Network visualization

Sophos Cloud Optix provides network visualization for your cloud environment.

Network visualization shows high-level and detailed information about your AWS, Microsoft Azure, and GCP networks, virtual machines, and any interconnections.

For example, the high-level view for AWS will show all virtual private clouds (VPCs) in your AWS environment, along with any peer connections. This helps you understand entry and exit points that may need more security.

You can click an icon to see a detailed view of a cloud environment. This shows information about major resources in your networks, including computer instances and storage databases.

Network visualization also shows your Security Group configuration and uses flow logs to show traffic flow, to and from your cloud resources.

Note If you've deployed Sophos firewalls in AWS, you can see them in network visualization. You can also see Sophos server protection agents that you've deployed on AWS EC2 instances and Azure VMs, and their security health status.

How to get to network visualization

To get to the different network visualization views, do as follows:
  1. Go to Visualize, and click Network Visualization.
  2. Select the environment type (for example, AWS) in the upper right of the page.
  3. Select the Environment you want to view.
    A high-level view of the selected environment appears.
  4. Click a VPC to go to detail mode.

    A map with one or more icons appears.

    The icons represent resources in the selected VPC. You can see detailed information about the VPC in the Controls panel.

  5. Click an icon to select a resource.

    Controls shows information about the selected resource.

Using network visualization

In the detail view you can change the type of information you can see with the Controls panel.

The detail view of an example AWS VPC visualization looks like this:

Example AWS traffic flow visualization

You can choose between two types of information to show in the control panel.

  • Click Traffic to view traffic flow recorded in flow logs.

    You can view all traffic, or just the inbound, outbound, or internal traffic. The traffic lines are color coded to help you see which type of traffic is flowing. Click the icon next to Diagram Details to see a key to the colors.

  • Click Security Group to view the traffic patterns that are allowed by the security groups configured in your environment.

    The information displayed shows which of your resources have access to or from the public internet. This can help you identify areas where additional security may be useful or necessary.

If you have a large network layout, you can filter the visualization by tags, security groups, instance ID or name.

You can turn on Show inferred DBs. This uses instance metadata, traffic flow logs and security group information to automatically identify hosts running certain types of databases.

For AWS environments this option is called Inferred DBs/Apps. This does the same as Show inferred DBs, and also identifies hosts running MongoDB, MySQL and PostgreSQL databases, and Elasticsearch, Logstash and Kibana (ELK) applications.

Click the visualization export icon Visualization export icon to generate an SVG file of the current view.