Cloud Optix Tech Specs
Cloud Optix delivers the continuous analysis and visibility organizations need to detect, respond, and prevent security and compliance gaps that leave them exposed. This provides a single view of security posture across AWS, Azure, Google Cloud, Kubernetes, and Infrastructure-as-Code environments.
Extending Cloud Workload Protection with CSPM
Sophos Intercept X Advanced for Server protects server instances running in the cloud from the latest threats, and by including Cloud Optix Standard, organizations will extend security to visibility of those instances, containers, serverless and more, while identifying vulnerabilities to optimize security posture.
| Cloud Optix Standard | Cloud Optix Advanced | |
|---|---|---|
| Cloud Environments | ||
| Amazon Web Services, Microsoft Azure, Google Cloud Platform, Kubernetes, IaC, Docker Hub | One Environment Per Provider (AWS, Azure, GCP, Kubernetes, IaC, Docker Hub) |
Unlimited |
| Cloud Optix Standard | Cloud Optix Advanced | |
|---|---|---|
| Security Best Practice Scanning | ||
| Configurable Security Scans | On-demand | Configurable and On-demand |
| Security Best Practice Policy Assessments (Custom, CIS Benchmarks, ISO 27001, Sophos Best Practices, EBU R 143, FEDRAMP) |
CIS Benchmarks | |
| Automatic Remediation (Guardrails) |
||
| Anomaly Detection – Network Traffic | ||
| Anomaly Detection – User Login Behavior | ||
| Anomaly Detection – Timeline of high-risk user role behavior | ||
| High-risk Events Detection (AI-based security overlay for Activity Logs) |
||
| Credential Compromise Detection | ||
| Intercept X Advanced for Server Integration: Agent discovery | ||
| Intercept X Advanced for Server Integration: Automatic agent removal from Sophos Central Admin |
| Cloud Optix Standard | Cloud Optix Advanced | |
|---|---|---|
| Compliance Best Practice Scanning | ||
| Configurable Compliance Scans | ||
| Compliance Best Practice Policy Assessment (Custom, FIEC, GDPR, HIPAA, PCI DSS, SOC2) |
||
| Alert Suppression (Hide alerts via a simple checkbox) |
||
| Compliance Exception Handling (Suppressed alerts apply to future scans) |
||
| Integration with Communication and Workflow Systems (e.g. JIRA, ServiceNow, and Splunk) |
| Cloud Optix Standard | Cloud Optix Advanced | |
|---|---|---|
| Monitoring | ||
| Inventory – Hosts, Containers, Network, Storage | ||
| Inventory – IAM Users, Activity Logs, Serverless Functions | ||
| Container Image Scanning (Amazon Elastic Container Registries (ECR), Microsoft Azure Container Registries (ACR), Docker Hub registries, GitHub and Bitbucket IaC environments, and via API) |
||
| Network Topology Visualization with AI-based Database Identification | ||
| Over-privileged User Detection | ||
| IAM Visualization (Relationships between IAM Roles, IAM users, and services) |
||
| Spend Monitoring, Alerts, and Optimization Recommendations |
| Cloud Optix Standard | Cloud Optix Advanced | |
|---|---|---|
| Devsecops | ||
| Infrastructure-as-Code (IaC) Template Scan for Insecure Configuration | ||
| Infrastructure-as-Code (IaC) Template Scan for Embedded Secrets and Keys | ||
| Source Code Management Integration for CI/CD (e.g. GitHub, BitBucket) |
||
| Cloud Optix IAC REST API (Scan IAC templates regardless of what code repository is used) |
||
| Container Image Scanning (Amazon Elastic Container Registries (ECR), Microsoft Azure Container Registries (ACR), Docker Hub registries, GitHub and Bitbucket IaC environments, and via API) |
| Cloud Optix Standard | Cloud Optix Advanced | |
|---|---|---|
| Integrations | ||
| Sophos XDR integration - extend data sources with AWS, Google Cloud Platform and Microsoft Azure cloud environment data sources. (Requires Cloud Optix Advanced and Intercept X Advanced for Server) |
||
| Cloud Providers (New Amazon Inspector, AWS Security Hub, Amazon GuardDuty, AWS CloudTrail, New Amazon Inspector, Amazon Macie, AWS Systems Manager and Patch Manager, AWS Firewall Manager, AWS IAM Access Analyzer, AWS Trusted Advisor, Amazon Detective, Azure Sentinel and Azure Advisor) |
||
| Splunk SIEM (Receive instant notifications of security events) |
||
| Azure Sentinel (Receive instant notifications of security events) |
||
| Pager Duty (Receive instant notifications of security events) |
||
| Slack (Raise instant alerts to a chosen Slack channel) |
||
| Microsoft Teams (Raise instant alerts to a chosen team) |
||
| Amazon SNS (Raise instant alerts to a chosen SNS topic) |
||
| JIRA (Create tickets from inside the Cloud Optix console for alerts) |
||
| ServiceNow (Create tickets from inside the Cloud Optix console for alerts) |
||
| GitHub (Scan Infrastructure-as-Code templates in GitHub repositories) |
||
| BitBucket (Scan Infrastructure-as-Code templates in Bitbucket repositories) |
||
| Jenkins (Raise IAC scan results via API directly in the Jenkins build pipeline) |
