This content is part of the Buyer's Guide: Endpoint security tools: A buyer's guide

Sophos Endpoint Protection and an overview of its features

Expert Ed Tittel examines Sophos Endpoint Protection, an endpoint security platform with antivirus, antimalware and more.

Sophos Endpoint is an endpoint protection product that combines antimalware, web and application control, device control and much more. The tool is designed to support organizations of all sizes -- from small and midsize to large enterprises. This article focuses on Sophos Endpoint Protection version 10.3.

To use Sophos Endpoint Protection, an administrator installs the Sophos Enterprise Console on a server to streamline client installation and for management purposes, and installs Sophos protection software on each endpoint. Typically, endpoint software works as an agent that communicates with the console, but can also function as standalone software for off-site endpoint computers.

Buyers should take note that Sophos introduced Intercept X in 2016, a next-generation cloud-based product that enhances endpoint security already running in an environment. Intercept X adds protection from zero-day attacks and drive-by downloads, includes root cause analysis and anti-exploit technology to minimize damage from breaches, and incorporates CryptoGuard to protect against ransomware.

Feature set

Sophos Endpoint Protection includes antimalware, data loss prevention (DLP), a client firewall, application and device control, a host-based intrusion prevention system, website browsing protection and filtering, email protection (such as antispam) and patch assessment. Regarding mobile features, the bundles include mobile device management (covering antitheft, inventory and policy enforcement) as well as mobile application and email management.

Customers also get the Secure Email Gateway component, which provides antispam and antivirus, DLP, email encryption and full disk encryption for Microsoft Exchange. Web application control and enhanced filtering on the gateway are also part of the package.

Platform coverage

Sophos Endpoint Protection supports most Windows desktop versions through Windows 10, Windows Server 2003 through 2012 R2, Microsoft Exchange, and Mac, Linux and Unix systems. Supported mobile operating systems include iOS, Android, Windows Phone, Windows Mobile and BlackBerry OS. Virtual environment support includes VMware vSphere, ESX and Workstation, Citrix XenServer and Microsoft Hyper-V Server.


In tests conducted by AV-Test in November and December 2016 on Windows 10, Sophos scored 14.5 out of 18 when evaluated for protection, performance and usability. That was the lowest score out of 12 product comparisons. The performance component, which indicated the software slowed the operating system and response times of other applications, was mainly responsible for the low score. The highest-ranking products during that period were Kaspersky Small Office Security and Bitdefender Endpoint Security, which both scored 18.


On-premises endpoint security is managed by the Sophos Enterprise Console, giving administrators a single console from which to install software and manage endpoints. The console enables policy creation and deployment, provides endpoint status information and events, and enables endpoint disinfection remotely. Administrators can also use Sophos Central to manage Endpoint Protection clients via the web.

Pricing and licensing

Sophos Endpoint Protection is licensed per user, not per device, and customers must purchase licenses from a Sophos sales team member or a Sophos partner. The manufacturer's suggested retail price for a one-year license per user is in the $30 to $60 range, depending on the number of licenses purchased. Two- and three-year licenses are also available for each product. Pricing for Sophos Intercept X is not available as of this writing.

Organizations can download a free 30-day trial of Sophos Endpoint Protection, which is fully functional and includes the enterprise management console. Organizations can also test-drive Sophos Intercept X for 30 days.


Standard support for Sophos security products includes a wealth of online self-help -- a detailed knowledge base, advisories, a news subscription, a community forum, how-to videos and guides, best practices, articles and product documentation -- in addition to 24/7 year-round Sophos technical support team access via the web portal or phone (recommended for urgent issues).

Paid support packages are based on license cost. Some of the services in the paid packages include "penalty backed" service-level agreements, priority incident handling, remote assistance and training, a dedicated technical support team and support account manager, and performance optimization.

Next Steps

Check out the other antimalware protection products featured in this series: Kaspersky Endpoint SecurityMcAfee Endpoint Protection SuiteSymantec Endpoint ProtectionTrend Micro OfficeScanTrend Micro Worry-Free Business Security and Microsoft System Center 2012 R2 Endpoint Protection.

Dig Deeper on Network security

Enterprise Desktop
Cloud Computing