Container Security Now Available for Sophos Partners

ProductsCloud Optix

The latest release for Sophos Cloud Optix features a range of exciting enhancements, including container image scanning to prevent off-the-shelf container images from public registries introducing Operating System vulnerabilities into production environments, new automated remediation abilities to prevent security misconfigurations in cloud environments, and much more.

Introducing Sophos container image scanning

95% of all new applications are now using containers (source: 451 Research), and while popularity is growing for containers, attackers have been busy exploiting vulnerabilities and there have been many incidents of container security breaches including elevation of privileges and allowing malware to be installed.

Sophos Cloud Optix has now been enhanced to provide both visibility of container assets and scanning to identify exploitable weak points in container images – helping prevent security breaches. With Cloud Optix, organizations can scan container images pre-deployment to prevent threats from operating system vulnerabilities and identify newer versions of the image containing fixes.


This approach enables security teams to enable fast and secure development by enabling DevOps teams to scan container images for security vulnerabilities in the following locations:

  • Amazon Elastic Container Registries (ECR)
  • Microsoft Azure Container Registries (ACR)
  • Docker Hub registries
  • IaC environments (Bitbucket and GitHub)
  • Images in your build pipeline (using the Cloud Optix API)

Container image scanning is easy to setup with no additional license required as container images count towards existing licensed assets. Read more about Sophos container security in our help guide.

Test Sophos container image scanning free today from the free trials page with Sophos Central


More updates for Cloud Optix

The latest release for Sophos Cloud Optix goes beyond container image scanning, with new automated remediation abilities to prevent security misconfigurations in cloud environments and more:

  • Webhooks: You can now use webhooks to integrate with systems for remediation, reporting, and other functions. Sophos Cloud Optix provides native integration for a variety of systems, for example Jira, Slack, Teams, and so on. If you’re using different system, or want to trigger your own remediation functions, you can use webhooks to send alerts an http endpoint in your environment.
    Read help guide here.
  • ‘Operational Status enhancements: On the ‘Environments’ page, for each AWS, Azure and GCP environment, you can now see the operational status of Flow Log ingestion and Activity Log ingestion.
  • ‘Unused’ Azure NSG filter enhancement: In the inventory (Azure Network Security Groups page), the ‘Unused’ filter now considers the following additional Azure services that Security Groups can be assigned to, in addition to VMs: SQL Server, DB Server, CosmosDB, App Service, Function App, Storage Account.
  • New date range filter: The date range selector on key screens in the Cloud Optix console, including Dashboard, Alerts and Activity logs, has been replaced with a new, more flexible selector. Choose from a range of ‘commonly used’ date range options or select a custom date range using the calendar.
  • Compliance policy tags for alerts: Security monitoring alerts from compliance policy rules have an associated ‘Compliance Tag’ to identify the policies that the rule belongs to. Compliance tags are now included on the Alert details popup modal. You can also now link directly from the alerts list to a policy details page, by clicking on a compliance tag in the list.