Shopping Cart

No products in the cart.

Intercept X Essentials – The new basic protection for clients & servers

Sophos has partnered with Intercept X Essentials (CIXE) and Intercept X Essentials for Server (SVRCIXE), two new Central licenses intended as entry-level products for client and server protection. However, the introduction of these two new licenses also means the end of Central Endpoint Protection (CEP) and Central Server Protection (SVRC), which were previously intended as a cost-effective entry point.

Before I tell you more about Intercept X Essentials, I’ll first do a little education for those customers who still have active Central Endpoint Protection or Server Protection licenses.

Central Endpoint and Server Protection go end-of-sale

It’s no longer a secret that standard Central Endpoint Protection or Server Protection are no longer sufficient to protect against today’s threats. “Ransomware” is still one of the biggest security threats in 2021, and signature-based solutions are simply powerless against it. To stand up to modern threats like ransomware, it needs features like deep learning, antiransomware, and anti-exploit, at a minimum.

Sophos has consistently said in its presentations that they would recommend at least Intercept X Advanced as basic protection to everyone. Despite these statements, however, Endpoint and Server Protection licenses continued to be offered. This is now over and Sophos is removing the two obsolete products from its range with immediate effect.

What existing CEP and SVRC customers need to know

Existing customers who currently have active licenses of Central Endpoint or Server Protection will be migrated by Sophos to Intercept X Advanced and Intercept X Advanced for Servers free of charge during September/October. If your licenses expire before this migration, it is still possible to order a renewal. Only the new purchase of the two products is no longer allowed.

So for the remainder of the purchased term, existing customers keep all the features of CEP or SVRC and even get advanced technologies from Intercept X Advanced for free.

At the end of the term, it is up to you whether you want to continue to renew for Intercept X Advanced / Intercept X Advanced for Server or perhaps even upgrade to EDR or MTR. Alternatively, you can choose to downgrade to Intercept X Essentials / Intercept X Essentials for Server. What such a downgrade would exactly mean and which features you would have to do without, you will learn in the next section.

Intercept X Essentials / Intercept X Essentials for Server

By stopping the sale of Endpoint and Server Protection, Sophos has, in our view, plugged a major security gap in its product portfolio. We see it all the time that when customers are deciding between two products, they prioritize cost over the actual protection a product can provide. For this reason, customers were happy to choose Endpoint or Server Protection because it was simply more affordable price-wise compared to Intercept X Advanced. However, in the next ransomware attack, these two solutions would not have been able to do anything because they lack important features, such as deep learning, anti-ransomware and anti-exploit.

With Intercept X Essentials, Sophos has recognized that while it still needs an affordable entry-level product, the smaller price tag should by no means come at the expense of a lack of security features.

Modern protection against threats

When it comes to threat protection, Intercept X Essentials and Intercept X Essentials for Servers give you the exact same tools as Intercept X Advanced. Only if you want to protect your servers with Intercept X Essentials, the Advanced variant offers additional features. In the following table you can get an overview of the included protection features:

The protection features listed above were not found in Endpoint and Server Protection, but these are exactly what is needed to survive against today’s threats.

Cancelled functions

In my eyes, Sophos has focused on the right features with Intercept X Essentials to create an entry-level product for protecting clients and servers. Those who previously used the former base product “Endpoint Protection” or “Server Protection” will notice when looking at the table above that some features have been removed. The following functions are only available with Intercept X Advanced or higher:

  • Multiple Policies: With Intercept X Essentials, you can use only the base policy. It is not possible to duplicate policies.
  • Controlled Updates: With Intercept X Essentials, an update of the agent cannot be delayed.
  • Web Control: With Intercept X Essentials, access to undesirable websites cannot be denied.
  • Peripheral Control: Intercept X Essentials does not allow you to restrict which devices you can connect.
  • Application Control: Intercept X Essentials cannot control what types of applications are installed and run.
  • Data Loss Prevention: With Intercept X Essentials, you can’t restrict what sensitive data leaves your organization.
  • Thread Case: Access to threat cases is not possible with Intercept X Essentials.

The fact that the features listed above are missing from Intercept X Essentials is also the reason why existing customers are upgraded to Intercept X Advanced for free. Apart from the additional security features, switching to Intercept X Essentials would have been more of a downgrade for existing customers.


As pointed out several times in this article, I agree 100% with Sophos’s strategy. It was high time to stop selling Endpoint and Server Protection licenses, as protection against modern threats was no longer enough. For a purely signature-based detection, one could have installed the free Microsoft Defender or similar products right away.

With the new basic products Intercept X Essentials and Intercept X Essentials for servers, I estimate that 90% of Sophos’s customers will use endpoint or server protection. Whether I am going too far out on a limb with this assertion will certainly become clear in the coming months. However, I think that protection against malware and the detection of attacks belong more to the basic version of endpoint/server security software than, for example, peripheral or application control. Those who need such features will get them when switching to Intercept X Advanced or higher.

However, the only flaw I see with Intercept X Essentials is the price. In my opinion, Sophos has missed an opportunity here to really offer an affordable entry-level product. I see the price difference to Intercept X Advanced as too small, which at the same time makes the additional features, such as “Web Control”, “Application Control”, “Peripheral Control” etc. seem somewhat worthless. At the same time, there is a risk that many Intercept X Advanced customers will downgrade to Intercept X Essentials at the next renewal. I can imagine that there are some customers after all who have not used any of the additional features so far. 🤔


David is responsible for order processing in our online store so that products and licenses are delivered quickly and efficiently. He provides our customers with comprehensive support in selecting the right Sophos product. David has in-depth knowledge of all Sophos products and provides specialized support for the Sophos Central segment.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.