Skip to content

Applications inferred from host behavior

Sophos Cloud Optix can infer the applications running from the behavior of the host computer instance.

This form of detection uses a combination of instance metadata, traffic flow logs and security group information to accurately identify application workloads.

It uses set of rules that are continuously evolving and being refined by Sophos to improve detection in the customer environment.

Use cases

Provides better visibility into the cloud environment by inferring the running applications on different computer instances like Amazon EC2.

Learning period

Needs 1-day traffic flow logs before it can infer applications.