Products and Services PRODUCTS & SERVICES

Accelerate your Linux and container security

Announcing powerful and lightweight new Linux and container security capabilities from Sophos.

Today, we’re proud to unveil major advancements to Sophos Cloud Workload Protection.

Available with Sophos Intercept X Advanced for Server with XDR, these new features provide organizations with visibility into Linux host and container workloads, accelerating the identification of exploits and anomalous behaviors before they get a foothold.

Through the integration of technology from Capsule8, which was acquired by Sophos in July of 2021, Sophos Cloud Workload Protection can now identify attacks as they happen within Linux operating systems.

This is achieved by leveraging analytics around attacker behavior, from initial access (including application and system exploitation) to privilege escalation, defense evasion, data collection, exfiltration, and many others.

It provides powerful and lightweight visibility into on-premises, data center, hybrid, and multi-cloud Linux hosts and containers – securing them from advanced cyberthreats.

Securing Linux infrastructure

Whether your organization is running infrastructure in the cloud or datacenter, host, and container, Sophos protects Linux infrastructure now and as it evolves, with high impact workload protection and low impact on performance.

It’s ideal for SOC teams that need powerful threat hunting and remediation capabilities and DevSecOps teams that need deep insight into their mission-critical workloads.

We will provide multiple deployment options. The first is a lightweight agent, which is available today and is managed from Sophos Central – a single management console to seamlessly move between threat hunting, remediation, and management.

A Linux threat sensor fine-tuned for performance will soon follow, using APIs to integrate runtime threat detections into your existing threat response tools and providing maximum visibility of workloads with minimal impact on performance.

A sample of Sophos cloud-native detections include:

  • Container escapes: Identifies attackers escalating privileges from container access to move across to the container host
  • Cryptominers: Detects program names or arguments commonly associated with cryptocurrency miners
  • Data destruction: Alerts that an attacker may be trying to delete indicators of compromise that are part of an ongoing investigation
  • Kernel exploits: Highlights if internal kernel functions are being tampered with on a host

Minimize your time to respond to Linux threats

All behavioral and exploit runtime detections are immediately funneled into the Sophos XDR data lake. Each host and container threat detections are automatically converted into an investigation, with an AI-prioritized risk score for each detection.

Scores are then color-coded by risk level, enabling security teams to quickly identify where they should focus to increase efficiency. Integrated Live Response further establishes a secure command line terminal to hosts for rapid remediation.

Helping organizations stay ahead of the threat-behavior curve, Sophos Managed Threat Response, the Sophos MDR service, can work in partnership with your in-house security teams or Sophos MSPs, monitoring your on-premises or cloud environments 24/7/365 to respond to Linux security incidents before attackers can get a foothold.

Secure your cloud growth

Sophos Cloud Workload Protection seamlessly integrates with the Sophos Adaptive Cybersecurity Ecosystem, which underpins the entire Sophos portfolio of solutions.

It connects Sophos’ range of Cloud Native Security Platform capabilities, including cloud workload protection, Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), container image scanning, Infrastructure-as-Code scanning, Cloud Infrastructure Entitlements Management (CIEM), and cloud spend monitoring to maintain visibility, security, and compliance to meet your evolving needs.

Whether you’re running infrastructure on premises, in the cloud, or datacenter, host, and container, Sophos secures applications and data across your entire hybrid cloud footprint from a single console with one flexible agent.

To find out more and try Sophos Cloud Workload Protection free for 30 days, visit


Leave a Reply

Your email address will not be published. Required fields are marked *