Sophos, launched new tools to speed up cyber threat detection, this includes advanced Sophos Cloud Workload Protection, which includes new Linux host and container security capabilities.
The latest development will enable the company to accelerate the detection and response of in-progress attacks and security incidents within Linux operating systems. Additionally, it will improve security operations and bolster application performance.
Linux is an open-source operating system that receives requests from programs from other software on the computer and relays these to the computer’s hardware.
According to Joe Levy, chief technology and product officer at Sophos, Linux accommodates application-based risk despite being a secured operating system.
He explained, “Linux environments continue to grow in surface area as organizations around the world increasingly migrate workloads to the cloud. Even though Linux is widely considered to be one of the most secure operating systems, it still harbors inherent and application-based risks and it is not immune to cyberattacks.”
Attackers target Linux hosts and containers as they are highly valued and less protected. The Sophos Cloud Workload Protection on the other hand automates and simplifies the prevention and detection of these attacks on Windows systems. As it provides the same observations and capabilities to Linux operating systems.
The researchers at Sophos explained, From January through March 2022, the distributed denial-of-service (DDoS) tools, cryptocurrency miners and various types of backdoors are the top three types of Linux threats discovered by them.
Nearly half of all Linux malware detections during this time have been due to DDoS tools, likely due to automated attacks that attempted to reinfect the updated servers rapidly and repeatedly.
Additionally, the researchers suggest there has been a rise in ransomware attackers attempting to use tools to target virtual machine hypervisors. With many running on Linux environments, to carry out their attacks.
Sophos Cloud Workload Protection provides powerful and lightweight visibility into on-premise, data center, and cloud-based Linux hosts and containers. As a result of which it manages to secure advanced cyber threats through the integration of Capsule8 technology, which Sophos acquired in July 2021.
The tool focuses on the analytics around attacker tactics, techniques, and procedures (TTPs) to provide cloud-native threat detections, this includes container escapes, crypto miners, Data destruction, and kernel exploits.
Sophos explained Container escapes identify attackers escalating privileges from container access to host while Cryptominners detects behaviors commonly associated with cryptocurrency miners.
It also identifies the Data destruction alerts when an attacker tries to delete indicators of compromise that are part of the ongoing investigation while Kernel exploits highlight if internal functions are being tampered with on a host.
Last but not least the cybersecurity firm said once the threats are detected the Sophos XDR (extended detection and response) assigns risk scores to incidents and provides contextual data. This enables the security analysts as well as the Sophos Managed Threat Response team to streamline investigations and focus on the highest priority incidents. Soon the tool will also be available as a Linux sensor.