Sophos Buys Intel-backed Capsule8 To Bolster Enterprise Linux Systems

‘We will provide this industry-leading capability and strategically important visibility and detection by combining Capsule8 with our Adaptive Cybersecurity Ecosystem products and services, greatly enhancing the ability to find and eliminate suspicious activity before it becomes malicious,’ says Dan Schiappa, chief product officer for Sophos.


Sophos announced Wednesday that it has acquired Intel-backed Capsule8 to help expand detection and response solutions for underprotected and underserved server and cloud environments running Linux systems.

New York-based Capsule8 drives development of Linux security, which has become the dominant operating system for on-premise and cloud workloads, especially those used for high-scale workloads, production infrastructure and storing critical business data.

“Capsule8 provides very advanced Linux protection,” Dan Schiappa, chief product officer for Sophos, told CRN. “That’s an area that’s pretty weak in the industry, which is one of the reasons why we’re excited about the acquisition. That's an entry point. Sophos already protects more than two million servers for over 85,000 customers worldwide, and the Sophos server security business is growing at more than 20 percent per year.”

Sponsored post

Terms of the deal were not disclosed.

Abingdon, U.K.-based Sophos expects to implement Capsule8 technology into its recently launched Adaptive Cybersecurity Ecosystem (ACE) as well as its XDR solutions, Intercept X server protection products, and Sophos MTR and Rapid Response services later this fiscal year. The technology will further expand and enhance Sophos’ data lake and deliver intelligence and advanced threat hunting, security operations and customer protection practices.

[Related: 5 Big Things To Know About The Synnex Hack]

“Comprehensive server protection is a crucial component of any effective cybersecurity strategy that organizations of all sizes are increasingly focused on, especially as more workloads move to the cloud,” Schiappa said. “With Capsule8, Sophos is delivering advanced, differentiated solutions to protect server environments and expanding its position as a leading global cybersecurity provider.”

“Capsule8 is the premiere purpose-built detection and response platform for Linux,” said John Viega, CEO, Capsule8. “We provide security teams with the crucial visibility they need to protect Linux production infrastructure against unwanted behavior, while at the same time addressing cost, performance and reliability concerns. With Capsule8’s technology, organizations are no longer forced to choose between system stability and security risk. Given the growth and mission-critical nature of Linux environments, and the fast-changing, targeted threat landscape, organizations must be confident that their Linux environments are both performant and secure.”

SophosLabs threat intelligence continues to reveal that adversaries are designing tactics, techniques, and procedures (TTPs) aimed specifically at Linux systems, many times exploiting server software as an initial entry point.

“There‘s a bunch of things that we see within SophosLabs that are still surprising to us,” Schiappa said. “We still see too many companies that have services open to the internet without proper authentication capabilities, like remote desktop protocol.

“Attackers today are incredibly aggressive and nimble as they adapt their TTPs to focus on the easiest, largest or fastest-growing opportunities,” he added. “As more organizations shift to Linux servers, adversaries have noticed, and they are adapting and customizing their approaches to attack these systems. To stay protected, organizations must factor in a strong, but lightweight layer of Linux security that automatically integrates and shares intelligence with endpoint, network and other security layers and platforms within an estate.”

Capsule8 has 34 employees and has raised a total of $30 million in funding, according to Crunchbase. The company in 2019 said it raised a “multimillion-dollar investment” from Intel Capital and existing investors ClearSky Security and Bessemer Venture Partners.