Global cybersecurity firm Sophos has acquired Capsule8, a provider of runtime visibility, detection and response solutions for Linux production servers and containers covering on-premise and cloud workloads.
“Sophos already protects more than two million servers for over 85,000 customers worldwide, and the Sophos server security business is growing at more than 20% per year,” said Dan Schiappa, chief product officer, Sophos.
“Comprehensive server protection is a crucial component of any effective cybersecurity strategy that organisations of all sizes are increasingly focused on, especially as more workloads move to the cloud. With Capsule8, Sophos is delivering advanced, differentiated solutions to protect server environments, and expanding its position as a leading global cybersecurity provider.”
Founded in 2016, Capsule8 is dedicated solely to the development of Linux security. Driven by the dramatic growth in cloud platforms, Linux has become the dominant operating system for server workloads. Capsule8’s high-performance, low-impact design is ideal for Linux servers, especially those used for high-scale workloads, production infrastructure and storing critical business data.
Sophos is integrating Capsule8 technology into its recently launched Adaptive Cybersecurity Ecosystem (ACE), providing powerful and lightweight Linux server and cloud container security within this open platform. Sophos will also feature Capsule8 technology in its Extended Detection and Response (XDR) solutions, Intercept X server protection products, and Sophos Managed Threat Response (MTR) and Rapid Response services. This will further expand and enhance Sophos’ data lake and deliver continuous, fresh intelligence for advanced threat hunting, security operations and customer protection practices.
John Viega, CEO, Capsule8, said, “With Capsule8’s technology, organisations are no longer forced to choose between system stability and security risk. Given the growth and mission-critical nature of Linux environments, and the fast-changing, targeted threat landscape, organisations must be confident that their Linux environments are both performant and secure.”
SophosLabs threat intelligence reveals that adversaries are designing tactics, techniques and procedures (TTPs) aimed specifically at Linux systems, often exploiting server software as an initial entry point. After gaining a foothold, attackers commonly deploy scripts to perform further automated actions.
Adversaries use compromised Linux servers as cryptomining botnets or as a high-end infrastructure for launching attacks on other platforms, such as hosting malicious websites or sending malicious emails. Given that Linux servers often hold valuable data, attackers also target them for data theft and ransomware.
“Attackers today are incredibly aggressive and nimble as they adapt their TTPs to focus on the easiest, largest or fastest-growing opportunities. As more organisations shift to Linux servers, adversaries have noticed, and they are adapting and customising their approaches to attack these systems. To stay protected, organisations must factor in a strong, but lightweight layer of Linux security that automatically integrates and shares intelligence with endpoint, network and other security layers and platforms within an estate,” said Schiappa.
“We will provide this industry-leading capability and strategically important visibility and detection by combining Capsule8 with our Adaptive Cybersecurity Ecosystem products and services, greatly enhancing the ability to find and eliminate suspicious activity before it becomes malicious.”
Sophos expects to begin early access programmes with its products and services leveraging the Capsule8 technology later this fiscal year.
