Skip to content


Subscriptions are based on the number of cloud assets in the cloud environments you add to Sophos Cloud Optix. Subscription-based licenses and trial licenses have a grace period of 30 days after they expire. After the grace period ends, you'll no longer have access to Sophos Cloud Optix.

Sophos Cloud Optix versions

Sophos Cloud Optix is a subscription-based SaaS service and is available as follows:

  • Sophos Cloud Optix Advanced term license: Purchased in advance for a 12, 24, or 36 month term.
  • Sophos Cloud Optix Standard: If you have an Intercept X Advanced for Server term license, you can use Sophos Cloud Optix Standard.

    To find out the differences between this and Sophos Cloud Optix Advanced, see Sophos Cloud Optix versions.

  • MSP Flex: For Managed Service Providers, billed monthly in arrears based on usage.

  • Pay-as-you-go (PAYG) via AWS Marketplace: Billed monthly in arrears based on usage via your AWS bill.

You can add one of each type of cloud environment (for example AWS Accounts, Microsoft Azure Subscriptions, GCP Projects) to your account with a Sophos Cloud Optix Standard license.

You can add as many cloud environments as you need, of any type, (for example AWS Accounts, Microsoft Azure Subscriptions, GCP Projects) to your account with Sophos Cloud Optix Advanced.

Cloud assets

A cloud asset is a single virtual machine instance (including any server instance or database instance) or container image, within a cloud environment that benefits from, or whose configuration is accessed by, Sophos Cloud Optix.

For the purposes of this definition, a cloud environment is an environment facilitating or involved in the delivery of computing services over the internet, including but not limited to Amazon Web Services (AWS) accounts, Microsoft Azure subscriptions, Google Cloud Platform (GCP) projects, Kubernetes clusters, development code repositories, and container registries.

Resource types

The following resource types are counted as cloud assets.


  • AWS EC2 instances in a running state
  • AWS RDS instances, excluding those in a stopped state
  • AWS S3 objects scanned by Serverless Storage Protection

    Each 500 objects (or part of that number) consume one Cloud Asset for that calendar month.

Microsoft Azure

  • Microsoft Azure VMs in a running state
  • Microsoft Azure SQL servers in a ready state
  • Microsoft Azure DB servers
  • Microsoft Azure Cosmos DB servers

Google Cloud Platform

  • Google VMs in a running state
  • Google DB servers in a runnable state


  • Kubernetes Nodes.

    These aren't counted if they're already counted under AWS EC2, Microsoft Azure VM, or GCP VM, to avoid duplication.

Container images

  • Images in your container image registries count towards licensing once they've been scanned.

Usage reporting

Usage reporting depends on the number of cloud assets you've added and the version of Sophos Cloud Optix you're using.

To see your current environment usage, click Environments > View usage. See Cloud Asset Usage.

Sophos Cloud Optix Advanced

For trials and term license accounts, the number of cloud assets detected by the most recent synchronization with each cloud environment is reported in Sophos Cloud Optix Advanced.

Cloud assets from inactive environments aren't included in the usage count, but you may still see these assets in your inventory.

Sophos Cloud Optix Standard

Sophos Cloud Optix Standard is only available with term licenses for Intercept X Advanced for Server and can't be purchased separately. It's not included with MSP Flex licenses for Intercept X Advanced for Server.

If you have a term license for Intercept X Advanced for Server, the number of cloud assets you can have in Sophos Cloud Optix Standard depends on the number of servers you have in your Intercept X Advanced for Server license. You can have up to 120% of the number of servers.

For example, if your Intercept X Advanced for Server license allows up to 150 servers, you can have up to 180 cloud assets in Sophos Cloud Optix Standard. This covers cloud assets counted for licensing by Sophos Cloud Optix that aren't counted as servers, such as database instances. The Sophos Cloud Optix dashboard displays your Sophos Cloud Optix Standard entitlement and usage.

If you need more cloud assets, you can either increase your Intercept X Advanced for Server license entitlement, or buy a full license for Sophos Cloud Optix Advanced.

MSP Flex

MSP Flex reporting and billing is based on aggregate usage of Sophos Cloud Optix across multiple end customers, billed to the MSP monthly in arrears.

Cloud assets are counted for billing based on the usage each hour, averaged over the 30 days before billing. This is rounded up to the nearest whole cloud asset and reported for each of the MSP partner's customers in Sophos Central Partner.

For example, if a customer used 25 cloud assets every hour over 30 days, except for a usage burst of 50 cloud assets for 4 hours, the number of cloud assets reported in Sophos Central Partner for the customer in the last 30 days is 26 cloud assets.

PAYG via AWS Marketplace

Sophos Cloud Optix is available via AWS SaaS subscription on a pay-as-you-go (PAYG) basis. Billing is based on actual usage, calculated on an hourly basis, billed monthly in arrears. See Sophos Cloud Optix (CSPM) - PAYG with Free Trial.

Sign up for Sophos Cloud Optix via AWS Marketplace and add your cloud environments to the service. Sophos Cloud Optix continuously monitors the number of cloud assets on your account and sends this information to AWS on an hourly basis. AWS calculates the total usage over the month and includes this in your monthly AWS bill.

You can use a free usage tier available via AWS Marketplace. If you use this, you're only billed for usage above the free tier.

You can cancel Sophos Cloud Optix subscriptions on AWS Marketplace at any time.

If you buy Sophos Cloud Optix PAYG via AWS Marketplace the service isn't managed via Sophos Central. It is managed in Sophos Cloud Optix.