Skip to content
Avanet
Intercept X Essentials – the new baseline protection for endpoints and servers

Intercept X Essentials – the new baseline protection for endpoints and servers

With Intercept X Essentials (CIXE) and Intercept X Essentials for Server (SVRCIXE), Sophos has introduced two new Central licenses designed as entry‑level products for protecting endpoints and servers. The introduction of these two licenses also means the end of Central Endpoint Protection (CEP) and Central Server Protection (SVRC), which previously served as the low‑cost entry point.

Before going into more detail about Intercept X Essentials, it is worth clarifying a few points for customers who still have active Central Endpoint Protection or Server Protection licenses.

Central Endpoint and Server Protection go end‑of‑sale

It has long been clear that standard Central Endpoint Protection or Server Protection is no longer sufficient to defend against today’s threats. Ransomware remains one of the biggest security risks in 2021, and signature‑based solutions are simply powerless against it. To stand up to modern threats such as ransomware, at least features like deep learning, anti‑ransomware and anti‑exploit are required.

In its presentations, Sophos has repeatedly emphasized that it recommends Intercept X Advanced as the minimum baseline protection. Despite this, Endpoint and Server Protection licenses continued to be sold. That is now over, and Sophos is withdrawing these outdated products from sale with immediate effect.

What existing CEP and SVRC customers need to know

Existing customers with active Central Endpoint or Server Protection licenses will be migrated by Sophos free of charge to Intercept X Advanced and Intercept X Advanced for Server in September/October. If your licenses expire before this migration takes place, it is still possible to order a renewal. Only new purchases of the two products are no longer permitted.

For the remainder of the purchased term, existing customers keep all CEP or SVRC features and even receive the modern technologies of Intercept X Advanced on top.

At the end of the term, it is up to each organisation whether it wants to continue with Intercept X Advanced / Intercept X Advanced for Server, or perhaps upgrade to EDR or MTR. Alternatively, it is of course possible to downgrade to Intercept X Essentials / Intercept X Essentials for Server. What such a downgrade actually means and which features would be missing is explained in the next section.

Intercept X Essentials / Intercept X Essentials for Server

From our point of view, Sophos has closed an important security gap in its portfolio by discontinuing Endpoint and Server Protection. Time and again, we see customers prioritising cost over the actual protection a product offers when choosing between two options. For this reason, many opted for Endpoint or Server Protection as they were simply cheaper than Intercept X Advanced. In the event of a ransomware attack, however, these two solutions would not have helped, because they lack key capabilities such as deep learning, anti‑ransomware and anti‑exploit.

With Intercept X Essentials, Sophos has understood that there still needs to be an affordable entry‑level product, but that a lower price must not come at the expense of essential security features.

Modern protection against threats

When it comes to protecting against threats, Intercept X Essentials and Intercept X Essentials for Server give you exactly the same core tools as Intercept X Advanced. Only when endpoints or servers are protected with Intercept X Essentials does the Advanced edition offer some additional features. The following table provides an overview of the included protection capabilities:

Feature comparison between Intercept X Essentials and Intercept X Advanced

The protection features listed above were completely missing from Endpoint and Server Protection, yet they are precisely what is needed to withstand today’s threats.

Removed features

In our view, Sophos has put the focus on the right capabilities with Intercept X Essentials to create an entry‑level product for protecting endpoints and servers. Anyone who has used the previous base products “Endpoint Protection” or “Server Protection” will see from the table above that some features have been removed. The following functions are now only available with Intercept X Advanced or higher:

Features missing in Intercept X Essentials
  • Multiple policies: With Intercept X Essentials, only the base policy can be used. Duplicating policies is not possible.
  • Controlled updates: With Intercept X Essentials, agent updates cannot be deferred.
  • Web control: With Intercept X Essentials, access to unwanted websites cannot be blocked.
  • Peripheral control: With Intercept X Essentials, it is not possible to restrict which devices may be connected.
  • Application control: With Intercept X Essentials, it is not possible to control which types of applications may be installed and run.
  • Data loss prevention: With Intercept X Essentials, there is no way to restrict which sensitive data may leave the company.
  • Threat case: With Intercept X Essentials, access to threat cases is not available.

The absence of the above features in Intercept X Essentials is also the reason why existing customers are being upgraded to Intercept X Advanced free of charge. Apart from the additional security functions, a move to Intercept X Essentials would otherwise have been more of a downgrade for existing customers.

Conclusion

As already mentioned several times in this article, we fully agree with Sophos’ strategy. It was high time to end the sale of Endpoint and Server Protection licenses, as they no longer offered adequate protection against modern threats. For purely signature‑based detection, one could just as well have installed the free Microsoft Defender or similar products.

With the new baseline products Intercept X Essentials and Intercept X Essentials for Server, Sophos will, in our view, appeal to an estimated 90% of the customers who have so far used Endpoint or Server Protection. Whether this estimate is too optimistic will become clear in the coming months. We believe, however, that malware protection and attack detection belong in the baseline edition of endpoint/server security software more than, for example, peripheral or application control. Organizations that need such features can obtain them by moving to Intercept X Advanced or higher.

The only real downside we see with Intercept X Essentials is the price. In our opinion, Sophos has missed an opportunity to offer a truly low‑cost entry point. The price difference to Intercept X Advanced is relatively small, which makes the additional features such as web control, application control and peripheral control appear less valuable. At the same time, there is a risk that many Intercept X Advanced customers will downgrade to Intercept X Essentials at the next renewal. It would not be surprising if quite a few customers have not used any of the additional functions so far. 🤔

David

David

David is responsible for content, structure, and digital implementation at Avanet. His focus is on making complex technical topics clear, precise, and search-friendly.