Sophos Cloud Optix (CSPM) - PAYG with Free Trial

One primary use case for Sophos Cloud Optix  is cloud visibility. I use it for compliance requirements and improving end user experience. The solution provides a unified dashboard for multi-cloud environments, allowing analysts to easily monitor assets.

I find Cloud Optix to be a valuable solution since it provides a single, unified dashboard to monitor cloud assets, such as AWS  and Azure . It includes features like vulnerability management, allowing for visibility into cloud infrastructure at a granular level, highlighting potential loopholes, and suggesting corrective actions. This makes it valuable within a managed service provider's ecosystem or SOC ecosystem.

Sophos should enhance its AI-driven detection features and anomaly detection. The solution focuses on cloud security posture management. Fortinet, having acquired Lacework, seems to be a step ahead in this regard, emphasizing the need for Sophos to compete with standalone market leaders. Furthermore, integrating automation features like SOAR  could significantly improve its functionality.

I rate the stability of Cloud Optix as eight out of ten.

I rate the scalability of Cloud Optix as nine out of ten.

I find Sophos support to be great, especially from a firewall perspective. However, I faced some issues while integrating the product with Azure  or M365 into Cloud Optix. I suggest Sophos enhance their integration support to allow seamless integration without manual intervention.

Positive

I migrated from Symantec to several other products, as I work on multiple solutions like Sophos, CrowdStrike, Cortex XDR , Cygnal, and Microsoft Defender for endpoint security. Being an MSSP  provider requires me to manage various security solutions.

I found the initial setup of Cloud Optix to be straightforward.

I find the price of Sophos solutions to be competitive. It is neither the cheapest nor the most expensive option available. There are other solutions in the market that are less expensive.

Cloud Optix hasn't been marketed aggressively in India compared to other Sophos products. It mainly faces competition from cloud-native solutions within AWS  and Azure, as well as Lacework, which is gaining traction in the market.

I rate Sophos Cloud Optix  seven out of ten overall. 

I recommend it for any size of company, considering their current ecosystem and workload. It's particularly suited for those in a Sophos ecosystem, or working with AWS and M365. An improvement in anomaly detection and integration with SOAR-type automation would make it even more competitive.

Public Cloud

Other

What do you like best about the product?

The insight is great. Products are really impressive.

What do you dislike about the product?

Nothing to dislike. All good. I find the product much better

What problems is the product solving and how is that benefiting you?

It's deduction technology is quite impressive and accurate which detects the thread and send a note send notification to inform about the details so that an automation based investigation can be performed to dissol the concern.

What do you like best about the product?

Sophos Cloud Optix is exceptional when it comes to infrastructure visibility, cloud resources inventory management and identifying potential security & compliance risks.

Its platform support for auto-discovery across multiple cloud environments is great & we obtain well-rounded insights from its intuitive dashboard.

Its cloud gap analytics aids us to pinpoint operational inefficiencies & ensures that we are properly aligned with client specifications & compliance standards.

After our EC2 instance deployments, we need to continuously monitor for misconfigurations and vulnerabilities in its security posture. Sophos Cloud Optix provides comprehensive visibility which helps us validate our configurations effectively.

What do you dislike about the product?

We utilize Sophos Cloud Optix platform for many of our AWS services management namely EC2, S3, RDS , IAM and CloudFormation.

For preventing unauthorized access and to enforce limited resource privileges, we manage our IAM users, roles and policies through the visibility offered in its dashboard.

Implementing an unified policy management utility is made simple thanks to its seamless integration with our AWS resources.

Overall, we are satisfied with the implementation & the governance features offered by Sophos Cloud Optix for our infrastructure management & cost optimization procurements.

What problems is the product solving and how is that benefiting you?

Recently, we did the analysis of our AWS CloudFormation templates with the help of Sophos Cloud Optix for config errors validation before deployment.

It actively tracks the changes made to any AWS resource in our infrastructure & offers real-time visibility into its security posture information.

Whenever there is any security issues/compliance violations in our CloudFormation stack deployment, Sophos Cloud Optix provides efficient auto-remidiation actions for enforcing compliance standards with our customer security policies.

We can also easily identify idle/unused resources that were deployed from CloudFormation stack. By deleting those stacks, we improve our resource allocation efficiency and minimize cloud expenditures.

With the insights provided by Sophos Cloud Optix, we can comprehend the relationships between the resources deployed via CloudFormation template thereby, prevent infrastructure changes that may potentially impact our production due to misconfiguration in their resource dependencies.

What do you like best about the product?

How the product identifies security gaps and vulnerabilities within cloud environments. Moreover, Sophos Cloud Optix empowers organizations to proactively address potential weaknesses and strengthen their overall security posture.

What do you dislike about the product?

Experiencing false positives and false negatives in the alerting and detecting of the threats. This may cause false alarms to users and question the product's credibility in the future.

What problems is the product solving and how is that benefiting you?

One of the problems Sophos Cloud Optix helps me solve is to conduct ongoing risk assessments; the platform identifies security gaps and vulnerabilities within cloud environments.

Sophos Cloud Optix is the endpoint scanner for the workstations at my company, and they control the firewall and the servers. So it provides endpoint protection with Sophos Firewall Manager.

It prevents malware and antivirus, so if you have a file on your system that you suspect to be malicious, it quarantines it and locks it away.

The most valuable feature for me would be the solution's endpoint protection.

I guess that customer training is an area that needs improvement. What I've noticed is that we are not best trained for the software we might purchase, where you might discover later, "you could do that" after buying tools or software to do the same thing you could do with just one tool or software.

The major issue that I would notice and know is that we are not always as best possibly trained for the software that we may purchase. So, after a while and after some digging, you may find out that software or tools could actually do something else. Then, you may end up buying two pieces of software to do the same thing that one could do. It's not a problem with Sophos but an issue across other pieces of software, including Veeam, which I would say is a rudimentary backup that you just use as a backup for virtual machines. You have alternative backups where you would only be backing up versions of what may have been updated, accounting for faster and more precise backups.

In the future, I would like to see email integration to deal with phishing and spam.

We have been using Sophos Cloud Optix for more than two years in our company. Also, I am not sure about the version of the solution I am using.

I would rate the solution's stability an eight out of ten.

I rate the solution's scalability a six out of ten.

I have never dealt with technical support.

The setup was a little bit complex. I would say that its complexity was at an intermediate level because its users had to set up their rules in Sophos, while in comparison, Coros would just require you to click a few buttons to build your filters and catchphrases, and after that, you can go forward.

I have experienced a return on investment using the solution in our company. We had a fair return on our investment.

Regarding the pricing for Sophos Cloud Optix, I would say that it was a very good price.

When I was looking around, I saw that Coro dealt with phishing and spam emails, and it really impressed me because that took a lot off of my plate.

For me to do it, I would have put rules that rerouted the emails to me, and then I would have to sit at my desk and release or check the emails coming through, whereas Coro moves it to a SysTrack folder, and you or any of the users can handle it as they go along.

I would suggest those planning to buy the solution get some good training on the solution since doing so can help you possibly do more than what you are currently doing.

I rate the overall solution a seven and a half out of ten.