Sophos this week announced it has acquired Capsule8, a provider of tools for securing runtimes on Linux servers and container platforms, as part of an effort to expand its current focus beyond Windows security.
Dan Schiappa, chief product officer for Sophos, says early next year the Capsule8 platform will be integrated with the Sophos management console that is at the heart of the adaptive cybersecurity ecosystem (ACE) that Sophos recently launched.
Sophos will also integrate the Capsule8 security platform with the rest of its security portfolio, including extended detection and response (XDR), Intercept X server protection tools and Sophos managed threat response (MTR) and rapid response services.
Schiappa says as organizations increasingly seek to consolidate security, they are looking to invest in platforms to automate security management across both Windows and Linux environments. Capsule8 provides the runtime for Linux and containers that will enable Sophos to achieve that goal, Schiappa adds.
In the longer term, Sophos will employ the technology developed by Capsule8 to secure Windows environments that are also being used to run containerized applications, notes Schiappa.
Capsule8 CEO John Viega says managing security is becoming more challenging as organizations deploy containerized applications on Linux servers. In many cases, developers assume that containers, which will only run for a few seconds, are not likely to compromised. In reality, however, Viega notes it only takes a few seconds for cybercriminals these days to gain a toehold in a container environment which they can later exploit more fully. A somewhat innocuous cryptojacking attack that remotely spins up containers to mine for cryptocurrencies is likely to be only the first incursion, notes Viega. It’s only a matter of time before that exploit is used to deliver more lethal forms of malware, adds Viega.
Containerized applications still make up a relatively small percentage of the applications deployed by organizations in a production environment, but the rate at which containers are being deployed is starting to attract more attention from cybersecurity professionals. In the wake of a series of high-profile software supply chain breaches, many cybersecurity professionals are now asked to conduct security reviews. In some cases, they are encountering containers that developers have deployed in production environments for the first time. Constructing a DevSecOps workflow that ensures containers in production environments are secure is, in most cases, still a work in progress.
In the meantime, savvy DevOps teams are conducting security reviews on their own rather than waiting on security teams to do so. DevOps teams, after all, are more likely to be sensitive to the need to secure software supply chains without slowing down the rate at which applications are built and deployed. Security teams, conversely, tend to be much more focused on processes that ensure, with as much certainty as possible, that there won’t be unpleasant security issues regardless of the impact that has on developer productivity. The challenge—and the opportunity—is for both teams to meet in the middle.