What’s New in Sophos Cloud Workload Protection

ProductsCloud Optix

Intercept X Advanced for Server now incorporates Cloud Security Posture Management

66% of attacks targeting public cloud data, files, and web applications take advantage of misconfigurations.1 Sophos Cloud Workload Protection now makes it easy for Sophos Partners to provide the visibility and protection needed to avoid costly cloud resource misconfigurations in the first place. It enables Partners to provide critical insights into their wider cloud environments across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), including security groups, hosts, shared storage, databases, serverless, containers, and more.

Expansion of Sophos Cloud Workload Protection

This release brings an exciting expansion to Sophos Cloud Workload Protection that sees Intercept X Advanced for Server incorporate Cloud Security Posture Management (CSPM) with new Sophos Cloud Optix Standard capabilities. This addition extends protection beyond server workloads running in Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) to critical cloud services and provides seamless integration with Sophos server agents running in the cloud.

Sophos Cloud Optix Standard and Advanced

Sophos Intercept X Advanced for Server customers now benefit from Cloud Optix Standard CSPM capabilities, enabling security teams to focus on and proactively fix their most critical cloud security vulnerabilities before they’re identified and exploited in cyberattacks.

By identifying and risk profiling cloud workload security configuration issues, suspicious access events, and unusual network traffic vulnerabilities impacting security posture, Cloud Optix Standard ensures teams respond faster, providing contextual alerts that group affected resources with detailed remediation steps.

The full Cloud Optix product is changing to Cloud Optix Advanced. This license update does not alter any of the advanced CSPM features of the previous Cloud Optix license but has introduced a new, and more flexible per-asset license structure with no additional log ingestion limits. The update will provide a pathway for organizations using Cloud Optix Standard to the full range of security and compliance monitoring capabilities.

All Cloud Optix customers in Sophos Central now also benefit from a new seamless integration with Intercept X Advanced for Server, automatically removing servers from the Central Admin console when VMs are terminated in AWS and Azure environments.2


See and secure the complete cloud environment

Automated scans will detect any insecure deployments by mapping their configuration to CIS Benchmarks. These are community built, maintained and supported series of cloud security best practices targeted at helping organizations prioritize their defenses based on what attackers are doing.

And Cloud Optix doesn’t stop there, you’ll also get at-a-glance risk prioritization of alerts with guided recommendations about how to fix potential issues. Artificial intelligence tracks normal behavior patterns, looking for any suspicious activity such as anomalous traffic patterns or unusual login attempts to cloud accounts. Issues are then flagged and prioritized by risk level if they require manual intervention.

Here’s the full list of what’s available:

  • Cloud Asset Inventory – View a detailed inventory of your entire cloud infrastructure (e.g. IAM roles, security groups, shared storage, databases, serverless, containers and more), eliminating the need for time-consuming manual collation across AWS, Azure, and GCP.
  • Access and Traffic Anomaly Detection – Unusual login attempts, and suspicious traffic patterns are automatically detected, and teams alerted.
  • Security Scans – Daily and on-demand scans monitor your cloud environment to ensure its on-going security health. Alerts are automatically prioritized by risk level, while guided response provides detailed information and instructions to resolve the issue.
  • Security Best Practice – Detect when cloud accounts and the configuration of deployed resources do not align to security best practices with Center for Internet Security (CIS) Benchmark policies, helping keep security posture at its best.
  • Alert Management Integrations – receive email notifications when manual intervention is required.


Get Started with powerful visibility and protection

This exciting new cloud functionality is available to all Intercept X Advanced for Server term license customers at no additional cost. Log into your Sophos Central console, select Cloud Optix, and you can get started right away.

Full online demos of both Intercept X Advanced for Server and Cloud Optix are available to partners on-demand. Simply log into the Sophos Partner Portal, and select ‘CSP Hub’, and then ‘Online Demos’.

Partners specialized in cloud security should join the Sophos Cloud Security Provider (CSP) program. This specialist program provides the tools, training, recognition, and financial incentives to support and secure your customers using or migrating to the cloud. You can find out more and the Sophos CSP Program at Sophos.com/csp, or through the CSP Hub on the Sophos Partner Portal


1Sophos State of Cloud Security Report 2020

²Requires Intercept X Advanced for Server term license