Enhancing EDR in The Cloud

We are excited to announce that Intercept X for Server Advanced with EDR has been enhanced with powerful cloud visibility features from Cloud Optix.

In addition to even more detail on AWS, Azure and GCP cloud workloads, this integration gives Sophos partners and customers critical insight into their wider cloud environment including security groups, hosts, shared storage, databases, serverless, containers and more.


See complete cloud environments

The accessibility of the public cloud is a double-edged sword: while it enables teams to spin up new resources in minutes, it also makes it hard for IT and Operations teams to keep track of everything running that needs to be secured.

With Sophos it’s now easy. With Server EDR you now get details of your entire cloud infrastructure across different public cloud providers on one screen, in a single management console. You can dive directly into assets to get more detail asset inventory and cloud security posture.


Secure your complete cloud environment

Automated scans will detect any insecure deployments, with guided recommendations on how to fix potential issues. Additionally, guardrails can be deployed to lockdown configurations, ensuring that they can’t be accidentally or maliciously tampered with and left in an unsafe state.

AI intelligence tracks normal behavior patterns, looking for any suspicious activity such as anomalous traffic patterns or unusual login attempts to cloud accounts, and issues are flagged, and prioritized by risk level if they require manual intervention.


Here’s the full list of what’s available:

  • Cloud asset inventory – see a detailed inventory of your entire cloud infrastructure (e.g. cloud hosts, serverless functions, S3 buckets, databases and cloud workloads), eliminating the need for time-consuming manual collation
  • Access and traffic anomaly detection – unusual login attempts, and suspicious traffic patterns are automatically detected and blocked or flagged to the admin as appropriate
  • Security scans – daily and on-demand scans monitor your cloud environment to ensure its on-going security. Issues are automatically resolved where possible, with admin notification if manual intervention is required
  • Configuration guardrails – stop accidental or malicious tampering with configurations that could negatively impact security posture
  • Compliance policies – ensure that your cloud environment conforms to Center for Internet Security (CIS) best practices, helping keep your security posture at its best
  • Alert management integrations – receive email notifications when manual intervention is required


Powerful cloud visibility at no extra cost

This exciting new cloud functionality is available to all Intercept X Advanced for Server with EDR customers at no additional cost. The following three term license types will all benefit from this boost!

  • Intercept X for Server Advanced with EDR (SVRCIXAEDR)
  • Intercept X for Server Advanced with MTR Standard (SVRCIXAMTR-STD)
  • Intercept X for Server Advanced with MTR Advanced (SVRCIXAMTR-ADV)

Activation of the Cloud Optix capabilities is extremely intuitive for Sophos Central customers. Best of all - no additional license key will be required for activation. Cloud Optix menu links will be displayed automatically in the Central Admin console for customers with eligible licenses and navigating to Cloud Optix will present the “Cloud Optix for EDR” feature-set.

Customers can Log into the Sophos Central console, select Cloud Optix and you can get started right away.

Current customers using Sophos Central that would like to try out this new functionality, in addition to the recently released EDR IT operations and threat hunting capabilities can start a trial from within the Sophos Central console.

If you don’t have a Sophos Central account you can register for a trial on Sophos.com.