Sophos lets customers scan container images for malware

Get a free Techzine subscription!

Sophos has announced a new update to its Cloud Optix service. The software is now able to scan containers for threats.

With the new version of Sophos Cloud Optix, container images can be scanned for operating system vulnerabilities. This can be done both before and after deployment. The software also comes with ways to resolve any vulnerabilities as quickly as possible, Richard Becket, senior product marketing manager for public clouds at Sophos, told Container Journal.

Supported platforms

Cloud Optix can handle containers in Amazon Elastic Container Registries (ECR), Microsoft Azure Container Registries (ACR) Docker Hub registries, Bitbucket, GitHub and images in build pipelines. In the latter case, developers can use the Cloud Optix API.

Centralised management

As IT becomes more complex, organisations are increasingly relying on cloud platforms to manage their cybersecurity, says Becket. This makes it easier to manage cybersecurity centrally across multiple platforms and allows cybersecurity teams to work anywhere.

Cryptojacking

According to Container Journal, the majority of compromised containers today are victims of cryptojacking. This involves attackers running a cryptominer on a container in the background, while the usual tasks continue. Many IT professionals consider this a victimless crime, as the impact on the infected system is kept to a minimum. Nevertheless, it is a worrying development, as it indicates that attackers are becoming increasingly adept at attacking container environments.

Tip: Sophos sees a golden future in Managed Services model