CONFIDENTIAL - SOPHOS INTERNAL AND CHANNEL PARTNERS ONLY - DO NOT REDISTRIBUTE

Competitive Overview
Endpoint Detection & Response (EDR) and Extended Detection & Response (XDR)

CrowdStrike (Falcon Prevent/Insight) Strengths Weaknesses

Microsoft (Defender for Endpoint)  Single agent for endpoint protection and EDR  Limited tools to reduce exposure to threats (e.g. web
Detailed information about suspicious activities and protection, application control)
Carbon Black (Cloud Endpoint Protection) 

threats  Significant time, resources and expertise required to get

Cisco (AMP for Endpoints) the most from the products
SentinelOne  Lacks broader portfolio for XDR (Carbon Black,
SentinelOne, Elastic, CrowdStrike)
Elastic (formerly Endgame)

Strengths Weaknesses
Broadcom Symantec (ATP: Endpoint
 Information about suspicious activities and threats  Customers still bear the burden of interpreting event
+ ICDx)
 Core EDR functionality (e.g. threat chain diagrams and information and responding appropriately
McAfee (MVISION EPP + MVISION XDR) endpoint isolation)  Requires an additional management console (Symantec
Trend Micro (Vision One XDR)  Early providers of XDR (Trend Micro) and Trend Micro) or client agent (McAfee)
 XDR is based on network sensor not full firewall

Sophos Advantages
EDR and XDR starts with the strongest protection – Sophos delivers industry leading endpoint protection, meaning most threats are stopped before they can ever cause damage. The more
threats prevented, the less noise created for security teams to investigate. Share recent 3rd party test results (e.g. SE Labs) as proof points.

Add expertise, not headcount – Intercept X Advanced with XDR replicates the tasks normally performed by skilled analysts. Deep Learning Malware Analysis automatically analyzes file attributes
and code in extreme detail, comparing them to millions of other files. This enables customers to easily see which attributes are similar to “known good” and “known bad” files so they can
determine if a file should be blocked or allowed.

Single agent and console – Intercept X Advanced with XDR combines cutting edge protection features and intuitive detection and response capabilities in a single agent. This is delivered alongside
Sophos’ range of complementary security technologies in the unified Sophos Central console.

The information in this document is based on Sophos’s interpretation of data publicly available as of the date it was prepared. Other companies named in the document had no part in its preparation. The information contained in this comparison may be incomplete or inaccurate and is subject to change. The
information is intended for informational purposes only and is not intended to be relied upon in making any purchase decision. The information is provided "as is" without warranties of any kind either expressed or implied. This document is Sophos confidential information. Partners may use only the most up-
to-date version, and only if permitted by law in their Territory. Distribution to any third party other than a Sophos authorized partner is strictly prohibited.
Copyright 2022 Sophos Group. All Rights Reserved.

JANUARY 2022