Sold by: Sophos
Deployed on AWS
Free Trial
Vendor Insights
AWS Free Tier
Sophos Cybersecurity as a Service combines world class products, tools, services, and expertise into one holistic solution.
4.7
Overview
Your cybersecurity. Our responsibility.
Every organization wants the best cyber defenses, but very few have all the skilled resources to deliver them. With Cybersecurity as a Service for AWS (https://soph.so/caas ) we deliver world-leading protection for you or with you. All Sophos product and services offerings can be tailored to the exact needs of your organization's security program. Our integrated cybersecurity products automatically stop 99.98% of threats before they can run, while our threat hunting and neutralization experts monitor your environment 24/7, shutting down even the most advanced attacks on your behalf. Learn more about our services integration with AWS here: https://soph.so/awsmtp .
Sophos cloud products include:
- Cloud Security Posture Management: Sophos Cloud Optix continuously scans cloud environments to identify assets, assess their security and compliance settings, and identify malicious activity that may lead to data breaches - enabling you to quickly remediate misconfigurations and respond to threats. It integrates with AWS GuardDuty and SecurityHub and provides agentless malware scanning for the S3 storage service. Learn more: https://soph.so/cloud_optix
- Cloud Workload Protection: Sophos agents protect Windows and Linux hosts running in the cloud against modern threats, including ransomware. Learn more: https://soph.so/cwp
- Cloud Edge Firewall: Sophos Firewalls provide network visibility, protection, and response across public, private, and hybrid cloud environments. With cloud native, virtual, and physical appliances, Sophos Firewalls protect networks of any kind. Learn more: https://soph.so/ngfw
- Endpoint Protection: Sophos Endpoint agents protect your users against everything from common malware to advanced fileless threats and ransomware. Learn more: https://soph.so/endpoint
- Managed Detection and Response Service: Sophos MDR is the world's most trusted MDR service. Analysts leverage telemetry from AWS together with your endpoint, firewall, network, email, and identity solutions to accelerate threat detection, investigation and response across your full environment. Learn more: https://soph.so/mdr
Designed with SMB organizations in mind, Cybersecurity as a Service provides:
- Affordable threat protection: enterprise-grade cybersecurity that's cost effective for small businesses. Learn more: https://soph.so/smb
- An instant Security Operations Center: Managed by you, by us, or together. Simple, one-time installation gets you up and running in minutes.
- World-class cybersecurity defenses: Technology that works with hybrid cloud environments. From endpoint and network security to email and cloud, we have you covered.
- An expert team of cybersecurity professionals: Available 24/7/365. Our AI, malware and security operations specialists work together to constantly improve protection and help customers respond to incidents and breaches.
- A free intuitive cloud-based security platform: Sophos Central allows you to manage all your defenses in one place for maximum efficiency and cross-estate coordination. Providing simple management and reporting, Sophos Central also includes Threat Analysis tools for customers that operate their own security operations teams. Learn more: https://soph.so/sophos-central
Sophos provides a wide range of security solutions to protect users, networks, and cloud environments. To view all products please visit our Sophos Central listing page - https://soph.so/sophos-central .
Looking for custom pricing options? Contact us publiccloudsales@sophos.com
Highlights
- 24/7 Managed Detection and Response across Sophos and 3rd party products. Sophos MDR provides the most comprehensive native security integrations on the market, bringing together signals from endpoint, workload, network, email, cloud and mobile solutions. Learn more: https://soph.so/mdr
- Cloud native and hybrid cloud cybersecurity products provide protection for customers migrating to and in the cloud. Learn more: https://soph.so/cns
- A free cloud based unified management platform that centralizes reporting and configuration for all Sophos products and cybersecurity tools. Sophos Central facilitates sharing of real time threats, health and security information between Sophos products and enables automatic response actions to contain and eradicate threats. Learn more: https://soph.so/sophos-central
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(1)
AWS Security Specialization
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Cloud Workload MDR | Managed Detection Response for server OS with XDR tools | $390.72 |
Cloud Optix Advanced | Agentless CSPM for AWS, K8s | $140.04 |
Cloud Edge Firewall | Firewall/IPS/Web/WAF/Sandbox: Price per Firewall includes all features | $3,424.00 |
Sophos MDR - Endpoint | Managed Detection Response for user workstations including XDR tools | $239.64 |
Vendor refund policy
Please refer to the Sophos EULA for details on our refund policies.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Sophos support portal for licensed customers with an existing SophosID: https://support.sophos.com Toll Free: 1-888-SOPHOS-9 (1-888-767-4679)International: 1-781-494-5800 To contact Support, please log into your Sophos Central Dashboard, click on HELP in the upper right corner, then click on CREATE SUPPORT TICKET. Or, visit https://www.sophos.com/en-us/support.aspx to go to the Sophos Community to find information and resolutions on common questions and issues.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Sophos
By Palo Alto Networks
By Juniper Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Threat Detection and Response
Automatic threat detection and neutralization with 99.98% threat interception rate, supported by 24/7 managed detection and response service with threat hunting and neutralization experts
Cloud Security Posture Management
Continuous scanning of cloud environments to identify assets, assess security and compliance settings, detect malicious activity, and identify misconfigurations with agentless malware scanning for S3 storage and integration with AWS GuardDuty and SecurityHub
Endpoint and Workload Protection
Agent-based protection for Windows and Linux hosts against modern threats including ransomware, fileless attacks, and advanced malware
Network and Firewall Protection
Cloud-native, virtual, and physical firewall appliances providing network visibility, protection, and response across public, private, and hybrid cloud environments
Unified Management and Orchestration
Cloud-based centralized management platform enabling configuration, reporting, and real-time threat information sharing across endpoint, firewall, network, email, cloud, and identity solutions with automatic response actions
Application Layer Visibility and Control
Complete application layer-7 visibility and control of traffic with next-generation firewall capabilities in AWS environments
AI/ML-Powered Threat Detection
AI/ML-powered inspection engine with researcher-grade signatures for detection of zero-day threats, exploits, malware, spyware, and command and control attacks
Dynamic Policy Management
Policy definitions that dynamically apply to cloud assets based on AWS tags, Application IDs, User IDs, geographies, or zones without manual intervention
Cloud Infrastructure Integration
Seamless integration with Gateway Load Balancer, AWS Auto Scaling, and Transit VPC with AWS Transit Gateway for protection across dynamic and large-scale deployments
Advanced Threat Prevention Service
Cloud-delivered Advanced Threat Prevention security service with market-leading threat coverage against known and zero-day threats while maintaining performance
Next Generation Firewall Architecture
High-performance firewall solution with core firewall, VPN, NAT, and advanced L4-L7 security services including application security, IPS, and anti-virus capabilities.
Anti-Virus and Malware Protection
Cloud-based anti-virus protection that detects and blocks spyware, adware, viruses, keyloggers, and other malware over POP3, HTTP, SMTP, and FTP protocols.
Intrusion Detection and Prevention
Intrusion detection and prevention (IPS) system integrated with application visibility and control through AppSecure for threat detection and workload protection.
VPN and Secure Connectivity
IPsec and full mesh VPN termination services enabling secure connectivity from on-premises data centers, campuses, and branches to AWS cloud across geographically dispersed VPCs.
AWS Cloud Service Integration
Native integration with AWS services including Elastic Load Balancer, Auto-Scaling Groups, CloudWatch, Security Hub, Key Management Service, Elastic Network Adapter support, and Gateway Load Balancer with L3 gateway and L4 load balancer capabilities.
Standard contract
No
No
No
Customer reviews
Vikas-Gupta
Automated threat response has ensured uninterrupted operations and provides clear 24x7 security visibility
Reviewed on Feb 17, 2026
Review provided by PeerSpot
What is our primary use case?
Sophos Cybersecurity as a Service product name is MDR, and we started using it from last year only. It has been one year now.
What is most valuable?
I use its automated threat response, which is a key feature of the service.
Sophos Cybersecurity as a Service is taking care of the complete cybersecurity, helping to mitigate potential threats by monitoring the logs and the events 24/7. Whatever events are coming, they are sharing the report over the email. Wherever they need our intervention, they give us the instructions on how to fix it. Otherwise, they take care of the complete security on their own. The MDR team takes care of all the events and every log.
It is about visibility, and the value of deep visibility into my network activities provided by Sophos Cybersecurity as a Service is significant. The reason we shortlisted the product is the reports. They keep sharing every event, every log over the email so that my team can check what the critical things are and where their intervention is required. Otherwise, Sophos Cybersecurity as a Service MDR team takes care of everything. We need not get into each and every event and check what issues are going on. Most of the events are taken care of by Sophos Cybersecurity as a Service team. Only the things which are on our part, for example, any system that needs to be patched or any OS to be upgraded, come to us. Otherwise, Sophos Cybersecurity as a Service MDR team takes care of everything.
What needs improvement?
One feature which we would like to have in the product is the inventory. For example, if I have the agent installed on each machine and server, why can't we fetch the inventory details from the console? If you look at the competition products such as CrowdStrike, they give clear visibility into what software is installed, what legitimate tools are installed, and what software is not even licensed or may not be secure to install. Those things are reported back to the concerned team, maybe the systems teams, and they can use it brilliantly. Unfortunately, Sophos Cybersecurity as a Service doesn't provide that kind of visibility into what software or tools are installed on a particular system. There is a feature which requires running what you call an XG script to fetch those kinds of details. However, it is not on the GUI as other competitor companies are providing. That is the one feature we really miss. In terms of service and support, I don't think there is an issue because it is already a brilliant five-star service support.
The visibility feature that I already mentioned is the only primary feature which we are missing. The rest is absolutely fine. I don't think there is anything else which should be there.
For how long have I used the solution?
We started using it from last year only. It has been one year now.
How are customer service and support?
Technical support by Sophos Cybersecurity as a Service is excellent, and I can grade it as a 10. I don't have one issue with the technical support.
Service support has no problems, and as a product, if you talk about it, there are a couple of features which are missing. I may deduct one and a half points, so I will give them an 8.5.
How would you rate customer service and support?
Positive
What other advice do I have?
The enhanced threat hunting and forensics provided by Sophos Cybersecurity as a Service have significantly helped my organization address cyberattacks. Sophos Cybersecurity as a Service takes care of the XDR logs, and any kind of anomalies or threats which they find, they take care of it. Any policies to be updated, any IP to be blocked, or any source or domain to be blocked, they just intimate to us that these are the things we need to take care of. Most of the things are otherwise taken care of by Sophos Cybersecurity as a Service team on their part.
Most of the things are on-premise, and cloud-based operation for centralized management is not important for my organization since we are not a cloud company. We don't have any payloads on the cloud. We have a small data center where we have multiple servers and everything on-premise only. We are not using any of the cloud security, cloud vertical, or cloud features from Sophos Cybersecurity as a Service. Most of the things are on-premise only.
The metrics I use to measure the effectiveness of Sophos Cybersecurity as a Service threat intelligence capabilities are straightforward. My uptime and business continuity are very important. Since the day we started using Sophos Cybersecurity as a Service MDR, there has not been a single incident. Even before something hits us, they get alerted and they take the required measures.
We are not familiar with SophosLabs Intelix as a threat intelligence platform.
I have given Sophos Cybersecurity as a Service an overall review rating of 8.5.
BENOIT C.
Proactive Threat Hunting and Seamless Integrations
Reviewed on Jan 13, 2026
Review provided by G2
What do you like best about the product?
I appreciate their proactive human-led threat hunting and the ability to integrate with security tools from other vendors.
What do you dislike about the product?
The high cost of premium tiers and the heavy system resource usage on older machines are significant drawbacks.
What problems is the product solving and how is that benefiting you?
It addresses the global cybersecurity skills gap by providing 24/7 expert threat hunting and immediate incident remediation.
shiv k.
Centralized Security and Effortless Threat Isolation
Reviewed on Dec 27, 2025
Review provided by G2
What do you like best about the product?
best thing is that it is centerlized and if any attack or virus detedted it islotae the system then admin can review all log from central port
What do you dislike about the product?
there is no depth of exclusion if want exlude all subdomain can not use *.domian.com need to manualy define all URL and for some custom app or script that you have to define fix path location otherwise MDR blocck and remove that
What problems is the product solving and how is that benefiting you?
all device log are centlized and i can apply policy from a cental point to all endpoints
vladimir C.
Total Peace of Mind with Sophos MDR: 24/7 Security and Clear Alerts
Reviewed on Dec 17, 2025
Review provided by G2
What do you like best about the product?
What I appreciate most about Sophos MDR is that, essentially, I have a team of cybersecurity experts watching my network 24/7, without needing to hire my own staff. Let's be honest: I don't have the budget or the knowledge to maintain a security team that is alert at 3 in the morning monitoring threats.
What really gives me peace of mind is that they not only detect suspicious activities, but they also act immediately. I've been through a couple of situations where they notified me that they had blocked something suspicious and had already taken action before I even found out. It's like having a digital bodyguard that never rests.
Moreover, something that seems simple but is extremely valuable: the alerts I receive make sense. It's not a bombardment of incomprehensible technical notifications that only overwhelm. They clearly explain what happened, what actions they took, and if I need to do anything on my part. For someone who doesn't work in cybersecurity all day, that's priceless. It allows me to focus on my business, knowing that aspect is in the hands of professionals.
What really gives me peace of mind is that they not only detect suspicious activities, but they also act immediately. I've been through a couple of situations where they notified me that they had blocked something suspicious and had already taken action before I even found out. It's like having a digital bodyguard that never rests.
Moreover, something that seems simple but is extremely valuable: the alerts I receive make sense. It's not a bombardment of incomprehensible technical notifications that only overwhelm. They clearly explain what happened, what actions they took, and if I need to do anything on my part. For someone who doesn't work in cybersecurity all day, that's priceless. It allows me to focus on my business, knowing that aspect is in the hands of professionals.
What do you dislike about the product?
Honestly, what impacts me the most is the price. It's not cheap at all, and for a small or medium-sized company like ours, it represents a considerable investment that really affects the monthly budget. Sometimes I question whether we really need such a high level of protection or if we're overpaying, although then I remember the scares we've had and my doubts fade away.
Another thing that frustrates me is the feeling of being too dependent on them. I feel like I've lost some direct control over our own infrastructure. If I want to make any changes or adjust the security settings, I have to request it from their team. Although they usually respond quickly, it's not the same as being able to do it myself at the moment I need it.
Also, at the beginning, the learning curve was quite steep. We had to modify some internal processes and there was some friction with the IT team, as they felt they were being "replaced" or supervised. That created tensions that we had to resolve with a lot of diplomacy.
Lastly, the monthly reports are sometimes too technical. When I have to present them to the board of directors, they don't want to see terms like "IOCs" or "lateral movement"; what they want to know, in clear and simple Spanish, is whether we are protected or not.
Another thing that frustrates me is the feeling of being too dependent on them. I feel like I've lost some direct control over our own infrastructure. If I want to make any changes or adjust the security settings, I have to request it from their team. Although they usually respond quickly, it's not the same as being able to do it myself at the moment I need it.
Also, at the beginning, the learning curve was quite steep. We had to modify some internal processes and there was some friction with the IT team, as they felt they were being "replaced" or supervised. That created tensions that we had to resolve with a lot of diplomacy.
Lastly, the monthly reports are sometimes too technical. When I have to present them to the board of directors, they don't want to see terms like "IOCs" or "lateral movement"; what they want to know, in clear and simple Spanish, is whether we are protected or not.
What problems is the product solving and how is that benefiting you?
Sophos MDR solves my biggest problem: not having the staff or specialized knowledge to defend my company from real cyber attacks. Before hiring them, I slept poorly thinking "what if we get hacked tomorrow and we don't even realize it until it's too late?" We had basic antivirus, firewall, the usual, but I knew that was no longer enough with how sophisticated attacks are nowadays.
The direct benefit is that now I have an expert team actively hunting threats in my network. They don't wait for an alarm to go off - they are looking for strange behaviors, suspicious patterns, things I would never know how to identify. A few months ago they detected a ransomware attempt that was silently moving through the network. They neutralized it before it encrypted anything. If we had relied solely on our internal team, we probably would have realized it when everything was already encrypted and with a ransom note on the screen.
It also solves the problem of regulatory compliance. I work with sensitive customer data and need to demonstrate that I have serious security measures. Sophos MDR gives me the documentation and reports I need for audits and certifications.
And perhaps the most valuable: it gives me time. Before, my IT manager spent his time putting out security fires. Now he can focus on projects that really grow the business, while Sophos takes care of keeping us protected. That's a return on investment that doesn't appear on any spreadsheet but that I feel every day.
The direct benefit is that now I have an expert team actively hunting threats in my network. They don't wait for an alarm to go off - they are looking for strange behaviors, suspicious patterns, things I would never know how to identify. A few months ago they detected a ransomware attempt that was silently moving through the network. They neutralized it before it encrypted anything. If we had relied solely on our internal team, we probably would have realized it when everything was already encrypted and with a ransom note on the screen.
It also solves the problem of regulatory compliance. I work with sensitive customer data and need to demonstrate that I have serious security measures. Sophos MDR gives me the documentation and reports I need for audits and certifications.
And perhaps the most valuable: it gives me time. Before, my IT manager spent his time putting out security fires. Now he can focus on projects that really grow the business, while Sophos takes care of keeping us protected. That's a return on investment that doesn't appear on any spreadsheet but that I feel every day.
Andy K.
Peace of Mind with Proactive Human Oversight
Reviewed on Dec 16, 2025
Review provided by G2
What do you like best about the product?
What I like best is peace of mind. The human layer on top of software detection so that if something is off, its investigated instead of juust generating noise.
What do you dislike about the product?
Obviously cost is an isssue, it's much more pricey than some other services. Also, there's a pretty big learning curve especially if you're not already in the Sophos ecosystem.
What problems is the product solving and how is that benefiting you?
Sophos MDR solves the problem of limited time and expertise to monitor and respond to threats around the clock. We're able to deploy enterprise level protection to smaller businesses and it adds a credibility to my team.