Skip to content

Sophos Cloud Optix versions

There are two versions of Sophos Cloud Optix, Standard and Advanced.

Sophos Cloud Optix Standard includes all the major features, such as network and IAM visualization, and container image scanning, for one of each type of environment. It doesn't include environment access control or custom policies, and you only get the automatic daily scan.

If you're a Sophos Central user with an Intercept X Advanced for Server term license, you can use Sophos Cloud Optix Standard. You can't buy Sophos Cloud Optix Standard separately any more. For more information about licensing, see Licensing.

You can upgrade to the full Sophos Cloud Optix Advanced service for additional cloud security features, or to protect more environments. It's available on subscription or on a free trial.

To see your current environment usage and licensing, click Environments > View current usage.

The table compares the features of each version.

Feature Sophos Cloud Optix Standard Sophos Cloud Optix Advanced

Cloud environment monitoring:

Support for AWS, Azure, GCP, Kubernetes, and IaC environments, and Docker Hub registries

One per provider Unlimited
Security monitoring (CSPM best practice rules) Daily scans Scheduled, daily and on-demand scans
Sophos MDR integration to send alerts and events to Sophos Central Y Y
Asset inventory Y Y
Advanced search capabilities Y Y
AI-powered anomaly detection Y Y
SophosLabs Intelix malicious traffic alerts Y Y
Email alerts Y Y

AWS native service integrations

(Amazon GuardDuty, AWS Security Hub, Amazon Inspector etc.)

Azure native service integrations (Azure Sentinel and Advisor) Y Y
Cloud workload protection: agent discovery Y Y
Cloud workload protection: automatic agent removal Y Y
Compliance policies and reports CIS benchmarks CIS benchmarks, ISO 27001, EBU R 143, FEDRAMP FIEC, GDPR, HIPAA, PCI DSS, SOC2, Sophos best practices
Custom policies - Y
Network Visualization Y Y
IAM Visualization Y Y
Spend Monitor Y Y

Alert management integrations

(Jira, ServiceNow, Slack, Teams, PagerDuty, Amazon SNS)


SIEM integrations

(Splunk, Azure Sentinel)

Rest API Y Y

Infrastructure-as-code (IaC) template scanning


Environment access control - Y

Container image scanning

(ECR, ACR, DockerHub, API)

Serverless Storage Protection Limited to one region and to 5,000 files scanned per calendar month Y

Accessing Sophos Cloud Optix Standard

If you have an Intercept X Advanced for Server term license, Cloud Optix appears in Sophos Central Admin, under My Products.

To use Sophos Cloud Optix Standard click Cloud Optix.

Use of Sophos Cloud Optix is governed by the Sophos End User Terms of Use. You must accept these terms in Sophos Central to use it. See Sophos End User Terms of Use.