Alerts for non-compliant Sophos Cloud Optix resources

Sophos Cloud Optix's actions sometimes cause alerts because they don't comply with CIS recommendations.

The Center for Internet Security (CIS) promotes best practices for securing IT systems and data. It has certified Sophos Cloud Optix on two profile levels: 1 and 2.

Level 1 lowers your organization's attack profile while keeping devices usable and not obstructing business functions.

Level 2 is considered “defense in depth” and is intended for environments where security is very important.

Sophos Cloud Optix accurately reports security recommendations in both Level 1 and Level 2 CIS Benchmark profiles. See CIS SecureSuite Product Vendor Members - Sophos.

Non-compliant resource creation

We don't comply with all CIS recommendations by default. If we did, it could result in increased cloud spending or other issues. We don't suppress CIS rule-related alerts because it is important that you have complete awareness of your compliance.

There are situations where cloud resources created by Sophos Cloud Optix cause non-compliance alerts.

For most alerts you can suppress the alert or change the configuration of your cloud resources to align with CIS recommendations. This minimizes non-compliance alerts.

To change the configuration of your cloud resources follow the instructions given in the relevant Sophos Cloud Optix alert.

For more details about each rule, and the reasons why alerts have been raised for AWS environments, see AWS alerts.

For more details about each rule, and the reasons why alerts have been raised for Azure environments, see Azure alerts.