Sophos this week announced the acquisition of Capsule8, a provider of tools to secure runtime environments on Linux servers and container platforms, as part of an effort to extend its current focus to beyond Windows security.
Sophos chief product officer Dan Schiappa said early next year that the Capsule8 platform will be integrated with the Sophos management console, which is at the heart of the adaptive cybersecurity (ACE) ecosystem that Sophos has recently launched.
Sophos will also integrate the Capsule8 security platform with the rest of its security portfolio, including Extended Detection and Response (XDR), Intercept X server protection tools, and Managed Threat Response (MTR) services. and rapid response from Sophos.
Schiappa says that as organizations increasingly look to consolidate security, they are looking to invest in platforms to automate security management in Windows and Linux environments. Capsule8 provides the runtime for Linux and the containers that will enable Sophos to achieve this goal, adds Schiappa.
In the longer term, Sophos will use technology developed by Capsule8 to secure Windows environments which are also used to run containerized applications, notes Schiappa.
Capsule8 CEO John Viega says security management is becoming increasingly difficult as organizations deploy containerized applications on Linux servers. In many cases, developers assume that containers, which will only run for a few seconds, are not at risk of being compromised. In reality, however, Viega notes that today it only takes a few seconds for cybercriminals to gain a foothold in a container environment that they can then exploit more fully. A somewhat harmless cryptojacking attack that remotely spins containers to be mined for cryptocurrencies will likely only be the first foray, Viega notes. It is only a matter of time before this exploit is used to deliver more lethal forms of malware, Viega adds.
Containerized applications still represent a relatively small percentage of applications deployed by organizations in a production environment, but the pace at which containers are deployed is starting to gain more attention from cybersecurity professionals. Following a series of high-profile software supply chain breaches, many cybersecurity professionals are now being asked to perform security reviews. In some cases, they come across containers that developers have deployed to production environments for the first time. Building a DevSecOps workflow that ensures container security in production environments is, in most cases, still a work in progress.
In the meantime, savvy DevOps teams perform security reviews themselves rather than waiting for security teams to do so. After all, DevOps teams are more likely to be sensitive to the need to secure software supply chains without slowing down the speed at which applications are created and deployed. Security teams, on the other hand, tend to focus much more on processes that ensure, with as much certainty as possible, that there will not be unpleasant security issues, regardless of the impact. that this has on the productivity of developers. The challenge – and the opportunity – is for the two teams to meet in the middle.