Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

The Cloud Optix product team has been hard at work delivering a host of great enhancements to the Cloud Optix service over the November-December period. Check out these latest updates below – all included with your existing Cloud Optix license.


Cloud Optix Management Enhancements

  • Cloud Optix is now live on Sophos Central
    Integrated into Sophos Central, access to Cloud Optix is seamless, with no separate sign up required. Read more here
  • Sync and Scan on-demand
    In addition to configurable scheduled security and compliance benchmark scans, customers can now also initiate a sync at any time for a specific cloud environment.
  • Shareable short URLs for search results and inventory pages
    The ability to create a shareable short URL from any inventory or search results page is now available. Sharing this link with another user on the same account will enable the other user to see the same results. 
  • Extended browser support
    The Cloud Optix console now supports a wider range of browsers – adding support for Safari on Mac, Edge, and IE11 web browsers
  • Cloud Optix Audit logs
    A new Audit Logs page in ‘Settings’ now allow users to view administrative actions including logins, user additions, policy changes/additions/deletions etc.). This includes a date range selector and search field (e.g. search for a specific policy name to see when changes have been made to that policy, and by whom).
  • Custom Policies: Rule Search
    When creating a new custom policy or customizing an out-of-the-box policy, customers can now search for rules using a free-text search field, making it easy to find available rules for custom policies E.g. search for "S3" to return all rules that have S3 in the rule summary.
  • Deep links to AWS console from Alerts (for EC2, RDS and Security Groups)
    Making it easier for customers to find and remediate issues relating to resources in their AWS environments, Cloud Optix Alerts now include deep links directly to the affected resources in the customer's AWS console.


Infrastructure-as-Code (IaC)

  • IaC Scan API
    Customers can now integrate Infrastructure-as-Code template scanning into their development processes and CICD pipelines, using Cloud Optix’ new REST API. In addition to our existing integrations with GitHub and Bitbucket, the new API makes our innovative proactive template assessment capabilities available to customers using a range of tools and processes. 


New Features for Cloud Provider Services

  • High-risk AWS CloudTrail events (AI)
    Cloud Optix now uses AI to profile activity and highlight events from AWS CloudTrail logs (via the Activity Logs inventory page) that are considered potentially risky. For example, when an IAM entity makes a type of change that it has never made before.
  • Terraform 0.12 on-boarding for AWS accounts
    AWS accounts can now be added to Cloud Optix using the latest version of Terraform (v0.12)
  • Updated CIS Benchmark policy
    The AWS CIS benchmark policy has been updated to v1.2, and v1.1 for Azure


Integration Enhancements

  • Splunk integration enhancement
    Cloud Optix now sends additional information to Splunk via our integration. This includes the environment name for anomaly alert data, as well as the full alert json output.


Coming Soon!

There’s plenty to get excited about next quarter (spoiler alert!). Here are just a few examples of exciting new features up our sleeve:

  • IAM topology visualization (easily view which users and roles have access to services and identify overprivileged users). Now in Preview.
  • Support for Amazon Elastic Kubernetes Service (EKS). Now in Preview.
  • Security-focused Spend Monitoring and Alerting for AWS, Azure and GCP. Now in Preview.
  • Add AWS accounts using CloudFormation, including multi-account on-boarding using StackSets
  • …and more