too could be difficult to implement and maintain, but it's user interface was much worse. While AlienVault USM Anywhere charges for the amount of data being processed, SolarWinds was …
Chose LevelBlue USM Anywhere
Darktrace - While also a fantastic product, its use case is slightly different from a SIEM, and we found that AlienVault's broad SIEM capabilities complemented Darkrace's focussed use case well.
CyberShark - Cloud SIEM solutions do not often allow full control of or access to …
Chose LevelBlue USM Anywhere
I've only used AlienVault and no other products of this nature.
Chose LevelBlue USM Anywhere
AlienVault USM Anywhere provided the right gamut of features at the right price, with not a great deal of time or effort required to fully implement. As an added bonus, we can tick many checkboxes for various compliance standards, all from one solution. Complexity is an enemy …
Chose LevelBlue USM Anywhere
We already had familiarity with the platform but we needed cloud support so we upgraded to USM. We reviewed a few other options but decided USM was the best fit our requirements and price point.
Chose LevelBlue USM Anywhere
IBM Security Network Intrusion Prevention System, Nessus and Splunk Cloud
Chose LevelBlue USM Anywhere
The tools reviewed were quite sophisticated. The reason for choosing AlienVault USM was mainly inclusiveness (multiple services integrated) of the solution as well as the cost-benefit ratio. Integrating the solution into our current infrastructure also appeared relatively …
Chose LevelBlue USM Anywhere
Installation of AlienVault USM is much easier and customization is open to all kinds of improvements.
Chose LevelBlue USM Anywhere
AlienVault USM is considerably more user-friendly, but it does fall short with the search functionality that a query language offers when looking for specific logs/statistics/data.
Chose LevelBlue USM Anywhere
USM anywhere is easy to deploy and has sufficient documentation to guide administrators throughout the process of configuration and log creation. It also verifies threats against the Open Threat Exchange platform. USM gives remediation advice and insights to all threats …
Chose LevelBlue USM Anywhere
I chose AlienVault to try it in the lab environment and assess its strengths and weaknesses.
Chose LevelBlue USM Anywhere
The price and the ease-of-use, and the support from AlienVault are better. I had a lot of trouble starting out, but they guided me very well. The training provided by AlienVault was fantastic, because I could play without the fear of breaking anything.
Chose LevelBlue USM Anywhere
In terms of user-friendliness and overall navigation, I think AlienVault USM has the advantage. Also, AlienVault USM provides its own threat intelligence and then integrates it into its SEIM, which is a very helpful feature.
Chose LevelBlue USM Anywhere
AlienVault was given to us, even though we already had Secureworks. Both SecureWorks and Fireye are more of a managed solution. It's fine to say we'll use AlienVault but it requires a lot of expertise to get it running and alerting correctly. And even then, if no one is …
Chose LevelBlue USM Anywhere
We had used Splunk, which is not even close to its pricing not at all budget-friendly. Splunk implementation requires more man-power and is a time-consuming process because no default directives are present and in implementation, each and every case needs to be checked. …
Chose LevelBlue USM Anywhere
I didn't select either product but I have used both. I suspect IBM Qradar is more expensive, however, it is also more responsive, includes support for e-streamer, does parse the "blocked" field in source fire logs, and includes UEBA.
Sophos Intercept X
Chose Sophos Intercept X
Bitdefender was garbage, and it did not work well for non-persistent VDI desktops.

Even though we bought it we dumped it after a month and bought Sophos instead. The difference was like night and day.
Chose Sophos Intercept X
Sophos Intercept X is one of the industry leaders for a reason. Apart from integration issues, Sophos Intercept X stands above the rest when it comes to protection and usability. I have used at least 30 different antiviruses, antimalware, and antiransomeware programs and none …
Chose Sophos Intercept X
They have almost the same features but we ended up with a better offer for Sophos.
Chose Sophos Intercept X
Sophos Intercept X offers a far more comprehensive and stable product when pitted up against Comodo Advanced Endpoint Protection and Watchguard Endpoint Security - both of which we offer as low cost alternatives for customers who are adamant about not paying for Sophos …
Chose Sophos Intercept X
Sophos Intercept X is easy to manage and deploy under your business. I think it is comparable to BitDefend with the ability to send out deployment via email or directly add it to the computer. I have noticed that Bitdefender seems to eat a lot of resources during its scans …
Chose Sophos Intercept X
Webroot endpoint protection is not even in the same league as Sophos Intercept-X. I have tested and compared both sides by side, run simulations and it's not even close. Plus the Sophos central management is so much better. Easier to view user activities and apply policies and …
Chose Sophos Intercept X
I personally found Sophos Intercept X GUI to be easy to use. The agent is easy to deploy on client machines and runs in the background silently. It has a very good virus, malware scan engine that picks out a high percentage of malicious software. The price was also very …
Chose Sophos Intercept X
Sophos is much more user friendly and scalable for partners who wish to [centralize] all security across the IT industry, from email security, server security, phish threat management and more.
Chose Sophos Intercept X
We have used Avast, AVG, Panda, Sophos' original antivirus product, and Symantec before and it is better than each of them. The cloud console is the star of the show and it dramatically reduces the cost and effort needed to install the product. Other products were only …
Chose Sophos Intercept X
It is one of the only products that will scan all code in memory and arbitrary data for malicious behaviors.
Chose Sophos Intercept X
We have been using this product for a number of years, which shows that it has worked well for us. I don't recall the other products we reviewed.
Chose Sophos Intercept X
It provides more features for the same price. These added features differentiate Sophos from the rest of the pack, making it a better solution. Also, the ability to integrate with your Sophos firewall if you have one adds another level of integration and protection. This …
Chose Sophos Intercept X
We didn’t evaluate any other products. I used Sophos at a previous company and when I started here, they were using the on-prem version. We immediately migrated to central and haven’t looked back. I am aware of the competitors, but once you are comfortable with a quality …
Chose Sophos Intercept X
Sophos offered better value for money whilst beating the above products on detection and prevention. The GUI is fantastic and easy to use and works seamlessly on top of other features like DLP, application control and web monitoring. I would recommend getting the XG firewall as …
Chose Sophos Intercept X
Sophos Intercept-X gave us a more well-rounded solution.
Chose Sophos Intercept X
Sophos Intercept X is a little less expensive than the comparable package from Trend Micro and a little more expensive than a comparable package from Symantec, but in my opinion, it's easier to operate and it's got better centralized controls than both of the others. But the …
Chose Sophos Intercept X
Trend Micro offered similar protection, however at the time did not offer EDR as a solution. The big benefit to Trend Micro was the capability to push out the installation of the agent to assets within the Trend Micro console, eliminating the need for a GPO or deployment …
Chose Sophos Intercept X
Sophos is by far the simplest of the products to setup and going in a very short period of time at a very similar price point. Trend is overly complex and relied on an appliance for each ESX node meaning you lose one appliance and then you lose protection across multiple …
Chose Sophos Intercept X
Besides legacy malware protection, Sophos is doing a good job in protecting against ransomware, thanks to their Intercept X and its behavioral analytics that would stop ransomware that was never seen in wild.
Chose Sophos Intercept X
Best in class... PERIOD... Bit Defender is a good AV product by itself, but it lacks in Next Gen Heuristic detection. It has allowed malware to get past it in our client environments, even with Admin permissions restricted. Sophos is hands down a superior product when paired …
Chose Sophos Intercept X
Sophos I feel is a better product upon installation we had a few systems that reported threats that ESET did not catch. Sophos also has multiple other products that we were able to bundle together and still have one interface to do. Intercept X, Endpoint Protection, and …
Chose Sophos Intercept X
In our analysis we discovered that for the price and feature set, Sophos was able to rise above the rest. Pricing is always a large consideration, however it isn't the only consideration - the feature set that Sophos Endpoint Protection provided over its competitors made the …
Chose Sophos Intercept X
We used to use Symantec Endpoint Protection. At the time we were using it (it may very well be different by now), it required a bit more maintenance and we were constantly having issues with definitions not being downloaded as well as issues updating the software itself. We …
Features
LevelBlue USM AnywhereSophos Intercept X
Endpoint Security
Comparison of Endpoint Security features of Product A and Product B
LevelBlue USM Anywhere
-
Ratings
Sophos Intercept X
8.9
Ratings
4% above category average
Anti-Exploit Technology00 Ratings7.10 Ratings
Endpoint Detection and Response (EDR)00 Ratings9.00 Ratings
Centralized Management00 Ratings10.00 Ratings
Hybrid Deployment Support00 Ratings8.00 Ratings
Infection Remediation00 Ratings10.00 Ratings
Vulnerability Management00 Ratings8.40 Ratings
Malware Detection00 Ratings10.00 Ratings
Best Alternatives
LevelBlue USM AnywhereSophos Intercept X
Small Businesses
Watchguard Endpoint Security
Watchguard Endpoint Security
Score 8.8 out of 10
ThreatLocker
ThreatLocker
Score 9.5 out of 10
Medium-sized Companies
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.0 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.0 out of 10
Enterprises
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.0 out of 10
BeyondTrust Endpoint Privilege Management
BeyondTrust Endpoint Privilege Management
Score 9.8 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
LevelBlue USM AnywhereSophos Intercept X
Likelihood to Recommend
9.8
(0 ratings)
9.0
(0 ratings)
Likelihood to Renew
7.2
(0 ratings)
10.0
(0 ratings)
Usability
6.7
(0 ratings)
9.0
(0 ratings)
Availability
6.4
(0 ratings)
-
(0 ratings)
Performance
7.3
(0 ratings)
-
(0 ratings)
Support Rating
7.3
(0 ratings)
8.1
(0 ratings)
In-Person Training
4.5
(0 ratings)
-
(0 ratings)
Online Training
8.3
(0 ratings)
-
(0 ratings)
Implementation Rating
6.4
(0 ratings)
9.0
(0 ratings)
Configurability
8.0
(0 ratings)
-
(0 ratings)
Ease of integration
7.3
(0 ratings)
-
(0 ratings)
Product Scalability
6.3
(0 ratings)
-
(0 ratings)
Vendor post-sale
7.6
(0 ratings)
-
(0 ratings)
Vendor pre-sale
8.2
(0 ratings)
-
(0 ratings)
User Testimonials
LevelBlue USM AnywhereSophos Intercept X
Likelihood to Recommend
AlienVault Unified Security Management (USM) Anywhere is a cloud-based security information and event management solution that provides effective and affordable threat detection, incident response, and compliance management capabilities. USM Anywhere is well suited to mid-size enterprise environments operating in the cloud. USM Anywhere is also well suited to enterprises whose operations teams require easy deployment and management. Last, USM Anywhere is considered a highly affordable option compared to competitors. USM Anywhere lags competitors in several areas, such as application monitoring, database monitoring, and integrations with third-party solutions such as cloud access security brokers (CASB), DAM, DAP, and DLP.
Read full review
Sophos Intercept-X is well suited for any environment big or small. There is even a home version that is free that I highly recommend for anyone at home. If you are looking for endpoint protection that is centrally managed, catches everything, and has many features this is the product for you.
Read full review
Pros
  • The USM platform provides the essential security capabilities that work together for a fast and cost-effective way for organizations to have complete visibility into the security of their environment.
  • With the information gathered during asset discovery, USM will correlated that information with known vulnerabilities for continuous vulnerability awareness. In addition, USM contains an active scanner capable of scanning for over 30,000 known vulnerabilities.
  • To give better visibility into your network, and possibly detect intrusions that don’t follow behavioral patterns, we offer Netflow information, bandwidth monitoring, and traffic capture, all part of our behavioral monitoring capabilities built into USM.
Read full review
  • Sophos is a little too good at DLP. But it is indeed very good at not allowing our data to leave our endpoints without strict adherence to policy.
  • Sophos is very good at protecting endpoints against viruses and other malware.
  • Sopho is really good at informing us of what is happening on our endpoints. OOTB reporting is way better than expected.
Read full review
Cons
  • USM Anywhere doesn't allow you to multi-home sensors. So if you have non-routable networks, you'll need to investigate the on-premise solution too.
  • You have to be on top of tuning else a constant stream of alerts will cause your SOC staff to begin ignoring alarms.
  • You have to be on top of tuning else you'll eat your allotment of storage for that month. It is really easy to exceed your storage quota if you don't proactively monitor log sources. USM could do a better job letting you know if a log source is too chatty.
Read full review
  • The migration from on-prem sophos to cloud sophos, could have been a little more seamless
  • Would love to get more insight on what was blocked or flagged and what it was trying to do
  • Better and more granular feature management from group policies
Read full review
Likelihood to Renew
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Read full review
We have gotten a great product for the price. Easy to maintain and set up on new devices. Support is great and easy to work with and understand.
Read full review
Usability
Once you are able to navigate the different panels, finding what you need is quite easily. Before getting used it it can be a bit of challenge . Each panel is quite well laid out and the filtering search capabilities are quite strong.
Read full review
The usability has never been a problem. Sophos Intercept X is a program you can install and let protect your company without much intervention. Apart from a few policies, Sophos will keep you protected better than most any product on the market. Sophos Intercept X works quite well when you are looking to "tighten your grip" on user's access to websites, programs, and add-ons.
Read full review
Reliability and Availability
We do have issues with maintenance on the AlienVault USM as the disk fills up from time to time with other data sources. Sources for scanning logs and net flow data isn't calculated in regular disk maintenance and can easily fill up our disk if we do not keep an eye on it with some custom Nagios plugins. The system does properly trim logging data from logging sources properly.
Read full review
No answers on this topic
Performance
With the latest release of AlienVault USM overall performance has not been an issue. We have noticed single source events per second does not scale well with the overall system. 2,000eps on a vmware system with a single source produces delays of up to an hour for us. Pages, reporting and even raw log searches are rather quick though.
Read full review
No answers on this topic
Support Rating
Support is friendly but response time has been spotty. Also initially when we signed up there was a lot of pointing us at the documentation, which has been spotty and ad-hoc for what is supposed to be a commercial product. Overall the feel of AlienVault and the support has been of a very new and startup company that is trying to grow up out of it's open source roots, and I'm not sure if they've totally been able to make the transition to being able to meet the expectations of the enterprise customers.
Read full review
Most of the support reps are fantastic. There have been a few though that have had to be escalated via Account Manager when they haven't followed up but this is a rare instance, and often followed up by the Support Manager for APAC.
Read full review
In-Person Training
I did not have any experience with "in person" training directly. The free online classes offered for a half a day are based on the actual training offered. These little teasers are very good and well worth your time to learn a few quick and dirty ways of getting more information from your SIEM
Read full review
No answers on this topic
Online Training
The instructor gave detailed overview and went through the labs before allowing us to attempt using them. I enjoyed the balance of time and level of instruction received. The content went deeper that usual and the lab environment was easy to use and all results were consistent. I came away from the course knowing more than i did if I had just read the course notes.
Read full review
No answers on this topic
Implementation Rating
AlienVault USM was a very simple to implement and get up and running. We started with a trial version and had that up and going within an hour of receiving email instructions from the sales engineer. We never had to contact support to get the system up and going. It was extremely easy to convert over to a full license once we started with a paid version.
Read full review
Best thing was the help pushing out via group policy and was able to get instructions for that on sophos site
Read full review
Alternatives Considered
The cost of AlienVault is what sold us on AlienVault. However, considering the amount of time and effort that has gone into getting it set up and realizing that views and reports cannot be shared across groups makes it not worth the savings.
Read full review
I don't feel it's fair to compare Sophos Intercept X with the versions of Symantec and AVG that I have used in the past - as that was such a long time ago. I'm sure those other companies have released far more features than I used all those years ago
Read full review
Scalability
The AlienVault USM is not very scalable. Some scalability can be achieved by installing additional sensors, but this only offers 500eps per sensor and is still overall limited by the installation type of VM or physical. We have also noticed the EPS (events per second) is rated overall and not towards a single source. A single source on a very healthy VMware partition tops out at 2,000eps for us, no matter how we configure it. Maybe this is a problem of the 5.2 release?
Read full review
No answers on this topic
Return on Investment
  • Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
  • AlienVault brings all the information to one place which makes it much quicker to track down problems.
Read full review
  • Before we had Intercept X, we had several infections of ransomware. Since that time it has stopped at least 10 attempts, saving us thousands of man-hours and hundreds of thousands of dollars.
  • By decreasing the time needed for malware remediation, it has saved us the cost of .25 FTE in the IT department.
  • Initial setup was cumbersome and cost us .1 FTE in additional costs the first year.
Read full review
ScreenShots

Sophos Intercept X Screenshots

Screenshot of Screenshot of Screenshot of