Sophos Acquires Capsule8 Security Platform for Linux Containers

Sophos this week announced it has acquired Capsule8, a provider of tools for securing runtimes on Linux servers and container platforms, as part of an effort to expand its current focus beyond Windows security.

Dan Schiappa, chief product officer for Sophos, says early next year the Capsule8 platform will be integrated with the Sophos management console that is at the heart of the adaptive cybersecurity ecosystem (ACE) that Sophos recently launched.

Sophos will also integrate the Capsule8 security platform with the rest of its security portfolio, including extended detection and response (XDR), Intercept X server protection tools and Sophos managed threat response (MTR) and rapid response services.

Schiappa says as organizations increasingly seek to consolidate security, they are looking to invest in platforms to automate security management across both Windows and Linux environments. Capsule8 provides the runtime for Linux and containers that will enable Sophos to achieve that goal, Schiappa adds.

In the longer term, Sophos will employ the technology developed by Capsule8 to secure Windows environments that are also being used to run containerized applications, notes Schiappa.

Capsule8 CEO John Viega says managing security is becoming more challenging as organizations deploy containerized applications on Linux servers. In many cases, developers assume that containers, which will only run for a few seconds, are not likely to compromised. In reality, however, Viega notes it only takes a few seconds for cybercriminals these days to gain a toehold in a container environment which they can later exploit more fully. A somewhat innocuous cryptojacking attack that remotely spins up containers to mine for cryptocurrencies is likely to be only the first incursion, notes Viega. It’s only a matter of time before that exploit is used to deliver more lethal forms of malware, adds Viega.

Containerized applications still make up a relatively small percentage of the applications deployed by organizations in a production environment, but the rate at which containers are being deployed is starting to attract more attention from cybersecurity professionals. In the wake of a series of high-profile software supply chain breaches, many cybersecurity professionals are now asked to conduct security reviews. In some cases, they are encountering containers that developers have deployed in production environments for the first time. Constructing a DevSecOps workflow that ensures containers in production environments are secure is, in most cases, still a work in progress.

In the meantime, savvy DevOps teams are conducting security reviews on their own rather than waiting on security teams to do so. DevOps teams, after all, are more likely to be sensitive to the need to secure software supply chains without slowing down the rate at which applications are built and deployed. Security teams, conversely, tend to be much more focused on processes that ensure, with as much certainty as possible, that there won’t be unpleasant security issues regardless of the impact that has on developer productivity. The challenge—and the opportunity—is for both teams to meet in the middle.

Mike Vizard

Mike Vizard is a veteran IT journalist with more than 25 years of experience covering the technology industry, having previously served as Editor-in-Chief of both CRN and InfoWorld and as editorial director for Ziff-Davis Enterprise, where he oversaw titles including eWEEK, CIO Insight and Baseline. Over his career he has also edited or contributed to a wide range of enterprise technology publications, including IT Business Edge, Channel Insider, ComputerWorld, TMCNet and Digital Review, and he later led editorial for CTOEdge.com. His reporting and analysis span software development, cloud computing, cybersecurity, IT channel strategy and, more recently, artificial intelligence and DevOps practices. A recognized voice in enterprise IT journalism, Vizard is known for tracking emerging technology trends as they move from early adoption into mainstream enterprise use. He now serves as Chief Content Officer for Techstrong Group, where he oversees editorial strategy across the full network — DevOps.com, Security Boulevard, Cloud Native Now, Digital CxO, Techstrong.ai, TechStrong.IT, Techstrong Semi and PlatformEngineering.com — in addition to writing and hosting content for Techstrong TV and the Techstrong Gang podcast.

    Mike Vizard has 1813 posts and counting. See all posts by Mike Vizard