Overview

1/2

Sophos Cloud UTM9 Auto Scaling is an AWS Security Competency approved NextGen Firewall Auto Scaling solution that helps customers with their shared security responsibilities by offering multiple layers of protection in a single solution that scans, controls and reports on traffic entering and leaving a VPC.

Security features include a Web Application Firewall (WAF), a pre-tuned and automatically updated Intrusion Prevention System (IPS), an Outbound Web Proxy/ Layer 7 Application Engine to protect and control connections to the Public Internet, an Advanced Threat Protection engine to identify and block unknown and evasive threats, and VPN Gateway features to securely connect remote sites and users. The UTM9 NextGen Firewall solution also provides detailed logs and reports which can be viewed on system and/or exported to the AWS CloudWatch Logs service and any Syslog compatible device.

Sophos provides a CloudFormation template to easily deploy the Active/Active solution across multiple Availability Zones while integrating with key AWS services such as Auto Scaling, CloudWatch, and S3 to comply with AWS Best Practice guidance on secure architecture. UTM9 Auto Scaling also provides Outbound Gateway which provides for secure, scalable outbound traffic protection, and a secure REST API to automate configuration.

Part of a complete cloud security portfolio. A selection of Sophos AWS Marketplace offerings is included below, while more can be found at www.sophos.com/cloud .

Sophos UTM Standalone or HA (Free Trial): https://soph.so/utm-payg
Sophos XG Firewall Standalone (Free Trial): https://soph.so/xg-firewall-payg
Sophos Cloud Optix (CSPM with Free Tier): https://soph.so/cloud-optix

If you have any questions about Sophos solutions or if you need assistance with deployment or configuration, please contact the Sophos Public Cloud team at aws.marketplace@sophos.com .

Highlights

Control infrastructure and security costs by combining multiple security tools into a single, easy to deploy, scalable solution.
Web App Firewall (WAF) protects your web apps against common threats like SQL injection and Cross-Site Scripting. Next-Gen Firewall protection and reporting with stateful traffic inspection, Layer-7 application control, secure proxies, and IPS.
Outbound Gateway (OGW): automatically scale up or down for outbound network packet inspection, or URL filtering and whitelisting to help ensure your applications are accessible only to authorized services.

Details

Sold by

Sophos

Pricing

Free trial

Try for free

Try this product at no cost for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

Sophos Cloud UTM 9 (Auto Scaling PAYG)

Info

View purchase options

Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covering your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.

Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.

Region

Usage costs (26)

Info

Instance type	Product cost/hour	EC2 cost/hour	Total/hour
t2.small	$0.10	$0.023	$0.123
m3.medium	$0.35	$0.067	$0.417
m3.large	$0.75	$0.133	$0.883
m3.xlarge	$1.10	$0.266	$1.366
m3.2xlarge	$1.45	$0.532	$1.982
m4.large	$0.76	$0.10	$0.86
m4.xlarge	$1.15	$0.20	$1.35
m4.2xlarge	$1.50	$0.40	$1.90
m5.large	$0.76	$0.096	$0.856
m5.xlarge	$1.15	$0.192	$1.342

Vendor refund policy

Terminate the EC2 instance(s) or delete the CloudFormation stack at any time to stop incurring charges. You may email aws.marketplace@sophos.com for questions regarding Sophos UTM charges and refund requests.

Custom pricing options

Request private offer

Find a fit for enterprise or unique needs with a private offer.

Legal

Vendor terms and conditions

Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

Content disclaimer

Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

Usage information

Info

Request demo

Version

Delivery details

Auto Scaling using CloudFormation

This CloudFormation template allows you to deploy Sophos UTM in an Auto Scaling scenario to automatically scale up and down with your application in AWS. The template will deploy three EC2 instances: one EC2 instance hosts the UTM Controller used for administration, and two EC2 instances host UTM Workers used to inspect traffic. The UTM Controller resides in an Auto Scaling group and stores configuration details, logs, and reports to an S3 bucket. The UTM Workers reside in another Auto Scaling group behind Elastic Load Balancing (ELB) and automatically increase the number of UTM Workers during demand spikes to maintain performance and decrease the number of UTM Workers during lulls to reduce costs. The UTM Workers use the configuration file stored in S3 to launch new UTM Workers for Auto Scaling and to propagate configuration changes via notifications from Amazon Simple Notification Service (SNS).

Sophos UTM Auto Scaling also offers an additional layer of security called Outbound Gateway (OGW) which allows customers to inspect and scale security based on outbound connections. OGW works by deploying gateway instances into VPC subnets (both local and remote) that forward all traffic to UTM workers via Generic Routing Encapsulation (GRE) tunnels. OGW provides failover across Availability Zones (AZs) and supports VPC peering to allow you to direct all application traffic to a Shared Security VPC.

CloudFormation Template (CFT)

AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."

Version release notes

https://community.sophos.com/products/unified-threat-management/b/utm-blog

Additional details

Usage instructions

You can manage your Sophos UTM on AWS from the Web Interface using HTTPS (TCP port 4444), the command shell using SSH (TCP port 22), and via the RESTful API.

Sophos UTM requires a valid email address for administration purposes. This email address is not used for any other purpose and remains local to the Sophos UTM AMI. Please refer to the Sophos Privacy Policy for more details. https://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx

Sophos UTM on AWS Quick Start Guide https://www.sophos.com/en-us/medialibrary/PDFs/documentation/SophosUTMAWS.pdf

For additional information about deploying on AWS please see: https://www.sophos.com/en-us/support/documentation/sophos-utm.aspx

Resources

Vendor resources

Sophos UTM on AWS Guides and Knowledgebase articles

Sophos UTM RESTful API

Sophos GitHub

Support

Vendor support

For customers who participate in the AWS Product Support Connection, Sophos provides technical support via phone and web portal. Phone: +1-844-591-2756 Web portal:

Get support

AWS infrastructure support

AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Get support

Similar products

Liquibase Pro

By Liquibase

Liquibase helps teams release software faster and safer by bringing the database change process into existing CI/CD automation. Without automation, CI/CD fails at the database.

View product

IIS on Windows 2016 with maintenance support by Apps4Rent

By Apps4rent LLC

This product has charges associated with it for technical support and maintenance provided by Apps4Rent. The usage charges are USD 0.1/hour.

View product

Go on Red Hat Enterprise Linux 7 supported by Apollo

By Apollo

This product has charges associated with it for seller support. An installation of Go on Red Hat Enterprise Linux 7 with support.

View product

Postfix Mail Server for Amazon Linux 2 with Support by Kurian

By Kurian

This is a repackaged open source software product wherein additional charges apply for patching the operating system and the maintenance provided by Kurian. The AMI has the latest, stable version of Postfix that can be configured as a SMTP server or Mail Transfer Agent.

View product

Customer reviews

Write a review

Ratings and reviews

Info

3.9

14 ratings

5 star

4 star

3 star

2 star

1 star

79%

14%

14 AWS reviews

Ali

existing VPC template is missing

Reviewed on Oct 07, 2022

Purchase verified by AWS

can you please create an existing template for this autoscaling ?

as it stands the Sophos UTM 9 (Auto Scaling PAYG) only supports new vpc

many customers already have vpc with their subnets including utm firewalls

Leave a comment 0 comments

Anthony P.

Enables us to fully isolate an infected server or workstation with the click of a button

Reviewed on Jan 16, 2019

Purchase verified by AWS

Threat management for servers is our primary use case. We're not using it on all workstations, just a few. We're primarily using it on servers.

The version we're using is fully in the cloud, not on-prem.

How has it helped my organization?

We don't have to worry about viruses anymore. Before Sophos, we didn't have anti-virus at all because we're a newer company and we're just now starting to get into business-level stuff. When we installed it on a few of the users' machines, we saw that they did have very minor infections - they downloaded something they shouldn't have, something that could have hurt the computer. We were able say, "Well, we're glad they didn't click on that."

What is most valuable?

The isolation of infected machines is a big feature. Also, the ability to detect external sources that change files on a file server is really big.

The third key feature is something called EDR. It's a type of advanced file analysis. If you aren't sure what a file is you can click on it and it will upload a sample to Sophos and it will respond saying, "That's malicious," or "Not malicious." You can see every individual file and registry key that that file has ever interacted with, and what they did. It will show you every single thing it's done to the machine so you can clean up everything or check everything that it has ever touched. You don't have to worry about, "Oh, did I clean everything up?"

What needs improvement?

It does have built-in policies which enable you to disable USB devices, etc. It would be nice if they had more policies because there are not that many of them.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

In terms of stability, it's definitely top-notch, a market leader. The ability to do things and the availability of it being online aren't an issue.

What do I think about the scalability of the solution?

It seems very scalable. All you do is install the client, and it pulls it in. You don't have to actually have more Sophos servers running. It all goes back to their central, cloud-based platform, which is nice.

How is customer service and technical support?

I haven't had to use Sophos' technical support.

How was the initial setup?

The initial integration and configuration of Sophos in our AWS environment was incredibly easy. They give you a license key and a file. You download that file on the operating system type that you're trying to install it on. Install it and it's done. There's nothing else at all to do. It gets auto-configured for you.

What was our ROI?

We haven't seen ROI because we just got it two or three months ago. Over time we will.

What's my experience with pricing, setup cost, and licensing?

The biggest issue with Sophos is the pricing. It's definitely more expensive. We looked at Webroot, which is a big alternative, and Sophos was almost three times the price of Webroot. That's a pretty big difference.

We actually went with both Webroot and Sophos. We went with Webroot for most of the client machines. We're only using Sophos for the servers and the really important client machines, like the ones the managers use. That way, we can split our cost up a little bit.

Which other solutions did I evaluate?

We looked at Webroot, primarily. That was pretty much the only one we evaluated that was even close to being a competitor. We did look at a few others, but we didn't even do the trials because \Webroot and Sophos offered so much more.

Webroot seemed really nice for Windows, but we have a lot of Macs. Our servers are Windows, and we definitely went with Sophos for the servers because it has a little bit more capability with Webroot.

An example would be that if you have a file server, it will actually detect if a source is changing stuff on the file server. Suppose that a client was connected to them. That client wouldn't even need protection. Sophos is smart enough to understand, "Hey, a client just uploaded this virus." Webroot wouldn't do that. Sophos also lets us do full isolations of the servers or workstations. So if something gets infected, we can isolate that machine with the click of a button, clean it up, and then release it back into the network. That's not something Webroot was capable of handling either. Those were two big things to us because both of those features stop viruses from spreading.

Everyone's going to get infected at some point. We just want to stop the spread as soon as possible.

What other advice do I have?

If you're running a full Windows-based shop you're going to have a lot more options, so make sure you shop around. If you're running a Mac-based shop like we are, Sophos is definitely the way to go. Just make sure you can afford it.

Regarding how well Sophos integrates with other products, so far we haven't integrated it with anything. We have it on the servers and we have it scanning our Amazon accounts, but that's it. The integration with Amazon is cool. Maybe they could work on that because it seems like a newer feature. You can see what's available but not really do anything yet.

Leave a comment 0 comments

Aimee W.

Allows our client to use cross-region AWS VPCs to connect remote dev offices

Reviewed on Jan 13, 2019

Purchase verified by AWS

A client wanted to trial Sophos UTM 9 before deploying it into a production environment because, historically, Sophos has not had the best of reputations in AWS. The client had used Sophos in other environments, hence they wanted to stick to what they know.

How has it helped my organization?

The solution allows the client to use cross-region AWS VPCs to connect remote dev offices.

What is most valuable?

Classic defence in depth, with layered features.

* SPI (stateful packet inspection)

* IPS

* WAF

* VPN capability with built-in load balancer

Nothing out of the ordinary these days, but the fact Sophos has such a big name and good support was a big plus for the client who already had a relationship with Sophos support. Also, auto-scaling of UTM workers using EC2 is a nice and handy feature.

UTM 9 brings along IPSec as well as iPhone and iPad support. This seems small but it‚Äôs useful.

Finally, Cold Standby CloudFormation script to one node, with persistent info in S3, is a convenient feature.

What's my experience with pricing, setup cost, and licensing?

We procured this solution via the AWS Marketplace because of BYOL (bring your own licence). That was the driving force behind the choice. In addition, they had test and production environments in AWS already so it was easy to get a sign-off.

What other advice do I have?

We didn‚Äôt find any issues but I know there have been some in the last few years. I can‚Äôt comment about Sophos‚Äô on AWS previously but they seem fine now. There were no problems for our client so all I can comment on is the experience they had. I think it‚Äôs taken a little while for Sophos to get experience in solving problems with their product in the AWS environment, but they do seem to go the extra mile.

Leave a comment 0 comments

DataDeptMgr674

As both a firewall and UTM it's perfect, however, sometimes with setting up the spam filters there is an issue.

Reviewed on Jan 12, 2019

Purchase verified by AWS

As we are a solution provider and not product oriented, we give the best solution for our customers, with a good price. We are the number one company in the region, BTC, and operate in Egypt, Iraq, Jordan, Lebanon, and Saudi Arabia.

What is most valuable?

As both a firewall and UTM it's perfect.

What do I think about the scalability of the solution?

No issues encountered.

How is customer service and technical support?

Customer Service: For me, the customer satisfaction, and awareness, is the most important thing. I usually train all my clients on their chosen system.

Technical Support: 10/10.

Which solutions did we use previously?

As we are a service provider, we offer various other products to our customer:

* Astaro ASG

* Avaya/Netscreen

* Fortinet

* HP Switches & WiFi

* Juniper SSG

* Juniper SRX 210 & 240

* Juniper WXC

* Sophos next generation SG, including RED, SG, and WiFi

* Telindus Crocus E1Q

How was the initial setup?

For me, the installation and setup is simple. I work hard to do the simulation for the customer, and discuss all the requirements before implementation with the client.

What about the implementation team?

In one project I implemented Sophos for was a bank. I had to involve the Sophos team as the client was asking for WAF in transparent mode with HTTPS inspection. They were 10/10.

Which other solutions did I evaluate?

Prior to Sophos, it was mainly Juniper and Fortinet.

What other advice do I have?

Leave a comment 0 comments

Juan C. Sanchez Pignalosa

Application Control should be able to be managed with users; however, we now have a protected, standardized network.

Reviewed on Jan 12, 2019

Purchase verified by AWS

Our datacenter cloud services such as email, and web services for internal and external use, had to be protected with different systems and the web services where left really unprotected, since we used an standard IPS/IDS to protect ourselves from web attacks (from the outside) which nowadays are really sophisticated. Also, we had to employ many work hours to have a protected, standardized network. With Sophos EndPoint and Sophos UTM, we simplified and also protected our network at the same time, with less work force.

What is most valuable?

The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars. The just introduced Sandstorm system for protection, is awesome as well.

What needs improvement?

Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside an specific timeframe, or vice versa.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

The scalability is awesome as when you need the network protection systems to grow immediately, you just activate and license the exact same box, and configure it in cluster mode for Active-Active mode in Cluster/High Availability.

How is customer service and technical support?

This is where Sophos vendor outclasses every other vendor. They have grown so much throughout the last four to five years, but they have grown as well in their capability to attend support cases. We've had some really advanced cases, and we have never been forgotten or left behind.

Which solutions did we use previously?

We used a commercial product, Untangle, with our own brand called Rhino Box. Untangle did not invest in the development of features as we expected, such as the adoption of IPSec VPNs (they had it but very limited), and IPv6. This was what made us do research for our SMB/Enterprise market offering. We tried out Sophos UTM (recently purchased as Astaro UTM) and it was really easy to deploy and came with Sophos Support, which is awesome.

How was the initial setup?

The initial setup is straightforward. Sophos brand is well known in the market for being a unique and powerful tool that is simple to deploy and manage. This is what makes it different from any other vendors. The Sophos UTM, comes with a deployment "Wizard for Dummies" since it show the wizard at the initial setup, and in less than three minutes, you can have your box up and running. Also for Policies deployment, you are clicks away to customize your security settings.

What about the implementation team?

We always deploy by ourselves, so that way we can test how the customer will see the initial implementation. Our main advice, is to read the manual, and follow the wizards that comes with each tool. Also, it is strongly recommended to have a professional firm contracted for the initial setup, and support, as we are, to can design, and help with any kind of implementation issues.

What was our ROI?

The ROI is in 12-16 months, since with this kind of tool, we deliver the best of breed protection, and increment the focus of the end user, in being productive.

What's my experience with pricing, setup cost, and licensing?

I recommend you get the three year licenses, since Sophos offers three years for the price of two. I would also recommend that you acquire any Sophos Licensing with Professional Services added, that way, you'll have the best experience possible.

What other advice do I have?

Leave a comment 0 comments

View all reviews