Capsule8 announced the general availability of Capsule8 1.0, a real-time, zero-day attack detection platform capable of scaling to massive production deployments.
As organizations modernize their production infrastructure with technologies like cloud, microservices and containers, they face a changing attack surface that conventional security solutions can’t address. And with vulnerabilities such as Meltdown and Spectre, legacy Linux environments such as bare metal and virtual infrastructures are also up against inadequate protection due to low visibility and poor detection. Capsule8 was built to protect today’s modern production environment and solve the most critical security challenges associated with both containerized and legacy Linux infrastructures in a single, scalable solution.
“Attack detection is an important focus in microservice environments like Lyft’s, where expected host behavior can vary across server fleets. Capsule8’s architecture and detection capabilities are impressive and align perfectly with the need for a low-overhead real-time alerting solution which evolves as attackers do,” said James Addison, senior security engineer at Lyft. “We’re glad to see Capsule8 pushing the boundaries of attack detection.”
Capsule8 detects and can instantly disrupt attacks in the production environment before the attack takes hold. Key features of Capsule8 1.0 include:
Real-time detection at scale
Capsule8 utilizes distributed, expert-driven analytics to detect zero-day attacks in real time, reducing an organization’s typical flood of alarms and false positives to a trickle of high value, high context alerts of real attacks. Also, unlike conventional detection approaches that don’t scale, Capsule8 relies on distributed architecture that can scale detection to tens of thousands of nodes – without impacting performance.
Built for production
When an organization’s system or network is under heavy load, Capsule8 responds appropriately to ensure overall performance isn’t impacted, all without deploying any kernel modules or high-risk components. Plus, it deploys alongside an organization’s infrastructure, not as a SaaS solution, leaving full control of data to the customer and eliminating the risks of potential dissemination, deletion, or corruption of your data by third parties.
Capsule8’s distributed telemetry makes it easy to perform forensic investigations on historical data, without significant impact to network performance or storage.
Capsule8 can go beyond detection and makes it easy for companies to automatically disrupt an attack once detected. For instance, customers can strategically (and automatically) kill attacker connections, restart workloads, or alert an investigator, immediately upon initial detection.
Support for cloud native and legacy
Capsule8 supports both orchestrated and non-orchestrated workloads. Capsule8 deploys as easily in a Kubernetes orchestrated environment through cloud providers such as AWS, GCP or Azure, as well as bare metal environments deployed with your operations tools of choice such as Ansible, Puppet, Chef or SaltStack.
Capsule8’s API-first approach allows for simple integration with alert management systems, communication tools, SIEMs, orchestration tools and big data stores allowing security teams to monitor activity using the tool of their choice.
“Production environments most often hold an organization’s most valuable assets, yet they are the most vulnerable to the industry’s worst attacks. The security industry has been unable to effectively detect attacks at the scale required for production environments — until now,” said John Viega, co-founder and CEO, Capsule8. “Capsule8 1.0 was built to protect today’s modern production environments and solve the challenge of detecting — and even shutting down — zero-day attacks within both containerized and legacy Linux infrastructures. We are blown away by the customer traction we are already seeing and truly humbled by the caliber of companies, like Lyft, turning to us to solve this critical problem.”