Sophos Ltd. has introduced an AI-powered solution designed to help organizations identify, protect, and enforce compliance policies on workloads housed in public cloud computing environments.
Based heavily on software Sophos acquired in January along with San Francisco-based Avid Secure Inc., Sophos Cloud Optix augments the safeguards provided by cloud platform operators and cloud-compatible products like the Sophos XG Firewall with application-specific capabilities badly needed by organizations shifting business systems off-premises, according to Sophos Chief Product Officer Dan Schiappa.
“It’s a born-in-the-cloud security product to protect born-in-the-cloud applications,” he says.
Cloud Optix provides functionality in three core areas: visibility, compliance, and threat monitoring. The visibility feature automatically builds a comprehensive catalog of everything an organization has online in Amazon Web Services, Microsoft Azure, and Google Cloud Platform. That, according to Schiappa, is a fundamental first step for any organization with cloud-based workloads.
“You can’t manage it and secure it if you don’t know it’s there,” he says. “In a world where organizations are living in this kind of DevOps world, and developers and IT people and even business people are spinning up virtual environments, it’s very easy for a security administrator to lose sight of what they’re actually protecting.”
Once users have a complete view of their online estate, Cloud Optix continually confirms that existing and freshly added resources are in compliance with external regulations and internal policies. Administrators automatically receive an alert any time the system detects a flawed configuration setting, sparing their employers from potentially steep fines.
“If you’re in an environment where people are spinning things up out of control and you don’t have that compliance overview and oversight, it can be very costly,” Schiappa notes.
Threat monitoring functionality in Cloud Optix draws on artificial intelligence to call administrators’ attention to anomalous behaviors, like suspicious overseas IP addresses trying to access a virtual instance. Optional automated risk remediation functionality can then act on that information, allowing organizations to reduce incident response and resolution times, according to Sophos, from days or weeks to minutes.
Technicians can administer Cloud Optix, like other Sophos solutions, via the Sophos Central management console. XG Firewall became the last previously-released member of the Sophos product family to join Sophos Central in February.
Cloud Optix is available immediately through annual subscriptions. A single license supports up to three cloud environments, plus 100 cloud assets. Sophos plans to add monthly subscription pricing for MSPs at an unspecified point in the future. An edition of the system with multi-tenant management capabilities is forthcoming as well.
“We do plan to put this into our MSP portfolio, we just don’t have a date or a commitment for that yet,” Schiappa says. Same goes for integrating Cloud Optix with the vendor’s Synchronized Security technology, which allows separate systems to share information and coordinate responses.
“That’s on the whiteboards,” Schiappa says.
A new study from Sophos published today underscores the need for solutions like Cloud Optix. After deploying “honeypot” servers in 10 popular Amazon Web Services data centers around the globe, researchers recorded more than five million attacks over a 30-day period. On average, Sophos says, decoy cloud servers were assaulted 13 times a minute; one server in Sao Paulo, Brazil, was struck within 52 seconds of going live. According to Schiappa, that’s alarmingly fast even for a threat landscape in which newly launched on-premises systems are targeted swiftly.
“In the cloud, the speed from birth to being attacked is really, really rapid,” he says. That end users are launching cloud servers in large and accelerating volumes, he continues, only compounds the problem.
“People are just bringing things up in virtual environments very rapidly, and in some cases uncontrollably,” Schiappa observes.
Sophos equipped its Intercept X endpoint security solution with neural networking-based deep learning capabilities last January. Cloud Optix uses a similar, but separate, AI engine.