Skip to content

Cloud provider charges

Your cloud provider will charge you for Sophos Cloud Optix activity that collects or sends log data. The charge depends on usage and amount of data.

We recommend that you do as follows:

  • Monitor the charges in your cloud provider dashboard.
  • If you have a Sophos Cloud Optix trial, consider using a cloud environment that generates less log data.

This is how Sophos Cloud Optix uses data and why you might incur charges:

  • Sophos Cloud Optix creates an access IAM role (AWS), access key (Azure), or service account (GCP).

    This enables Sophos Cloud Optix to use the cloud provider’s APIs to perform continuous assessment and to provide an inventory of resources.

    Cloud providers don't usually charge for this.

  • Sophos Cloud Optix enables logs (if not enabled already) and sets up continuous streaming of log data to Sophos Cloud Optix.

    This collects admin activity logs (for example AWS CloudTrail) and Network Flow Logs, to provide the network traffic view, anomaly detection alerts, and more.

    Cloud providers do charge for this.

    Note

    If you’re concerned about provider charges, you can choose not to enable logs, but you’ll lose some Sophos Cloud Optix functionality. Use the Custom settings on the Add an environment page.

    Tip

    In AWS, the first CloudTrail is free, but subsequent CloudTrails incur additional cost. You can customize the Sophos Cloud Optix setup to reuse an existing CloudTrail.

Here are more details of charges for each stage in log streaming.

Network Flow Logs

All Cloud providers charge for Network Flow Logs. Please see the following references for guidance on flow log pricing from each cloud provider.

Log routing

AWS: Amazon CloudWatch pricing.

Azure: Storage.

GCP: Cloud Storage pricing.

Serverless functions

A serverless function (created in your environment by Sophos Cloud Optix) is triggered when new logs reach CloudWatch, Microsoft Azure storage or a GCP sink. This function takes the logs and sends them via https to the Sophos Cloud Optix service.

Cloud providers charge for serverless functions on the basis of usage.

AWS: AWS Lambda Pricing.

Azure: Azure Functions pricing.

GCP: Cloud Functions pricing.

Data transfer to Sophos Cloud Optix

The Sophos Cloud Optix service is hosted in the AWS US-West region. Cloud providers may charge for data transfer to the service in this region.

AWS: AWS Pricing.

Azure: Bandwidth pricing.

GCP: Price list.