Sophos Cloud Optix is available in two licenses, Cloud Optix Advanced and Cloud Optix Standard. Cloud Optix Standard is included in the following Intercept X Advanced for Server licenses:
- Intercept X Advanced for Server
- Intercept X Advanced for Server with XDR
- Intercept X Advanced for Server with MTR Standard
- Intercept X Advanced for Server with MTR Advanced
From 1st June 2022, Cloud Optix Standard customers benefit from a range of new capabilities and changes to the number of environments that may be monitored.
Which features are affected?
Cloud Optix Standard will now include all the major features of Cloud Optix Advanced such as network and IAM visualization, and container image scanning. The changes to feature availability are highlighted in the table below:
|
Feature |
Current Standard |
New Standard |
Advanced |
|
Cloud environment monitoring: AWS, Azure, GCP, Kubernetes, IaC and Docker Hub registries |
Unlimited |
One per provider |
Unlimited |
|
Security Monitoring |
Daily and on-demand scans |
Daily scans |
Scheduled, daily and on-demand scans |
|
Asset Inventory |
Yes |
Yes |
Yes |
|
Advanced Search Capabilities |
Yes |
Yes |
Yes |
|
AI-powered Anomaly Detection |
Yes |
Yes |
Yes |
|
SophosLabs Intelix Malicious Traffic Alerts |
Yes |
Yes |
|
|
Email Alerts |
Yes |
Yes |
Yes |
|
AWS Native Service Integrations |
Yes |
Yes |
Yes |
|
Azure Native Service Integrations |
Yes |
Yes |
Yes |
|
Cloud Workload Protection: Sophos Intercept X Server agent discovery |
Yes |
Yes |
Yes |
|
Cloud Workload Protection: Automatic Sophos Intercept X Server agent removal |
Yes |
Yes |
Yes |
|
Compliance Policies and Reports |
CIS Benchmarks |
CIS Benchmarks |
CIS Benchmarks, ISO 27001, EBU R 143, FEDRAMP FIEC, GDPR, HIPAA, PCI DSS, SOC2, Sophos Best Practices |
|
Custom Policies |
|
Yes |
|
|
Network Visualization |
|
Yes |
Yes |
|
IAM Visualization |
|
Yes |
Yes |
|
Spend Monitor |
|
Yes |
Yes |
|
Alert Management Integrations |
|
Yes |
Yes |
|
SIEM Integrations |
|
Yes |
Yes |
|
Rest API |
|
Yes |
Yes |
|
Infrastructure-as-Code Template Scanning |
|
Yes |
Yes |
|
Environment Access Control |
|
|
Yes |
|
Container image scanning |
|
Yes |
Yes |
|
Sophos XDR integration* |
|
Yes |
Yes |
How Cloud Optix measures environments
In the same update, the number of cloud provider environments that can be monitored by Cloud Optix Standard will change from multiple environments to one environment per cloud provider. This is defined as:
- 1x Amazon Web Services (AWS) account
- 1x Microsoft Azure (Azure) subscription
- 1x Google Cloud Platform (GCP) project
- 1x Kubernetes cluster
- 1x GitHub Infrastructure-as-code repository
- 1x BitBucket Infrastructure-as-code repository
- 1x Jenkins Infrastructure-as-code environment
Notes:
- A customer may onboard multiple Amazon Elastic Container Registries (ECRs) within one AWS account, and multiple Microsoft Azure Container Registries (ACRs) within one Azure account.
- Usage of the Cloud Optix API for Container Image and Infrastructure-as-Code (IaC) template scanning is limited to scanning one Container Image/Repository or one IaC template.
When will the change take effect?
The license change will go live for new and existing Cloud Optix Standard subscriptions on the following schedule.
|
Product |
Email communication date |
License change date |
|
Cloud Optix |
||
|
Standard (New Customers and Free Trials) |
2 May 2022 |
1 June 2022 |
|
Standard (Existing Customers) |
2 May 2022 |
1 June 2022 |