Intercept X Essentials - The new base protection for Clients & Server
Sophos Central

Intercept X Essentials - The new base protection for Clients & Server

David - 28. Juli 2021

Sophos has launched Intercept X Essentials (CIXE) and Intercept X Essentials for Server (SVRCIXE), two new Central licenses intended as entry-level products for protecting clients and servers. However, the introduction of these two new licenses also means the end of Central Endpoint Protection (CEP) and Central Server Protection (SVRC), which were previously intended as a low-cost entry point.

Before I tell you more about Intercept X Essentials, I'll first do a little education for those customers who still have active Central Endpoint Protection or Server Protection licenses.

Central Endpoint and Server Protection go end-of-sale

It's no longer a secret that Central Endpoint Protection or Server Protection are no longer sufficient to protect against today's threats. “Ransomware” is still one of the biggest security threats in 2021, and signature-based solutions are simply powerless against it. To stand up to modern threats like ransomware, you need features like deep learning, anti-ransomware and anti-exploit at a minimum.

Sophos has consistently emphasized in its presentations that they would recommend at least Intercept X Advanced as basic protection to everyone. However, despite these statements, Endpoint, and Server Protection licenses continued to be offered. This is now over and Sophos is removing the two obsolete products from its lineup with immediate effect.

What existing CEP and SVRC customers need to know

Existing customers who currently have active Central Endpoint or Server Protection licenses will be migrated by Sophos to Intercept X Advanced and Intercept X Advanced for Server free of charge during September/October. If your licenses expire before this migration, it is still possible to order a renewal. Only the new purchase of the two products is no longer allowed.

For the remaining term of the license, existing customers retain all the functions of CEP or SVRC and even receive modern technologies from Intercept X Advanced as a gift.

At the end of the term, it is up to you whether you want to continue to renew Intercept X Advanced / Intercept X Advanced for Server or perhaps even upgrade to EDR or MTR. Alternatively, you may choose to downgrade to Intercept X Essentials / Intercept X Essentials for Server. What such a downgrade would mean exactly and which features you would then have to do without, you will learn in the next section.

Intercept X Essentials / Intercept X Essentials for Server

By stopping the sale of Endpoint and Server Protection, Sophos has, in our view, plugged a major security gap in their product portfolio. We see it all the time that when customers are deciding between two products, they prioritize cost over the actual protection a product can provide. For this reason, customers have been happy to choose Endpoint or Server Protection because it was simply more affordable price-wise compared to Intercept X Advanced. However, in the next ransomware attack, these two solutions were not going to be able to do anything because they lack important features such as deep learning, anti-ransomware and anti-exploit.

With Intercept X Essentials, Sophos has recognized that while it still needs an affordable entry-level product, the smaller price tag should by no means come at the expense of a lack of security features.

Advanced protection against threats

When it comes to threat protection, Intercept X Essentials and Intercept X Essentials for Servers give you the same tools as Intercept X Advanced. The only difference is that if you want to protect your servers with Intercept X Essentials, the Advanced version offers additional features. In the following table, you can get an overview of the included protection features:

The protection features listed above were not part of the Endpoint and Server Protection, but these are exactly what is needed to survive against today's threats.

Deleted features

In my eyes, Sophos has focused on the right features with Intercept X Essentials to create an entry-level product for protecting clients and servers. Those who have used the previous base product “Endpoint Protection” or “Server Protection” will notice when looking at the table above that some features were removed. The following features are now only available with Intercept X Advanced or higher:

  • Multiple Policies: With Intercept X Essentials you can only use the base policy. It is not possible to duplicate policies.
  • Controlled Updates: With Intercept X Essentials it is not possible to delay an update of the agent.
  • Web Control: With Intercept X Essentials, access to unwanted websites cannot be denied.
  • Peripheral Control: With Intercept X Essentials it is not possible to restrict which devices can be connected.
  • Application Control: With Intercept X Essentials it is not possible to control what types of applications are installed and run.
  • Data Loss Prevention: With Intercept X Essentials you cannot restrict what sensitive data leaves the company.
  • Thread Case: With Intercept X Essentials, access to threat cases is not possible.

The fact that the features listed above are missing from Intercept X Essentials is also the reason that Sophos upgrade existing customers to Intercept X Advanced. Apart from the additional security features, switching to Intercept X Essentials would have been more of a downgrade for existing customers.


As pointed out several times in this article, I agree 100% with Sophos's strategy. It was really time to stop selling licenses for Endpoint and Server Protection, as the protection against modern threats was no longer sufficient. For purely signature-based detection, one might as well have installed the free Microsoft Defender or similar products.

With the new basic products Intercept X Essentials and Intercept X Essentials for Servers, Sophos will, in my view, address an estimated 90% of the customers who previously used endpoint or server protection. Whether, I'm going too far out on a limb with this claim, will certainly be seen in the coming months. However, I think that protection against malware and the detection of attacks belong more to the basic version of an endpoint or server security software, than, for example, peripheral or application control. Those who need such features will get them when switching to Intercept X Advanced or higher.

However, the only flaw I see with Intercept X Essentials is the price. In my opinion, Sophos has missed an opportunity here to really provide a low-cost entry point. I see the price difference to Intercept X Advanced as too small, which at the same time makes the additional features like “Web Control”, “Application Control”, “Peripheral Control” etc. seem somewhat worthless. At the same time, there is a risk that many Intercept X Advanced customers will downgrade to Intercept X Essentials at the next renewal. I can imagine that there are some customers who have not used any of the additional features so far. 🤔

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.