TalksAWS re:Invent 2025-AWS Local Zones- Sophos’ new edge in the global race against cyber-attacks-HMC215

AWS re:Invent 2025-AWS Local Zones- Sophos’ new edge in the global race against cyber-attacks-HMC215

AWS re:Invent 2025 - Sophos' New Edge in the Global Race Against Cyber-Attacks

Overview

  • Presentation by AWS hybrid cloud specialist Ben Lavasani, Sophos Chief Development Officer John Peterson, and Sophos Threat Intelligence Lead Simon Reed
  • Focuses on how Sophos is leveraging AWS Local Zones to deliver low-latency cybersecurity protection at the network edge

The Cybersecurity Landscape

  • Over 2/3 of cyber incidents now originate at the network edge - the critical point where users, devices, and data meet the cloud
  • Every millisecond counts in defending against these attacks at the edge

AWS Local Zones

  • Part of AWS's hybrid edge portfolio, providing cloud services closer to customers' endpoints and on-premises environments
  • Managed and deployed by AWS, extending parent AWS regions into metropolitan areas worldwide
  • Designed for low-latency workloads and local processing, integrated with the same APIs and tools as the main AWS regions

Sophos' Cybersecurity Platform

  • One of the largest cybersecurity vendors, with over 600,000 customers and 25,000 channel partners
  • Mission is to bring "positive cybersecurity outcomes" to businesses of all sizes
  • Processes over 223 TB of raw data daily, extracting 34 million unique detections and blocking 11 million threats
  • Surfaces 1,100 cases per day for their Managed Detection and Response (MDR) teams to investigate

Leveraging AWS Local Zones

  • Sophos' Extensible List (SXL) service - a cloud-based threat intelligence platform that connects all Sophos products and services
  • Originally deployed across 5 AWS regions, resulting in high latency and performance issues for some customers
  • Deployed SXL service to AWS Local Zones, dramatically improving the latency distribution for customers
  • Automated the deployment process - now deploy to Local Zones by default, then dynamically measure and optimize the placement

Technical Architecture

  • SXL service runs on EC2 and Route 53 in the Local Zones, connected back to the main AWS regions
  • Moved a sophisticated caching layer from the regions to the Local Zones, improving performance

Real-World Resilience

  • Tested the Local Zones deployment during Hurricane Milton in Florida
  • Despite major power outages, the system autoscaled and maintained continuous service as systems rebooted and rescanned

Key Takeaways

  • AWS Local Zones was a "game changer" for Sophos, allowing them to dramatically reduce latency for their critical threat intelligence service
  • Strong architectural design and deep understanding of data flows/metrics were crucial for a successful implementation
  • Close collaboration with the AWS Local Zones team was invaluable in shaping the solution
  • Real-world testing and resilience are essential when deploying complex, mission-critical services

Your Digital Journey deserves a great story.

Build one with us.

Talk to us
Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.