The fact that their product is SaaS based, and a multi platform solution for OS X and Windows was the primary draw for us in 2013. At the time Sophos was the only option on the market that hit those two criteria. Their virus definitions on a good day will block/find most threats.
Horrible QA for releasing new features. Their update servers are regularly crashing, or simply not accessible. Their endpoints will only update 75% of the time.
Their Support Organization is horrible at responding in a timely fashion, they're poorly trained, and often respond with generic canned FAQ pages that are irrelivant to the issue.
Their dashboard has regular outages.
Their user management is simply not scalable. No means of bulk removing old devices/users from the dashboard. The results are disastrous over a long period of time - requiring a concerted effort on the part of the IT staff to simply maintain accurate reporting on current users.
We gave up a long time ago trying to reconcile actual users and installations through the Sophos Dashboard due to duplicates or erroneous username/hostname reporting.
Their automated email alerts to admins are inconsistent, often times not reporting threats, or missing days at a time.
No option for catering what type of messages you want reported via email. It's all or nothing.
They lack SAML admin controls for logging into the dashboard. There's no password rules (expiration, age, lockout, etc).
They're a good product, and better than any of the other alternatives on the market for SaaS based multiplatform AV. I'd suggest giving them a look despite all the issues I've detailed in my review.
At the end of the day if you can get Sophos on all your endpoints, you'll more than meet the AV requirements in your security stack. Their redeeming features are their AV definitions and extremely low percentage of false positive reporting.