Sophos introduces new security features for Linux cloud hosts.
Sophos announces some news related to its solution “Cloud Workload Protection”, including new security features for Linux hosts and containers. These improvements accelerate detection and response to ongoing attacks and security incidents on Linux operating systems, while improving operations and application performance.
According to new research from SophosLabs, Distributed denial-of-service (DDoS) tools, cryptominers, and various types of backdoors were the top three types of Linux threats detected by the company in a dataset collected between January and March 2022. DDoS tools were considered for nearly half of Linux malware detections during the period, due to automated attacks that attempted to quickly and repeatedly reinfect updated servers. In the study, SophosLabs also noted a recent increase in ransomware attackers attempting to use tools targeting virtual machine hypervisors to carry out attacks, largely executed in Linux environments.
“The surface area of Linux environments continues to grow as enterprises around the world migrate more and more workloads to the cloud. While Linux is widely considered to be one of the most secure operating systems, it is not free from application risks and is not immune to cyberattacks.” said Joe Levy, chief technology and product officer at Sophos. “Attackers target Linux containers and hosts because they are highly valuable and often poorly protected. Sophos Cloud Workload Protection, which already automates and simplifies the prevention and detection of these attacks on Windows systems, now brings the same functionality and observation capabilities to Linux operating systems as well.”
Sophos Cloud Workload Protection now keeps Linux hosts safe
Through the integration of Capsule8 technology, acquired by Sophos in July 2021, Sophos Cloud Workload Protection offers unobtrusive yet powerful visibility on cloud-based Linux hosts and containers and data centers, protecting them from advanced cyberthreats. The solution relies on attacker tactics, techniques, and procedures (TTP) analysis to provide cloud-native threat detections, including:
- Trespassing by containers: Identify attackers trying to escalate access privileges to switch from containers to hosts
- Cryptominers– Detects behaviors commonly associated with cryptocurrency miners
- Data destructionWarns when an attacker might try to delete indicators of compromise that are part of an ongoing investigation
- Kernel exploits: Highlight attempts to tamper with a host’s kernel functions
When threats are detected, Sophos Extended Detection and Response (XDR) assigns risk alerts to incidents and provides contextual data that empowers security analysts, as well as the Sophos Managed Threat Response team. This allows you to streamline investigations and focus on cases with the highest priority. Built-in Live Response also establishes a secure command-line terminal for hosts to provide a quick solution.
Sophos Cloud Workload Protection integrates seamlessly with the Sophos Adaptive Cybersecurity Ecosystem, which underpins the entire Sophos portfolio of solutions.
Sophos Cloud Workload Protection is available via Sophos Intercept X Advanced for Servers with XDR and Sophos Managed Threat Response and is managed on the cloud-native Sophos Central platform. It can be deployed as a single-agent solution, ideal for security operations teams, and offers lightweight, flexible protection with optimized resource limits, without having to implement a kernel module. Sophos Cloud Workload Protection will also soon be available as a Linux sensor.