DEVOPSdigest

Capsule8 announced the general availability of Capsule8 1.0, a real-time, zero-day attack detection platform capable of scaling to massive production deployments.

Following a successful beta with some of the biggest companies from Wall Street and Silicon Valley, Capsule8 is delivering continuous security across the entire production environment, both containerized and legacy, to detect and shut down attacks as they happen. Lyft, the fastest growing rideshare company in the US, is among the first to use the Capsule8 platform for attack detection.

As organizations modernize their production environments with technologies like cloud, microservices and containers, they face a changing attack surface that conventional security solutions can’t address. And with vulnerabilities such as Meltdown and Spectre, legacy Linux infrastructures are also up against inadequate protection caused by low visibility and poor detection. Capsule8 was built to protect today’s modern production environment and solve the most critical security challenges associated with containerized, virtualized and bare metal infrastructures in a single, scalable solution.

Capsule8 detects and can instantly disrupt attacks in the production environment before the attack takes hold.

Key features of Capsule8 1.0 include:

- Real-time Detection at Scale: Capsule8 utilizes distributed, expert-driven analytics to detect zero-day attacks in real time, reducing an organization’s typical flood of alarms and false positives to a trickle of high value, high context alerts of real attacks. Also, unlike conventional detection approaches that don’t scale, Capsule8 relies on distributed architecture that can scale detection to tens of thousands of nodes – without impacting performance.

- Built for Production: When an organization’s system or network is under heavy load, Capsule8 responds appropriately to ensure overall performance isn’t impacted, all without deploying any kernel modules or high-risk components. Plus, it deploys alongside an organization’s infrastructure, not as a SaaS solution, leaving full control of data to the customer and eliminating the risks of potential dissemination, deletion, or corruption of your data by third parties.

- Intelligent Investigation: Capsule8’s distributed telemetry makes it easy to perform forensic investigations on historical data, without significant impact to network performance or storage.

- Automated Disruption: Capsule8 can go beyond detection and makes it easy for companies to automatically disrupt an attack once detected. For instance, customers can strategically (and automatically) kill attacker connections, restart workloads, or alert an investigator, immediately upon initial detection.

- Support for Cloud Native and Legacy: Capsule8 supports both orchestrated and non-orchestrated workloads. Capsule8 deploys easily in a Kubernetes orchestrated environment through cloud providers such as AWS, GCP or Azure, as well as bare metal environments deployed with your operations tools of choice such as Ansible, Puppet, Chef or SaltStack.

- Easy Third-Party Integration: Capsule8’s API-first approach allows for simple integration with alert management systems, communication tools, SIEMs, orchestration tools and big data stores allowing security teams to monitor activity using the tool of their choice.

“Production environments most often hold an organization’s most valuable assets, yet they are the most vulnerable to the industry’s worst attacks. The security industry has been unable to effectively detect attacks at the scale required for production environments — until now,” said John Viega, co-founder and CEO, Capsule8. “Capsule8 1.0 was built to protect today’s modern production environments and solve the challenge of detecting — and even shutting down — zero-day attacks within both containerized and legacy Linux infrastructures. We are blown away by the customer traction we are already seeing and truly humbled by the caliber of companies, like Lyft, turning to us to solve this critical problem.”