SOPHOS vs WEBROOT – Why you need to Evolve your device security

As your current antivirus software supplier, we feel the need to advise our customers still using Webroot that Evolve Technologies now recommends a different and more comprehensive solution. Since Webroot was rolled out, the threat landscape has changed greatly and unfortunately, Webroot has not kept up to speed with the new methods of cyberattack. Webroot gives basic antivirus, antimalware and web site protection. The standard Sophos endpoint product has 7 different layers of protection to ensure your systems are kept secure and infections/infiltrations are stopped ASAP before they can start to infect.

In order to protect your systems, you need them protected 100% of the time. A hacker only needs to be right 1% of the time to gain access. Why use a solution that isn’t protecting 100%?

Sophos gives us more visibility into your network traffic. We can’t protect what we can’t see.

Evolve has chosen the Sophos security suite of products to protect your data.

The Sophos products Evolve recommends include:

  • Sophos Intercept X Advanced: This is the Endpoint (PC/laptop) protection and replaces Webroot.
  • Sophos Server Advanced with Intercept X: This is the server-side protection that replaces Webroot.
  • Sophos Device Encryption: This is mainly used for laptops but can be used on Windows PC too. This encrypts your hard drive so if your computer is lost or stolen, your data stays protected. This prevents your business from having to lodge a data breach if the device contains company privacy data. Without the unlock code that you set, the data can never be accessed, even when removing the hard drive from the machine.
  • Sophos Mobile Security Advanced: This is antivirus and mobile management for your company mobile phones. Minimum security configuration, remote app install, suspect app alerting and a separate personal/work workplace can be set to keep your data separate are just some of the features this can perform.
  • Sophos XG Firewall: A physical or Virtual Firewall appliance that allows granular application layer filtering of your network and hand in hand protection with the endpoint protection.

Why is Sophos better than Webroot?

  • Sophos offers more to reduce exposure to threats – Webroot Endpoint has web filtering, but lacks other features such as device control, application control, and data loss prevention.
  • For any threats that do reach the endpoint, Intercept X Advanced delivers more comprehensive threat protection.
  • Sophos uses industry leading deep learning technology to block malware – Webroot uses some form of machine learning, but there is little to validate the strength of protection.
  • Webroot has some level of exploit protection, but provides little information on the actual range of techniques used – there is nothing to suggest it has anything like the depth of exploit prevention of Intercept X
  • Webroot includes a ‘Journaling’ feature designed to detect suspicious behaviour and roll back files to a previous state. This means if your system somehow gets infected by a new variant of a Ransomware attack, it will monitor files being encrypted and kill that process as well as roll back the encrypted files to the unencrypted state.
  • SecureAnywhere does not provide root cause analysis or broader EDR functionality.
  • It does not provide the ability to remotely isolate a machine from the network if an infection is found
  • Clients who can’t connect to the cloud will receive substantially reduced protection – the client stores only a very small subset of anti-malware definitions, which may lead to problems with missed detections or false positives.
  • Server protection – Webroot does not offer Linux protection, limiting its usefulness in cross-platform environments – there is also no equivalent of Sophos’ Server Lockdown, AWS visualization or File Integrity Monitoring (FIM) features
  • Some of the policy settings and options reveal Webroot’s focus on home users and small businesses – e.g. ability to empty recycle bin or delete temporary folder of client machines.
  • Webroot doesn’t have firewall products, encryption, or full mobile management – meaning it cannot begin to offer the level of protection that Sophos can with Synchronized Security. When Sophos Endpoint is combined with a Sophos XG firewall, the firewall and endpoint talk together to provide a full network protection suite.

Lack of 3rd party validation:

  • Webroot has recently dropped out of SE Labs testing after a string of tests where it ranked near the bottom. Most recently (Oct-Dec 2018), it received the lowest rating award ‘C’ – Sophos has consistently achieved the top AAA rating.
  • Webroot did not make it into the 2018 Forrester Wave Endpoint Security Suites report. In contrast, Sophos was marked a Leader.

Other notes

  • Webroot focuses on the low system impact of its client. The agent installs quickly, and only has one service running, which may add to customer perception of a lightweight product. Unfortunately, this light weight agent means light weight protection too.
  • The Webroot endpoint client cooperates with the Windows Firewall: it allows the firewall to operate as normal, but adds an additional feature to look at outbound traffic. No granular control (e.g. block/open certain ports) is available.
  • Sophos Web Appliance and the Web Protection module of XG and UTM provide extensive web filtering at the network level.
  • The Advanced Threat Protection module in Sophos UTM and XG Firewall monitors domain name lookups (and other types of traffic) to block malicious connections like those used for command & control. A command & control server is used by hackers to launch attacks and receive results of the attacks.


Would you like to know which staff in your firm are your IT risks?

Sophos has phishing tests that can be sent out to see which of your staff need more training in identifying fake emails trying to steal your passwords and your company data.



Evolve Technologies have been using Sophos products in house for over a year now and have implemented all the above products themselves in house. All our PC’s, laptops and servers are protected by Sophos Intercept X, we have an XG135 firewall protecting our own network, all our company issued laptops are encrypted and all management staff use Sophos Mobile.

We have rolled out Sophos to many of our clients already and none of them has had a single successful infection since.

With Webroot, the hackers are still finding ways into bypass, disable and infiltrate the system. We feel if you take your IT security seriously and want an industry leading solution to protect your data, move to Sophos and have that piece of mind you’re protected.

For a limited time, Evolve are offering our fully managed clients a free migration from their existing security solution to the Sophos suite. You just pay for the product.

Please contact Evolve to have a quote prepared to suit your needs.


The future belongs to those who Evolve.

Enquire Now