Attack detection is an important focus in microservice environments like Lyft’s, where expected host behavior can vary across server fleets. Capsule8’s architecture and detection capabilities are impressive and align perfectly with the need for a low-overhead, real-time alerting solution which evolves as attackers do.


See How Capsule8 Works

Learn how Capsule8 protects Linux production environments with its bare metal, virtual machine and container security platform.

Why Capsule8?

Capsule8 liberates SecOps from managing a high volume of manual tasks, while being safe for even the busiest workloads, on the busiest networks.



Real-Time Attack Protection for Linux Production

Distributed, streaming analytics combined with high-fidelity data detects and responds to attacks the instant they’re attempted.

Detection Force Multiplier

Continuous updates by a team of security experts ensures you’re covered for the latest zero-day attacks.

Low Volume, High Value Data

Relevant, contextual information makes it easy to perform investigations that determine why alerts fire, and what happens after an attack lands.

Automated Response

Strategically (and automatically) kill attacker connections, restart workloads, or immediately alert an investigator upon initial detection.


No Kernel Module Needed

Capsule8 runs outside the operating system’s kernel and collects kernel-level data without the need of a kernel module.

Resource Limiter

A resource limiter enforces hard limits to system CPU, disk and memory, with an intelligent load-shedding strategy.

Distributed Analytics

A distributed approach to analytics pushes computation as close to the data as possible.

Single Agent

A single static Go binary is easy to install and to update through standard orchestration mechanisms. And it works on-premise, in the cloud, or in a hybrid environment.

Safe for Ops

Performs across even the most demanding and complex Linux production environments.

RSA Innovation Sandbox 2019

Watch CEO and Co-Founder John Viega’s RSA Innovation Sandbox presentation as a top 10 finalist at this year’s RSA Conference.

You Think That’s Air You’re Breathing?

What seemed lost in this (runc) hype is that the ability to escape containers is not confined to a one-off vulnerability in container management programs or orchestrators.

Capsule8 Expands Threat Detection Platform for PCI DSS

Capsule8 now integrates capabilities that meet multiple requirements of the PCI DSS data security standard, including file integrity monitoring, intrusion prevention and antivirus.