Performance-tuned Linux API protection
Credit to Author: Rich Beckett| Date: Thu, 26 May 2022 13:00:32 +0000
Today, we’re proud to launch another major advancement to Sophos Cloud Workload Protection: new Linux and container security capabilities available via API to integrate with your SecOps and DevOps systems.
Performance without friction
When uptime is your number one requirement, security tools must be lightweight and integrate into your existing workflows to prevent risk and optimize application performance.
For agile organizations with an expanding production environment, achieving that balance while getting comprehensive protection is no easy task – especially if you’re running an increasingly dispersed technology stack which may include physical servers, virtual machines, and containers, deployed on-premises or in the cloud.
Enter Sophos’ new Linux Sensor, which is able to proactively detect sophisticated attacks across your entire Linux production environment, pointing you to the true attacks that require attention. It maximizes uptime and avoids overloaded hosts – problems that are caused by traditional security tools.
Multiple deployment options
Pre-announced in early April 2022, Sophos Linux and container security enhancements now provide multiple deployment options. The first: a lightweight agent managed from the Sophos Central management console; and now the Linux Senor, fine-tuned to provide runtime detections and ideal for highly latency-sensitive workloads.
Sophos Central management
This lightweight Linux agent gives security teams the critical information they need to investigate and respond to suspicious behavior, exploits, and malware threats in one place. Monitoring the Linux host, this deployment option allows teams to manage all their Sophos solutions from a single pane of glass, seamlessly moving between threat hunting, remediation, and management.
New API integration
The Sophos Linux Sensor is a highly flexible deployment option that is fine-tuned for performance. It uses APIs to integrate rich runtime threat detections, in host or container environments, with your existing threat response tools.
Providing access to the full set of runtime detections, including additional detections for application and system exploitation, the sensor delivers a greater level of control that’s ideal for teams needing the granularity to create custom rule sets containing only those runtime behavioral detections necessary to meet a specific security monitoring use case.
A sample of Sophos Linux and container detections include:
- Container escapes: Identifies attackers escalating privileges from container access to move across to the container host
- Cryptominers: Detects program names or arguments commonly associated with cryptocurrency miners
- Data destruction: Alerts that an attacker may be trying to delete indicators of compromise that are part of an ongoing investigation
- Kernel exploits: Highlights if internal kernel functions are being tampered with on a host
Easy integration with existing SecOps and DevOps systems
The Sophos Linux Sensor was designed with flexibility in mind to make it easy for customers to consume host and container behavioral and exploit runtime detections alert data in a way that fits in naturally with existing workflows.
The API makes it simple to integrate that data into your existing SecOps and DevOps systems, tools, and processes. This includes SIEMs like Splunk, or sending alerts using a webhook to Amazon S3, Amazon Simple Queue Service, Google Cloud Storage, ELK, and Azure Storage to be picked up for analysis.
For those who want a management console with integrated threat hunting, investigation, and remediation capabilities built in, there’s the Sophos Linux agent. This enables customers to manage protection from Sophos Central, our single management console that unifies Sophos’ range of hybrid-cloud security platform capabilities.
This includes Sophos Cloud Workload Protection, Sophos Cloud Security Posture Management, Kubernetes security posture management, container image scanning, infrastructure-as-code scanning, cloud infrastructure entitlements management, and cloud spend monitoring to ensure visibility, security, and compliance.
To find out more and try Sophos Cloud Workload Protection free for 30 days, visit sophos.com/cwpp today.
For existing customers looking to activate the Linux Sensor, contact sophoslinuxsensor@sophos.com to get started.