Sophos Intercept X for Server Advanced with EDR (Endpoint Detection and Response) has gained new multi-cloud security monitoring features to help partners and customers safeguard Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) workloads.
The effort leverages Sophos Cloud Optix, a public cloud visibility and threat response service that allows partners and customers to "detect, respond, and prevent" cloud security and compliance gaps, the company asserts.
The new Sophos offering empowers partners for fast-growing Cloud Security Posture Management (CSPM) opportunities.
The thesis: Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes, Gartner asserts. With those risks in mind, MSPs and MSSPs can leverage CSPM tools to help ensure customers correctly configure public cloud IaaS and PaaS services and mitigate cloud risks. CSPM security tools typically offer such capabilities as compliance monitoring, DevOps integration, incident response, risk assessment, and risk visualization, Fugue notes.
Sophos Cloud Security Posture Management (CSPM)
In the case of Sophos, the company offers a management console that allows partners and customers to "dive directly into assets to get more detail about your asset inventory and cloud security posture."
Key capabilities, the company says, include:
- Cloud asset inventory – spanning cloud infrastructure such as cloud hosts, serverless functions, S3 buckets, databases, and cloud workloads.
- Access and traffic anomaly detection – unusual login attempts and suspicious traffic patterns are detected and blocked or flagged to the admin as appropriate.
- Security scans – daily and on-demand scans monitor, detect and automatically resolve issues where possible, with admin notification if manual intervention is required.
- Configuration guardrails – stop accidental or malicious tampering with configurations that could negatively impact security posture
- Compliance policies – ensures that a cloud environment conforms to Center for Internet Security (CIS) best practices.
- Alert management integrations – receive email notifications when manual intervention is required.
Sophos CSPM: More Details.
The new capabilities are available with all Intercept X Advanced for Server with EDR customers at no additional cost.
Current customers using Sophos Central that would like to try out this new functionality – in addition to the recently released EDR IT operations and threat hunting capabilities – can start a trial from within the Sophos Central console, the company says.