Deal expands Sophos portfolio of detection and response solutions and services for inadequately protected server and cloud environments
OXFORD, UK, July 07, 2021 (GLOBE NEWSWIRE) – Sophos, a global leader in next-generation cybersecurity, today announced the acquisition of Capsule8, a pioneer and leader in runtime visibility, discovery and response for Linux production servers and containers serving on-premise and cloud workloads. Capsule8 was founded in 2016 and is privately held and headquartered in New York, NY.
“Sophos already protects more than two million servers for over 85,000 customers worldwide and Sophos’ server security business is growing at more than 20% per year,” said Dan Schiappa, Sophos chief product officer. “Comprehensive server protection is a critical component of any effective cybersecurity strategy that businesses of all sizes are increasingly focusing on, especially as more workloads move to the cloud. With Capsule8, Sophos delivers advanced, differentiated solutions for the protection of server environments and expands its position as a leading global provider of cybersecurity. “
Dedicated entirely to Linux security development, Capsule8 has established itself as a technology and thought leader in the marketplace, with Marquis customers growing 77% and revenue growing 77% in the year ended March 31, 2021. Driven by the With dramatic growth in cloud platforms, Linux has become the dominant operating system for server workloads. The powerful and gentle design of Capsule8 is ideal for Linux servers, especially those used for large workloads, production infrastructures and the storage of critical business data.
“The main idea behind Capsule8 is that providing enterprise-grade security for Linux systems requires the provision of components that are specifically designed for that environment. These components are better at compromising security and performance when needed to achieve the desired level of resilience and protection, said Fernando Montenegro, senior research analyst at 451 Research, part of S&P Global Market Intelligence on the solutions from Capsule8.1 “As companies adopt concepts like cloud-based delivery and DevOps, the underlying computing environments are shifting noticeably towards Linux as the common execution environment. For security teams, often more familiar with Windows-centric concepts, this presents a potential challenge – there are different requirements, concepts, and practices for Linux. This is the area Capsule8 intends to address with its endpoint security offering, combining a Linux-optimized architecture with more features geared towards enterprise security and IT operations teams. “
Sophos is integrating Capsule8 technology into its recently launched Adaptive Cybersecurity Ecosystem (ACE)that offers powerful and lightweight Linux server and cloud container security within this open platform. Sophos will also have the Capsule8 technology in its Advanced Detection and Response (XDR) Solutions, Intercept X server protection products, and Sophos Managed Threat Response (MTR) and Fast response services. This will further expand and improve the Sophos offering Data lake and provide continuous, fresh information for advanced threat hunting, security operations and customer protection practices.
“Capsule8 is the first specially developed detection and response platform for Linux. We provide security teams with the critical visibility they need to protect the Linux production infrastructure from unwanted behavior while addressing cost, performance and reliability concerns, “said John Viega, CEO of Capsule8. “We have developed new approaches to providing runtime security in a much safer and more cost-effective way than anyone else in the industry. With Capsule8’s technology, companies are no longer forced to choose between system stability and security risk. With the growth and mission-critical nature of Linux environments and the rapidly changing, targeted threat landscape, organizations need to be confident that their Linux environments are both powerful and secure. “
SophosLabs Threat intelligence shows that attackers are developing tactics, techniques and procedures (TTPs) that are specifically targeted at Linux systems, often using server software as a first entry point. Once attackers gain a foothold, they often use scripts to perform other automated actions. These could include:
Deleting Secure Shell Protocol (SSH) keys for direct access
Attempt to remove existing security services
Disabling Mandatory Access Control (MAC) frameworks such as AppArmor and SELinux
Adjusting or deactivating server firewall rules (iptables)
Install post-exploit malware and configuration files
Cross movement over existing infrastructure with living land tools such as SSH, Chef, Ansible, Salt and Puppet
Attackers use compromised Linux servers as crypto mining botnets or as high-end infrastructure to launch attacks on other platforms, such as hosting malicious websites or sending malicious emails. Since Linux servers often contain valuable data, attackers also target them for data theft and ransomware.
“Attackers today are incredibly aggressive and agile as they customize their TTPs to focus on the easiest, largest, or fastest growing opportunities. As more and more companies switch to Linux servers, opponents have noticed and are adapting their approaches to attack these systems. To stay protected, organizations need to incorporate a strong but lightweight Linux security layer that automatically integrates and shares information about endpoints, networks and other security layers and platforms within a property, ”said Schiappa. “We will deliver this industry-leading capability and strategically important visibility and detection by combining Capsule8 with our adaptive cybersecurity ecosystem products and services.
Sophos expects to start early access programs for its products and services using Capsule8 technology later this fiscal year.
Capsule8 is the pioneer behind “easy-to-use” security that is seamlessly embedded in Linux systems. Designed to avoid costly downtime, overloaded hosts, or stability issues from traditional security tools, modern businesses rely on Capsule8 to secure their workloads with runtime visibility, detection, and response in any environment – containerized, virtualized, or bare metal. Capsule8 was founded in 2016 by experienced hackers and security entrepreneurs and funded by Bessemer Venture Partners, ClearSky and Intel Capital and enables Linux-based companies to protect production systems and secure growth. Learn more at www.Capsule8.com.
Sophos is a global leader in next-generation cybersecurity, protecting more than 500,000 businesses and millions of consumers in more than 150 countries from today’s most advanced cyber threats. Based on threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos offers a broad portfolio of advanced products and services to protect users, networks and endpoints from ransomware, malware, exploits, phishing and a variety of other cyber attacks. Sophos offers a single integrated cloud-based management console, Sophos Central – at the heart of an adaptive cybersecurity ecosystem with a centralized data lake that leverages a variety of open APIs available to customers, partners, developers and other cybersecurity providers. Sophos sells its products and services worldwide through reseller partners and managed service providers (MSPs). Sophos is headquartered in Oxford, UK. For more information, see www.sophos.com.
1 Beginning of Coverage: With cloud workloads increasing, Capsule8 is striving for security tailored for Linux, 451 Research Impact Report, May 29, 2020
CONTACT: Contact Information: Brandon Reid, [email protected]