Sophos Acquires Capsule8 for Linux Server & Container Security

The deal was announced the same day ZeroFox bought Dark Web intelligence firm Vigilante as a wave of security M&A continues.

Dark Reading Staff, Dark Reading

July 8, 2021

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Sophos has confirmed its acquisition of Capsule8 in a transaction it says will expand its lineup of detection and response products for server and cloud environments. Terms of the deal were not disclosed.

Capsule8's technology provides visibility, detection, and response for Linux production servers and containers both on-premises and in the cloud. The New York-based company was founded in 2016 and has so far raised $30 million in funding, its latest a Series B, Crunchbase reports.

Linux is now the dominant operating system for server workloads, and attackers are taking advantage with techniques designed for Linux systems, Sophos officials wrote in a release. The company is planning the integration of Capsule8 technology into its Adaptive Cybersecurity Ecosystem (ACE), and it plans to include the new tech into its XDR products, Intercept X server protection tools, and Sophos Managed Threat Response (MTR) and Rapid Response services.

"Capsule8 technology will provide new Linux telemetry and event information, further enhancing Sophos' data lake with additional context for advanced threat hunting, security operations and customer protection practices," Sophos wrote in a statement.

On the same day Sophos confirmed its acquisition of Capsule8, ZeroFox announced plans to buy Dark Web threat intelligence company Vigilante. This marks ZeroFox's second acquisition in nine months following its purchase of managed threat intelligence provider Cyveillance.

The combined ZeroFox and Vigilante platform will provide capabilities including breach intelligence and response, botnet exposure monitoring and historical botnet logs, and data on compromised credentials, infected and vulnerable hosts, and attackers and indicators of compromise. Its researchers and operatives perform threat monitoring to warn of, and help prioritize, threats.

Vigilante's team of operatives and analysts will be integrated with ZeroFox following the deal.

Read the Sophos blog post and ZeroFox announcement for more details.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights