Cloud Optix Standard Cloud Optix Advanced
Cloud Environments    
Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Kubernetes tick tick
Security Best Practice Scanning    
Configurable Security Scans Daily and On-demand Configurable and On-demand
Security Best Practice Policy Assessments
(Custom, CIS Benchmarks, ISO 27001, Sophos Best Practices, EBU R 143, FEDRAMP)
CIS Benchmarks tick
Automatic Remediation
(Guardrails)
tick tick
Anomaly Detection – Network Traffic tick tick
Anomaly Detection – User Login Behavior tick tick
High-risk Events Detection
(AI-based security overlay for Activity Logs)
tick tick
Credential Compromise Detection tick tick
Intercept X Advanced for Server Integration: Agent discovery tick tick
Intercept X Advanced for Server Integration: Automatic agent removal from Sophos Central Admin tick tick
Compliance Best Practice Scanning    
Configurable Compliance Scans   tick
Compliance Best Practice Policy Assessment
(Custom, FIEC, GDPR, HIPAA, PCI DSS, SOC2)
  tick
Alert Suppression
(Hide alerts via a simple checkbox)
  tick
Compliance Exception Handling
(Suppressed alerts apply to future scans)
  tick
Integration with Communication and Workflow Systems
(e.g. JIRA, ServiceNow, and Splunk)
  tick
Monitoring    
Inventory – Hosts, Containers, Network, Storage tick tick
Inventory – IAM Users, Activity Logs, Serverless Functions tick tick
Container Image Scanning
(Amazon Elastic Container Registries (ECR), Microsoft Azure Container Registries (ACR), Docker Hub registries, GitHub and Bitbucket IaC environments, and via API)
  tick
Network Topology Visualization with AI-based Database Identification   tick
Over-privileged User Detection   tick
IAM Visualization
(Relationships between IAM Roles, IAM users, and services)
  tick
Spend Monitoring, Alerts, and Optimization Recommendations   tick
Devsecops    
Infrastructure-as-Code (IaC) Template Scan for Insecure Configuration   tick
Infrastructure-as-Code (IaC) Template Scan for Embedded Secrets and Keys   tick
Source Code Management Integration for CI/CD
(e.g. GitHub, BitBucket)
  tick
Cloud Optix IAC REST API
(Scan IAC templates regardless of what code repository is used)
  tick
Container Image Scanning
(Amazon Elastic Container Registries (ECR), Microsoft Azure Container Registries (ACR), Docker Hub registries, GitHub and Bitbucket IaC environments, and via API)
  tick
Integrations    
Cloud Providers
(Amazon SNS, Amazon GuardDuty, AWS CloudTrail, IAM Access Analyzer, Amazon Detective, Amazon Inspector, AWS Systems Manager, Amazon Elastic File System, AWS Trusted Advisor, Azure Sentinel, Azure Advisor)
Amazon GuardDuty, AWS CloudTrail, IAM Access Analyzer, Amazon Detective, Amazon Inspector, AWS Systems Manager, Amazon Elastic File System tick
Splunk SIEM
(Receive instant notifications of security events)
  tick
Azure Sentinel
(Receive instant notifications of security events)
  tick
Pager Duty
(Receive instant notifications of security events)
  tick
Slack
(Raise instant alerts to a chosen Slack channel)
  tick
Microsoft Teams
(Raise instant alerts to a chosen team)
  tick
Amazon SNS
(Raise instant alerts to a chosen SNS topic)
  tick
JIRA
(Create tickets from inside the Cloud Optix console for alerts)
  tick
ServiceNow
(Create tickets from inside the Cloud Optix console for alerts)
  tick
GitHub
(Scan Infrastructure-as-Code templates in GitHub repositories)
  tick
BitBucket
(Scan Infrastructure-as-Code templates in Bitbucket repositories)
  tick
Jenkins
(Raise IAC scan results via API directly in the Jenkins build pipeline)
  tick
icon-documentation

Learn More

Find additional information in our datasheet.

sophos-community-chat-bubbles-icon

Sophos Community

Find full system requirements for products.

Get Started Today

Sophos News