- Sophos expects to begin early access programs with its products and services leveraging the Capsule8 technology later this fiscal year
- Capsule8’s high-performance, low-impact design is ideal for Linux servers, especially those used for high-scale workloads, production infrastructure and storing critical business data
Sophos has announced that it has acquired Capsule8 , that works in runtime visibility, detection and response for Linux production servers and containers covering on-premise and cloud workloads. Founded in 2016, Capsule8 is privately held and headquartered in New York, NY.Sophos expects to begin early access programs with its products and services leveraging the Capsule8 technology later this fiscal year.
Capsule8 is dedicated solely to the development of Linux security and has established itself as a technology and thought leader in the market, with marquis customer wins and billings growth of 77 per cent in the year to March 31, 2021. It said that Capsule8’s high-performance, low-impact design is ideal for Linux servers, especially those used for high-scale workloads, production infrastructure and storing critical business data.
Adaptive Cybersecurity Ecosystem (ACE)
Dan Schiappa, chief product officer, Sophos said, “Sophos already protects more than two million servers for over 85,000 customers worldwide, and the Sophos server security business is growing at more than 20 per cent per year. Comprehensive server protection is a crucial component of any effective cybersecurity strategy that organisations of all sizes are increasingly focused on, especially as more workloads move to the cloud. With Capsule8, Sophos is delivering advanced, differentiated solutions to protect server environments, and expanding its position as a leading global cybersecurity provider.”
Sophos is integrating Capsule8 technology into its recently launched Adaptive Cybersecurity Ecosystem (ACE), providing powerful and lightweight Linux server and cloud container security within this open platform.Sophos will also feature Capsule8 technology in its Extended Detection and Response (XDR) solutions, Intercept X server protection products, and Sophos Managed Threat Response (MTR) and Rapid Response services.
John Viega, CEO, Capsule8 said, “Capsule8 is the premiere purpose-built detection and response platform for Linux. We provide security teams with the crucial visibility they need to protect Linux production infrastructure against unwanted behavior, while at the same time addressing cost, performance and reliability concerns. We’ve innovated new approaches to deliver runtime security in a much safer and more cost-effective way than anyone else in the industry. With Capsule8’s technology, organizations are no longer forced to choose between system stability and security risk. Given the growth and mission-critical nature of Linux environments, and the fast-changing, targeted threat landscape, organizations must be confident that their Linux environments are both performant and secure.”
SophosLabs threat intelligence reveals that adversaries are designing tactics, techniques and procedures (TTPs) aimed specifically at Linux systems, often exploiting server software as an initial entry point. After gaining a foothold, attackers commonly deploy scripts to perform further automated actions. These could include dropping Secure Shell protocol (SSH) keys to gain direct access, attempting to remove existing security services and disabling Mandatory Access Control (MAC) frameworks, such as AppArmor and SELinux. It also includes adjusting or disabling server firewall rules (iptables) and installing post-exploit malware and configuration files and moving laterally via existing infrastructure with living off the land tools, such as SSH, Chef, Ansible, Salt, and Puppet
Adversaries use compromised Linux servers as cryptomining botnets or as a high-end infrastructure for launching attacks on other platforms, such as hosting malicious websites or sending malicious emails. Given that Linux servers often hold valuable data, attackers also target them for data theft and ransomware.