Anomaly detection

Sophos Cloud Optix has several types of anomaly detection. They're turned on automatically.

The detection types are:

  • User login anomalies.
  • Outbound network traffic anomalies.
  • Applications inferred from host behavior.
  • High-risk activity.

Each of these detects security-related anomalous events based on account or user activities, API calls, flow log data, and network traffic patterns.

These detection types require different resources or learning periods to determine normal behavior. They can then identify unusual behavior.