Cloud Optix Feature Update

ProductsCloud OptixProduct News

The latest releases for Cloud Optix are here and ready to share with customers. From licensing improvements and management upgrades to security enhancements – and even some spoilers to look forward to in early 2020.

Jan 08 2020 By

The Cloud Optix product team has been hard at work delivering a host of great enhancements to the Cloud Optix service over November and December. Make sure you keep up with the latest updates to Sophos’ latest offering for the public cloud and share with your customers via the Sophos Community.

Pricing and licensing

  • New term licenses
    Now easier to quote and order, new Central Cloud Optix (COPX) SKUs are now available with tiered pack sizes and built-in multi-year discounts.
  • MSP Flex and PSA integrations
    Sophos MSP Partners can now buy Cloud Optix on a monthly basis, with billing based on aggregate usage across their customer base, and with Sophos Central PSA integrations now available to pull usage data for customer billing.
  • AWS Marketplace PAYG
    Cloud Optix is now available as a pay-as-you-go SaaS subscription on the AWS Marketplace. Get instant product activation, with usage metered per hour, and billed via the customer’s AWS monthly bill, with no contract term commitments. Partner-friendly with AWS’ Consulting Partner Private Offers (CPPO) program.

 

Cloud Optix management enhancements

  • Cloud Optix is now live on Sophos Central
    Integrated into Sophos Central, access to Cloud Optix is seamless, with no separate sign up required. Read more on the Sophos Partner Portal.
  • Sync and Scan on-demand
    In addition to configurable scheduled security and compliance benchmark scans, customers can now also initiate a sync at any time for a specific cloud environment.
  • Shareable short URLs for search results and inventory pages
    The ability to create a shareable short URL from any inventory or search results page is now available. Sharing this link with another user on the same account will enable the other user to see the same results.
  • Extended browser support
    The Cloud Optix console now supports a wider range of browsers – adding support for Safari on Mac, Edge, and IE11 web browsers.
  • Cloud Optix Audit Logs
    A new Audit Logs page in ‘Settings’ now allow users to view administrative actions including logins, user additions, policy changes/additions/deletions, and more. This includes a date range selector and search field (e.g. search for a specific policy name to see when changes have been made to that policy, and by whom).
  • Custom Policies: Rule Search
    When creating a new custom policy or customizing an out-of-the-box policy, customers can now search for rules using a free-text search field, making it easy to find available rules for custom policies (e.g. search for “S3” to return all rules that have S3 in the rule summary).
  • Deep links to AWS console from Alerts (for EC2, RDS, and Security Groups)
    Making it easier for customers to find and remediate issues relating to resources in their AWS environments, Cloud Optix Alerts now include deep links directly to the affected resources in the customer’s AWS console.

 

Infrastructure-as-Code (IaC)

  • IaC Scan API
    Customers can now integrate Infrastructure-as-Code template scanning into their development processes and CICD pipelines using Cloud Optix’ new REST API. In addition to our existing integrations with GitHub and Bitbucket, the new API makes our innovative proactive template assessment capabilities available to customers using a range of tools and processes.

 

New Features for cloud provider services

  • High-risk AWS CloudTrail events (AI)
    Cloud Optix now uses AI to profile activity and highlight events from AWS CloudTrail logs (via the Activity Logs inventory page) that are considered potentially risky: for example, when an IAM entity makes a type of change that it has never made before.
  • Terraform 0.12 on-boarding for AWS accounts
    AWS accounts can now be added to Cloud Optix using the latest version of Terraform (v0.12).
  • Updated CIS benchmark policy
    The AWS CIS benchmark policy has been updated to v1.2, and v1.1 for Azure.

 

Integration enhancements

  • Splunk integration enhancement
    Cloud Optix now sends additional information to Splunk via our integration. This includes the environment name for anomaly alert data as well as the full alert json output.

 

Coming soon!

There’s plenty to get excited about next quarter (spoiler alert!). Here are just a few examples of exciting new features up our sleeve:

  • IAM topology visualization (easily view which users and roles have access to services and identify over-privileged users). Now in Preview.
  • Support for Amazon Elastic Kubernetes Service (EKS). Now in Preview.
  • Security-focused Spend Monitoring and Alerting for AWS, Azure and GCP. Now in Preview.
  • Add AWS accounts using CloudFormation, including multi-account on-boarding using StackSets.
  • …and much more!

About the Author

Sophos is a global leader and innovator of advanced security solutions that defeat cyberattacks, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies. As one of the largest pure-play cybersecurity providers, Sophos defends more than 600,000 organizations and more than 100 million users worldwide from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through the Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully managed security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.