Sophos announced Wednesday that it has acquired Intel-backed Capsule8 to help expand detection and response solutions for underprotected and underserved server and cloud environments running Linux systems.
New York-based Capsule8 drives development of Linux security, which has become the dominant operating system for on-premise and cloud workloads, especially those used for high-scale workloads, production infrastructure and storing critical business data.
“Capsule8 provides very advanced Linux protection,” Dan Schiappa, chief product officer for Sophos, told CRN USA. “That’s an area that’s pretty weak in the industry, which is one of the reasons why we’re excited about the acquisition. That's an entry point. Sophos already protects more than two million servers for over 85,000 customers worldwide, and the Sophos server security business is growing at more than 20 percent per year.”
Terms of the deal were not disclosed.
UK-based Sophos expects to implement Capsule8 technology into its recently launched Adaptive Cybersecurity Ecosystem (ACE) as well as its XDR solutions, Intercept X server protection products, and Sophos MTR and Rapid Response services later this fiscal year. The technology will further expand and enhance Sophos’ data lake and deliver intelligence and advanced threat hunting, security operations and customer protection practices.
“Comprehensive server protection is a crucial component of any effective cybersecurity strategy that organizations of all sizes are increasingly focused on, especially as more workloads move to the cloud,” Schiappa said. “With Capsule8, Sophos is delivering advanced, differentiated solutions to protect server environments and expanding its position as a leading global cybersecurity provider.”
“Capsule8 is the premiere purpose-built detection and response platform for Linux,” said John Viega, CEO, Capsule8. “We provide security teams with the crucial visibility they need to protect Linux production infrastructure against unwanted behaviour, while at the same time addressing cost, performance and reliability concerns. With Capsule8’s technology, organizations are no longer forced to choose between system stability and security risk. Given the growth and mission-critical nature of Linux environments, and the fast-changing, targeted threat landscape, organizations must be confident that their Linux environments are both performant and secure.”
SophosLabs threat intelligence continues to reveal that adversaries are designing tactics, techniques, and procedures (TTPs) aimed specifically at Linux systems, many times exploiting server software as an initial entry point.
“There‘s a bunch of things that we see within SophosLabs that are still surprising to us,” Schiappa said. “We still see too many companies that have services open to the internet without proper authentication capabilities, like remote desktop protocol.
“Attackers today are incredibly aggressive and nimble as they adapt their TTPs to focus on the easiest, largest or fastest-growing opportunities,” he added. “As more organizations shift to Linux servers, adversaries have noticed, and they are adapting and customizing their approaches to attack these systems. To stay protected, organizations must factor in a strong, but lightweight layer of Linux security that automatically integrates and shares intelligence with endpoint, network and other security layers and platforms within an estate.”
Capsule8 has 34 employees and has raised a total of US$30 million in funding, according to Crunchbase. The company in 2019 said it raised a “multimillion-dollar investment” from Intel Capital and existing investors ClearSky Security and Bessemer Venture Partners.