Sophos breaks new ground in protecting high-impact cloud workloads with new Linux and container security offerings

Sophosa global leader in next-generation cybersecurity, today unveiled advancements for Sophos Cloud Workload Protectionincluding new Linux host and container security features.

These enhancements accelerate detection and response to ongoing attacks and security incidents within Linux operating systems, improve security operations, and boost application performance.

According to a new study from SophosLabs, Distributed Denial of Service (DDoS) tools, cryptocurrency miners and various types of backdoors were the top three types of Linux threats detected by Sophos in a dataset from January to March. 2022.

DDoS tools accounted for nearly half of all Linux malware detections during this time, likely due to automated attacks attempting to quickly and repeatedly re-infect updated servers.

SophosLabs has also detected a recent increase in the number of ransomware attackers attempting to use tools targeting virtual machine hypervisors, many of which run on Linux environments, to carry out their attacks.

“Linux environments continue to grow on the surface as organizations around the world increasingly migrate their workloads to the cloud. Even though Linux is widely regarded as one of the most secure operating systems, it still harbors inherent and application-based risks and it is not immune to cyberattacks,” said Joe Levy, chief technology and product officer at Sophos.

Image of the Sophos XDR1 detections dashboard
Images of the sophos xdr detections dashboard

“Attackers target Linux hosts and containers because they are high value and often underprotected. Sophos Cloud Workload Protection already automates and simplifies the prevention and detection of these attacks on Windows systems, and now Sophos provides the same insights and capabilities to Linux operating systems.

Securing the Linux infrastructure

Thanks to the integration of Capsule8 technology, which Sophos acquired In July 2021, Sophos Cloud Workload Protection provides powerful, lightweight visibility into Linux hosts and containers on-premises, in data centers and in the cloud, securing them against advanced attacks. cyber threats.

It leverages analysis of attackers’ tactics, techniques, and procedures (TTPs) to provide cloud-native threat detections, including:

  • Container evasions: identifies attackers who elevate container access privileges to hosts
  • Cryptominers: Detects behaviors commonly associated with cryptocurrency miners
  • Data destruction: alert that an attacker may be trying to delete indicators of compromise that are part of an ongoing investigation
  • Kernel exploits: highlights if internal kernel functions are tampered with on a host

Once the threats are detected, SophosXDR (extended detection and response) assigns risk scores to incidents and provides contextual data that enables security analysts as well as the Responding to threats managed by Sophos team to streamline investigations and focus on the highest priority incidents.

The built-in live response further establishes a secure command line terminal to hosts for quick remediation.

Sophos Cloud Workload Protection integrates seamlessly with Sophos Adaptive Cybersecurity Ecosystemthat underpins the entire Sophos solutions portfolio.

The intelligent ecosystem unifies the feature set of Sophos’ cloud-native security platform, including Sophos Cloud Workload Protection, Sophos Cloud Security Posture ManagementKubernetes security posture management, container image scanning, infrastructure-as-code scanning, cloud infrastructure entitlement management, and cloud spend monitoring, to ensure visibility, security and compliance.


Sophos Cloud Workload Protection is now available with Sophos Intercept X Advanced for Server with XDR and Responding to threats managed by Sophosand is managed in cloud native Sophos Center Platform.

It can be deployed as a single-agent solution ideally suited for security operations teams, providing flexible and lightweight protection with optimized resource limits, without deploying a kernel module.

Sophos Cloud Workload Protection will also soon be available as a Linux sensor. Ideally suited for DevSecOps and Security Operations Center (SOC) teams requiring in-depth knowledge of critical workloads with minimal performance impact, the Linux Sensor will provide API integration into existing automation solutions, orchestration, log management, and incident response.

Featured image showing the Sophos XDR forensics dashboard

Don’t miss the important articles of the week. Subscribe to weekly digest for updates.

About Jon Moses

Check Also

Secure your home assistant installation with a free SSL certificate

Available for Windows, macOS and Linux systems (including Raspberry Pi), the open source Home Assistant …