Listing Thumbnail

    SophosLabs Intelix

     Info
    Sold by: SophosLabs 
    Deployed on AWS
    Powered by machine learning, decades of threat research, and petabytes of intelligence, SophosLabs Intelix gives your app superpowers to identify, classify, and prevent threats. Designed for easy integration into any application, augmenting your cybersecurity is only an HTTP request away.
    4.3

    Overview

    SophosLabs Intelix is a cloud-based threat intelligence and threat analysis platform, enabling programmers to directly tap into the technology and intelligence behind Sophos products through RESTful APIs.

    Based on petabytes of information about the threat landscape, machine learning and the latest in static and dynamic analysis techniques. Leverage first class protection only available from the cloud to easily identify known and potential threats, derive verdicts and rich threat intelligence reports in seconds.

    Intelix provides four Easy-to-Use Services

    Cloud Lookups Quickly identify known threats via direct access to the latest SophosLabs threat intelligence, query using suspect malware file hashes, URLs, IPv4 addresses, or Android APKs.

    Static File Analysis Generate intelligence, harnessing the power of multiple machine learning models, global reputation, deep file scanning, and more without executing the file.

    Deep analysis of web content by submitting the HTML file and URL to understand both security verdict and content categorization.

    Dynamic File Analysis Detonate files in our sandbox using bleeding edge analysis and detection techniques for unmatched visibility into malicious files.

    Static URL Analysis Generate intelligence for a URL without ever visiting the page, using ML and hosting information (e.g. DNS and SSL details) to determine predict sites that are malicious.

    Support is provided via StackOverflow. Tag questions with "sophoslabs-intelix".

    Highlights

    • Harness the power of 30-plus years of SophosLabs experience in threat analysis and research
    • Leverage SophosLabs threat intelligence services actively used in Sophos products
    • RESTful APIs, with easily decomposable JSON responses

    Details

    Categories

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    SophosLabs Intelix

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (14)

     Info
    Dimension
    Cost/unit
    File hash lookup free tier (5000 requests/month)
    $0.00
    File hash lookup
    $0.002
    URL category lookup free tier (5000 requests/month)
    $0.00
    URL category lookup
    $0.002
    IP category lookup free tier (5000 requests/month)
    $0.00
    IP category lookup
    $0.002
    Android APK lookup free tier (5000 requests/month)
    $0.00
    Android APK lookup
    $0.002
    Static file analysis free tier (500 requests/month)
    $0.00
    Static file analysis
    $0.02

    Vendor refund policy

    We do not currently support refunds, but you can cancel at any time.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Security, Storage
    Top
    100
    In Data Analytics

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    14 reviews
    Insufficient data
    Insufficient data
    0 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Cloud-Based Threat Intelligence Access
    Direct access to SophosLabs threat intelligence database through RESTful APIs for querying malware file hashes, URLs, IPv4 addresses, and Android APKs
    Static File Analysis
    Machine learning-based file analysis without execution, incorporating multiple ML models, global reputation scoring, and deep file scanning to generate threat intelligence
    Dynamic File Analysis
    Sandbox-based file detonation using advanced analysis and detection techniques to provide visibility into malicious file behavior
    Static URL Analysis
    URL threat assessment using machine learning and hosting information including DNS and SSL details to predict malicious sites without visiting the page
    Web Content Analysis
    HTML file and URL submission for security verdict determination and content categorization analysis
    Multi-Storage Platform Support
    Malware scanning across Amazon S3, Amazon EBS, Amazon EFS, and Amazon FSx for object, block, and file storage environments.
    Multiple Scanning Engines
    Support for Sophos, CSS Premium, and CSS Secure engines that can be used individually or simultaneously to optimize detection accuracy and performance.
    Flexible Scanning Models
    Event-based scanning on upload, retroactive scanning on-demand or scheduled, and API-based scanning before write operations for migrations and application workflows.
    In-Tenant Deployment Architecture
    Installation and operation within customer AWS accounts with data remaining in the specified region, supporting private VPC endpoints and linked account management.
    Automated Response and Remediation
    Automated quarantine, tagging, and deletion of detected malware with integration to downstream workflows, alerts, and enforcement policies through object tagging.
    Indicator of Compromise Lookup
    Query threat intelligence database using malware file hashes, domains, URLs, and IPv4 addresses to identify known malicious indicators with comprehensive metadata including threat categories, severity scores, CVE information, malware family names, and threat actor details.
    Known-Good Value Filtering
    Check suspected indicators against known-good values database to identify benign entities such as common Windows system files, well-known DNS servers, and CDN IP addresses to reduce false positive alerts.
    WHOIS Domain Registration Lookup
    Retrieve WHOIS registration data for domains to verify domain ownership and registration details for threat investigation and phishing scenario mitigation.
    Real-Time Threat Intelligence Updates
    Access continuously updated threat intelligence database sourced from reputable security vendors, threat researchers worldwide, and research communities with rapid identification and categorization of known threats.
    API Integration with Security Infrastructure
    Seamlessly integrate with existing security platforms including TIP, SIEM, and SOAR systems through documented API endpoints with sample code for minimal implementation effort.

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.3
    15 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    53%
    40%
    7%
    0%
    0%
    1 AWS reviews
    |
    14 external reviews
    External reviews are from G2 .
    TVargas

    Daily threat checks have reduced false alarms and have improved confidence in file approvals

    Reviewed on Jul 04, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My main use case for SophosLabs Intelix  is analyzing suspicious files before they reach production systems. I use it almost daily because it gives quick verdicts and helps me decide whether to block or allow content. It has become part of my routine security checks.

    In addition to daily file analysis, I also use SophosLabs Intelix  when testing new software before deployment. It helps me spot hidden risks early, so I can approve tools with more confidence. That way, it serves both reactive and preventive security purposes in my routine.

    One time I uploaded a PDF that looked normal but had hidden macros, and SophosLabs Intelix flagged it quickly and showed the malicious behavior in the sandbox. It stood out because our regular antivirus did not catch it, and it saved us from a potential breach.

    What is most valuable?

    The best features SophosLabs Intelix offers for me are the fast cloud-based analysis and detailed behavioral reports. It quickly shows if a file is malicious and explains why, which makes decisions easy. I also value how smoothly it integrates into my daily workflow.

    SophosLabs Intelix has positively impacted us by reducing false positives and speeding up threat detection. A clear outcome was fewer interruptions for the team, since Intelix quickly validates files and lets us focus on real risks. Overall, it improved efficiency in daily security tasks.

    What needs improvement?

    One feature I would like to see improved in SophosLabs Intelix is deeper integration with endpoint tools so alerts flow more seamlessly. I also find the sandbox details very valuable since it shows exactly how a file behaves, which helps me explain risks clearly to my team.

    SophosLabs Intelix could be improved by offering deeper integration with SIEM  tools, such as Sentinel , so alerts flow automatically into our dashboard. Another feature I would appreciate is more customization in reports to highlight the risks most relevant to our environment.

    One improvement in SophosLabs Intelix that would help my workflow is tighter automation with ticketing systems, so flagged files create cases automatically. It would also be useful if reports could be customized to highlight only the most critical behaviors, saving my team time when reviewing results.

    Another improvement I would still appreciate for SophosLabs Intelix is better dashboard customization so I can tailor the view to my team's priorities. It would also help if Intelix offered more granular API access, making automation smoother, as those changes would make daily workflows even easier.

    For how long have I used the solution?

    I have been using SophosLabs Intelix for around two years.

    What do I think about the stability of the solution?

    SophosLabs Intelix is very stable.

    What do I think about the scalability of the solution?

    SophosLabs Intelix's scalability has been strong; it handles a high volume of suspicious files without slowing down. We have expanded usage across multiple teams and performance has stayed consistent, with flexibility making it easy to grow without worrying about bottlenecks or extra infrastructure.

    How are customer service and support?

    SophosLabs Intelix customer support is very great and very fast. I rate SophosLabs Intelix customer support an eight on a scale of one to ten.

    Which solution did I use previously and why did I switch?

    Before SophosLabs Intelix, we used a traditional antivirus solution that relied mostly on signature-based detection. We switched because it struggled with zero-day threats and produced too many false positives. Intelix's AI-driven analysis gave us faster, more accurate results, which made the change worthwhile.

    How was the initial setup?

    We purchased SophosLabs Intelix directly through the AWS Marketplace . That made the process simple and fast since billing and deployment were handled within our existing AWS  environment. It saved us time compared to negotiating a separate contract.

    What was our ROI?

    We have seen a return on investment in terms of money saved and time saved. In terms of savings, we have noticed that investigations that used to take two to three hours now finish in under thirty minutes, which is roughly a seventy percent time reduction. Financially, it is harder to put an exact number, but avoiding even one false positive incident saves us several days of productivity.

    What's my experience with pricing, setup cost, and licensing?

    My experience with pricing, setup cost, and licensing for SophosLabs Intelix has been straightforward since we went through AWS Marketplace , and there were no extra setup costs beyond our subscription. Licensing is flexible enough to scale with our usage, which made budgeting easier. Overall, the cost feels reasonable compared to the time and risk it saves us.

    Which other solutions did I evaluate?

    Before choosing SophosLabs Intelix, we looked at other cloud-based malware analysis tools such as VirusTotal  Enterprise and Palo Alto WildFire. They had strong features, but we felt Intelix offered better integration with our existing Sophos environment and more consistent reporting, which made it the right fit.

    What other advice do I have?

    My advice for others looking into using SophosLabs Intelix is to plan for integration early. Connect Intelix with your SIEM  or ticket system so alerts flow smoothly. Also take time to tune reporting to your environment; that way, you avoid noise and focus on real threats. Finally, start small with a pilot, then scale once the team sees the time savings.

    I found this interview flowed well; your questions were clear, progressive, and touched on the right areas: efficiency, improvement, deployment, pricing, and advising. The structure makes it easy, and I do not need any change for the future.

    Cloud calms, swift and clear. False alarms fade, trust grows strong. Time saved, peace secure. I am providing this review with a rating of nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Information Technology and Services

    High Fidelity Threat Intelligence

    Reviewed on Jan 16, 2024
    Review provided by G2
    What do you like best about the product?
    They provides threat classification and deep analysis for known clean and malicious objects. Its easy to use and is effective and efficient and fast. I have frequently used it because of its efficiency.
    What do you dislike about the product?
    There is nothing to dislike about SophosLabs Intelix.
    What problems is the product solving and how is that benefiting you?
    I have used sophos products such as firewall and email to submit suspicious files to Intelix for deep analysis to accurately detect zero day threats
    E-Learning

    Threat Intelligence

    Reviewed on Jan 16, 2024
    Review provided by G2
    What do you like best about the product?
    It provided threat classification and deep analysis for known clean and malicious objects. It was easy use and implement and was fast. I have used it frequently because of it being easy use and is efficient.
    What do you dislike about the product?
    There is nothing to dislike about SophosLabs Intelix
    What problems is the product solving and how is that benefiting you?
    Threat hunters and security analysis rely on protection and detection technology to review and investigate suspicious behaviour. I have done detailed analysis on the above problem using sophos products.
    Financial Services

    Threat intelligence

    Reviewed on Jan 16, 2024
    Review provided by G2
    What do you like best about the product?
    It provided threat classification and deep analysis of kiwn clean and malicious objects including webpage and IP addresses. It is also easy to use and is fast. It us easy to implement.
    What do you dislike about the product?
    I don't dislike anything about Sophos Labs Intelx.
    What problems is the product solving and how is that benefiting you?
    I am using SophosLabs Intelix for threat intelligence. I used products such sophos firewall and Sophia email and other products to submit files to intellix for deep analysis to accurately detect zero day threats.
    Shagun S.

    Threat intelligence

    Reviewed on Oct 03, 2023
    Review provided by G2
    What do you like best about the product?
    Detailed analysis and provides information about suspicious threat objects and also easy yo use
    What do you dislike about the product?
    I don't have something to say about dislike
    What problems is the product solving and how is that benefiting you?
    Detecting of malicious objects
    View all reviews