Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

AWS AMI deployment options

Support for deployment of the NDR Sensor in AWS AMI for all NDR and XDR/MDR Customers with a licensed integration pack that requires a log collector. licensed customers.

When will this be available for my use?

We are expecting to make the AMI image download and deployment available by the end of day Feb 15 2024

What is AWS AMI?

Amazon Machine Image (AMI) is a pre-configured virtual machine image used to create Amazon Elastic Compute Cloud (EC2) instances within the Amazon Web Services (AWS) environment. An AMI contains the necessary information to launch an instance, which includes the operating system, application server, and any additional software required to run your application.

Does the AWS AMI also support the Log Collectors for 3rd party integrations?

Yes the AMI appliance can host NDR, Integration Log Collectors or both

Why deploy NDR as an AMI Image?

Deploying a Sophos Network Detection and Response (NDR) sensor as an Amazon Machine Image (AMI) in AWS can offer several advantages for organizations looking to enhance their network security.

Here are some reasons why deploying the Sophos NDR sensor in AWS as an AMI could be beneficial:

  • Cloud-native Security Monitoring:

    • AWS-native NDR sensors can provide visibility into the network traffic and security events within your AWS environment. This is crucial for monitoring and securing cloud-based workloads.
    • If the NDR Sensor is external to the AWS environment then the network traffic has to be routed to the external NDR sensor at a significant data transfer cost.
  • Scalability:

    • Deploying an NDR sensor as an AMI allows you to scale your security monitoring capabilities based on the growth of your AWS infrastructure. You can easily launch multiple instances of the sensor to cover larger environments or increasing workloads.
    • Each deployed sensor can support 1GBS network traffic via a span/rspan configuration.
  • Real-time Threat Detection:

    • Sophos NDR monitors both encrypted and un-encrypted network traffic in real-time, detecting and alerting on potential security incidents.

INSTALL VIDEO: In this video we cover what to do in central to generate the AMI cloud formation JSON to configuring AWS and setting up a connection to monitor traffic.



The Sophos ASW/AMI documentation section is currently live:

NDR AMI Install Instructions

AWS Marketplace:

AWS Marketplace - Sophos NDR

Sophos NDR Product Video: