We’ve been hard at work delivering a plethora of great enhancements to the Sophos Cloud Optix service over the July-September period. We’re moving fast, so make sure you keep up with the latest updates to Sophos’ latest offering for the public cloud.


Cloud Optix management enhancements

  • Refreshed environment on-boarding instructions. The design and content of the 'Add your cloud environment' screen has been refreshed to make the instructions easier to understand and follow.
  • Search Cloud Optix Alerts. Search the alerts page to quickly find issues based on keywords.
  • Compliance policy templates are now loaded automatically. For an improved trial experience, all Cloud Optix compliance policies are now loaded into the account automatically, before adding an environment.
  • Automated welcome emails. Cloud Optix now sends a welcome email once a new account is activated, providing details on how to get started, and where to go for help if you need it. We’ve also added a ‘Getting started’ screen to the console.
  • Session timeout. The Cloud Optix console will now timeout eight hours after login (previously the timeout was after eight hours of inactivity).
  • Option to include remediation steps in PDF reports. Customers can now choose to include remediation instructions in the downloadable PDF compliance reports. 


New features for Amazon Web Services

  • Support for the AWS Asia Pacific (Hong Kong) region. Allowing Cloud Optix accounts to pull data from AWS environments running in the Asia Pacific (Hong Kong)  ap-east-1 region. 
  • IAM credential compromise detection. Detects and alerts when temporary credentials for an IAM role that is assigned to a specific EC2 instance, is used from a different resource. This technique was used in a recent highly publicized attack.
  • Amazon SNS integration. Push Cloud Optix alerts to an Amazon Simple Notification Service (SNS) topic, to trigger email and text alerts, and for onward integrations into other systems e.g. ticketing.
  • Inferred ELK stack. The AWS topology visualization can now show where Cloud Optix infers that EC2 instances are running Elasticsearch, Logstash and Kibana (ELK) applications.
  • Global search enhanced for AWS. The search box at the top of the console now supports new search options for AWS, enabling customers to find specific resources with ease.
  • Coming soon: High-risk activity logs. Our latest AI-powered feature. Cloud Optix uses machine learning to profile activity using AWS CloudTrail logs, and determine whether certain activity may be ‘high-risk’ based on previous activity.
  • Coming soon: Over-privileged IAM users. Cloud Optix highlights IAM users that have access to AWS services that they do not regularly use, providing an opportunity for customers to reduce risk by reviewing and removing access permissions.


New features for Microsoft Azure

  • Azure Functions (Serverless). Cloud Optix now provides an inventory of Azure Functions, along with specific security checks in the Azure benchmark compliance policy.
  • On-boarding script now supports separation of duties. Adding Azure subscriptions to Cloud Optix can now be completed in two stages by different users in the customer's organization. Ideal for customers where one individual does not have all of the Azure roles required to set up Cloud Optix.
  • New security checks for Azure App Service. New security checks for Azure App Service have been added to the "Sophos Cloud Optix Best Practices" benchmark policy.
  • New compliance policy template. Cloud Optix now includes an out-of-the-box policy for ISO27001 for Microsoft Azure.
  • Global search now supports Azure. The search box at the top of the console now supports search options for Azure, with the ability to search for Hosts, Databases, Users, Security Groups and Storage resources.

New features for Google Cloud Platform (GCP)

  • Google Kubernetes Engine (GKE). GKE clusters can now be added to Cloud Optix, providing visualization of GKE nodes, comprehensive inventory of Clusters, Nodepools, Nodes, Pods, Containers and more, and new security benchmark checks specifically for Kubernetes Engine.
  • New compliance policy templates. Cloud Optix now includes an out-of-the-box policy templates for SOC2, GDPR, ISO27001, PCI DSS and HIPAA for Google Cloud Platform.
  • Audit Logs Inventory. The Cloud Optix inventory now includes GCP Audit Logs in the "Activity Logs" section of the console.


Infrastructure as Code (IaC)

  • New security checks for Terraform. We’ve added ten new security checks to the Terraform IaC policy for Microsoft Azure.
  • Enable/ disable scanning of selected IaC environments. Customers can now choose which code repositories to enable/disable for Cloud Optix security scanning, simply by using a toggle in the console.
  • Coming soon: IaC Scan API. Use our new Cloud Optix IaC APIs to upload templates for scanning and retrieve scan results. Build IaC scanning into development processes and a wider range of CI/CD tools with ease.



  • All features listed in the article apply to Sophos Cloud Optix subscription customers only
  • These features have been automatically added to the Sophos Cloud Optix console


Visit sophos.com/cloud-optix to find out more about the services, or log into your existing Cloud Optix account here