Applications inferred from host behavior
Sophos Cloud Optix can infer the applications running from the behavior of the host computer instance.
This form of detection uses a combination of instance metadata, traffic flow logs and security group information to accurately identify application workloads.
It uses set of rules that are continuously evolving and being refined by Sophos to improve detection in the customer environment.
Use cases
Provides better visibility into the cloud environment by inferring the running applications on different computer instances like Amazon EC2.
Learning period
Needs 1-day traffic flow logs before it can infer applications.