Sophos presented some important news for its solution Sophos Cloud Workload Protection, including Linux host and container security features.
These innovations accelerate the detection and neutralization of ongoing attacks and security incidents that affect Linux operating systems, improve IT security management, and optimize application performance.
According to new research by SophosLabs, DDoS (Distributed Denial of Service) tools, cryptocurrency miners and various types of backdoors are the top three types of Linux threats detected by Sophos in a dataset covering the period from January to March 2022.
DDoS tools account for nearly half of all Linux malware intercepted in this period, possibly due to automated attacks that attempt to quickly and repeatedly reinfect updated servers.
SophosLabs has also seen a recent increase in the number of ransomware cybercriminals relying on tools targeting virtual machine hypervisors, many of which are located in Linux environments.
As pointed out in an official note from the Joe Levy, Sophos Chief Technology and Product Officer: «The surface area of Linux environments continues to grow as companies around the world move more and more workloads to the cloud. While Linux is widely considered to be one of the most secure operating systems, it is not without application-related risks and is not immune to cyberattacks. Attackers target Linux containers and hosts because they are of great value and are often poorly secured. Sophos Cloud Workload Protection, which already automates and simplifies the prevention and detection of these attacks on Windows systems, now offers the same functionality and observation capabilities on Linux operating systems.“.
Securing Linux Infrastructure
Thanks to the integration of Capsule8 technology, which Sophos acquired As of July 2021, Sophos Cloud Workload Protection provides effective visibility into Linux containers and hosts residing on-premises, in the data center or in the cloud, protecting them from cyber threats advanced.
The solution applies analytical techniques to the TTPs (Tactics, Techniques and Procedures) underlying the attacks to detect threats in the cloud, such as:
- Container Invasion: Identifies attackers trying to increase access privileges to move from containers to hosts
- cryptominer– Detects behaviors commonly associated with cryptocurrency miners
- data destruction– Warns you when an attacker may attempt to clear indicators of compromise that are part of an ongoing investigation
- kernel exploration– Highlights attempts to tamper with a host’s kernel functions
Once threats are detected, Sophos XDR (extended detection and response) assigns a risk score to incidents and provides contextual data that allows expert analysts and staff to Sophos Managed Threat Response to streamline investigations and focus on priority incidents. Built-in Live Response opens a secure command-line terminal on the host for quick troubleshooting.
Sophos Cloud Workload Protection integrates seamlessly with Sophos Adaptive Cybersecurity Ecosystemthe cornerstone of the entire Sophos solutions portfolio.
This intelligent ecosystem unifies the full range of features of Sophos’ cloud-based security platform, including Sophos Cloud Workload Protection, Sophos Cloud Security Posture Management, Kubernetes security posture management, container image scanning, infrastructure code scanning such as environment, cloud infrastructure assignment management, and cloud cost tracking to ensure visibility, security, and compliance.
The Sophos Cloud Workload Protection solution is now available with Sophos Intercept X Advanced for Server, with XDR AND Sophos Managed Threat Response, and is managed within the cloud-native platform Central Sophos.
The solution can be deployed as a single agent, ideal for teams responsible for security operations, providing flexible, lightweight protection with optimized resource limits without the need to install kernel modules.
Sophos Cloud Workload Protection will soon also be available as a Linux sensor. Particularly suited to Security Operations Center (SOC) and DevSecOps teams that need detailed insights into mission-critical workloads with minimal performance impact, Sensor Linux will provide API integration with existing automation, orchestration solutions, log management, and incident response.