Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3

News & Articles

September 28, 2021 |

Sophos Links Cloud Optix and XDR Solution

The new integration, which is the first to connect the two systems, aims to streamline threat detection and response by combining telemetry from Amazon Web Services with input from endpoints, firewalls, and other systems in Sophos XDR’s data lake.

Sophos has added Amazon Web Services data from its Cloud Optix solution to its extended detection and response (XDR) solution.

The new integration imports telemetry collected by Cloud Optix from sources like Amazon GuardDuty, AWS CloudTrail, and AWS Security Hub into the XDR solution’s data lake, which already contained security-related information from endpoints, firewalls, cloud email applications, and other systems. It supplements existing real-time defenses for online servers and containers provided by the XDR platform’s Cloud Workload Protection component.

“This is the first time you’ll have full visibility into your entire cloud ecosystem,” says Sophos Chief Product Officer Dan Schiappa.

As a result, according to Sophos, technicians can now more easily spot vulnerabilities like multifactor authentication being disabled for an AWS Identity and Access Management user, changes to an Amazon EC2 instance that could allow resources to be copied or moved, and data exfiltration from AWS S3 deployments.

In addition, Schiappa notes, analysts can use the data supplied by Cloud Optix to diagnose issues more quickly and accurately. “We can take the relevant information from Optix, pull it into our data lake, and now it becomes available for security operators not only to react to any real-time alerts that may came up, but to be able to query and do active threat hunting,” he says.

To further streamline investigations, the Cloud Optix integration supports both customizable and pre-written SQL queries associated with the MITRE ATT&CK matrix, including Initial Access, Persistence, Privilege Escalation, and Exfiltration tactics.

According to Schiappa, combining cloud infrastructure telemetry with other XDR data sources in a single interface closes one of the biggest blind spots in security operations. “It’s usually a completely separate thing,” he says. “Now I can bring it all into one investigation.”

That’s important, Schiappa continues, given that hackers often spend weeks or even months studying a compromised environment, including its online elements, before executing an attack. “They’re going to be doing recon in the cloud, and unless you have visibility into that you’re never going to detect that they’re there.”

Introduced in May, Sophos XDR is designed to collect, analyze, and act on data from both Sophos products and third-party platforms, drawing on a cross-vendor architecture also introduced in May called the Adaptive Cybersecurity Ecosystem (ACE). Sophos is currently recruiting ACE alliance partners to exchange information with the XDR data lake. Technicians will also have the ability to perform tasks like closing open ports, for example, on an ACE member’s firewalls via the XDR management console, Schiappa notes.

In parallel with that effort, Sophos is also adding capabilities the company acquired in July along with Capsule8, a maker of detection and response software for Linux servers and containers, to Cloud Workload Protection. “That’ll be coming up early next year,” Schiappa says.

Cloud Optix is a “cloud security posture management” solution, unveiled in 2019, that provides visibility, compliance, and threat monitoring functionality for leading public clouds. The system gained the ability to scan application containers for vulnerabilities in March. 

The integration announced today is the first to link Cloud Optix with Sophos XDR. Further integrations that will add support for Microsoft Azure and Google Cloud Platform data sources to the XDR platform are on the roadmap for future release.

According to Schiappa, Sophos will soon incorporate data from its mobile security solution into XDR as well.

“Now that that connective tissue is there, it’s just easier for us to start to create data pipes into over the same kind of roadway that we’ve already paved,” he says. “It’s going to be fast and furious.”

Editor’s Choice

Introducing ChannelPro’s Top 20 MSPs for 2024

June 18, 2024 |

These companies lead the way in building up the IT channel, as well as ensuring that their clients run thriving businesses.

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

AI-as-a-Service Takes Shape for 3 MSPs

June 4, 2024 |

AvTek Solutions, LAN Infotech, and PCH Technologies share how they are working with the new AI-as-a-Service platform in their day-to-day business.

Related News & Articles

Growing the MSP

Explore ChannelPro


Reach Our Audience