Security Gaps in the Digital Transformation Journey
January 14, 2021
In a recent webinar produced in partnership with 451 Research, part of S&P Global Market Intelligence, Kelly Shortridge and Fernando Montenegro discussed the elements necessary for security teams to better engage with DevOps. But to realize that kind of transformation, context is needed. Digital transformation is a holistic process. It’s a journey that every organization […]
Our Top Linux Security Posts of 2020
December 21, 2020
Throughout the year, the Capsule8 blog discussed many of the pressing issues and challenges faced by organizations in a rapidly-shifting security environment. We’ve collected the top eight blog posts written in that time and summarized them all below for easy reference.
From Catastrophe to Chaos in Production
December 1, 2020
Production is the remunerative reliquary where we can realize value from all of this software stuff we wrangle day in and day out. As has been foretold from crystal balls through to magic eight balls, the deployment and operation of services in production is increasingly the new engine of business growth, and few industries are […]
Put Us In Coach – Cloud Security is a Team Sport
November 20, 2020
Recently Fernando Montenegro of 451 Research, part of S&P Global Market Intelligence, released a new thought leadership report, “Cloud Security is a Team Sport,”* (*Login required) that breaks down the need for collaboration and teamwork when tackling cloud security in two key areas: Within the vendor community, highlighting the need for collaboration between cloud service […]
Capsule8 Enhances Linux Protection for Production Infrastructure
November 2, 2020
The growth of Linux environments powering commercial organizations is rapid, especially as more workloads are migrated to the cloud. Attackers are targeting Linux systems with tactics built specifically for them, not copy-and-paste versions of Windows attacks, presenting a challenge for many businesses that have yet to fully understand or mitigate the risk. At Capsule8, we […]
An Introduction to Container Escapes
October 8, 2020
“‘ESS-ca-pay’… that’s funny, it’s spelled just like the word ‘escape’!”-A famous fish with ephemeral memory Containers are more popular than well-understood. Container escapes are even less understood. This post is intended to solve the latter issue and demystify the heretofore arcane art of container escapology, even for people who feel confused by containers or uneducated […]
aka AK: Capsulator Adrian Kwak
September 25, 2020
According to Capsule8 Product Manager and Console Designer Adrian Kwak (aka AK), a common misperception of her role is that she “makes websites pretty.” Since joining the team a year ago, AK has been a huge part of our product team and while we at Capsule8 know her contributions far exceed that simple definition, it […]
Q&A: Secure Cloud Migration During a Crisis
September 24, 2020
Back in July, Capsule8’s Chief Product Officer, Rob Harrison, chatted with guest speaker Andras Cser, vice president and principal analyst at Forrester Research, about how security considerations for a cloud migration have changed over the past few months and how future trends change risk when adopting accelerating strategies. The evolving technology landscape can already make […]
Top 3 Security Problems Caused by Rogue Developers
September 17, 2020
The Road to Fail is Paved with Good Intentions Security vulnerabilities are often a top concern for security teams.  But when it comes to defending production systems, it’s not about bugs. There are a number of seemingly innocent developer behaviors that can wreak as much, if not more, havoc — or even worse, take an […]
HR-You Ready?: Capsulator King Krompicha
September 10, 2020
One of the first people you’ll meet when you apply for a job at Capsule8 is our wonderful Director of Human Resources, King Krompicha. King joined our team one year ago after leading the tech recruiting efforts at Harry’s, a direct-to-consumer goods company, and has made a huge impact on not only human resources, but […]
Capsule8 named CB Insights Cyber Defender for 2020
September 3, 2020
The folks at CB Insight recently released a new report, “Cyber Defenders 2020” where they highlight what they consider emerging cybersecurity trends for 2020 and recognize the startups they believe will shape the space in the coming year. The report discusses vendors in a number of categories, including Anomalous Behavior Detection, Third-Party Risk Management, and […]
SOC 2 Compliance Playbook for Cloud Native
August 19, 2020
Part 2: SOC 2 Type 1 MVP Playbook Click here to read Part 1: From Monster to Mascot Of the SOC 2 principles (criteria) of security, availability, process integrity, confidentiality, and privacy, you can choose which principles to include in your SOC 2 audit but security must be included in any MVP SOC 2 audit. […]
Compliance in a Cloud Native World
August 12, 2020
Part 1: From Monster to Mascot How did a fairly straightforward endeavor – an IT audit – become that monster under the bed?  Compliance projects all too often feel a massive box checking exercise. You may be pulling staff and co-workers into a vast abyss, mapping arcane compliance controls, deciphering audit speak, all to hopefully […]
Black Hat Preview: Uncommon Sense
August 3, 2020
Detecting Exploits with Novel Hardware Performance Counters and ML Magic The end of July usually comes with a bit more preparation involving updating your software, encrypting your devices, buying a burner phone, and so on, as the infosec community prepares to descend down onto the Las Vegas strip for Black Hat and Defcon. While the […]
Grubbing Secure Boot the Wrong Way: CVE-2020-10713
July 29, 2020
Today, researchers at Eclypsium disclosed a buffer overflow vulnerability in GRUB2, CVE-2020-10713, affectionately termed “Boothole.” It basically results in a total pwn of Secure Boot in systems using GRUB, which is a lot of them — all Linux distros, a bunch of Windows machines, and more. Additionally, the mitigation process is a certified hot mess, […]
Security Considerations for Cloud Migration
July 22, 2020
Many companies have long resisted migrating to the cloud for security reasons. An evolving technology landscape can already make a well-planned cloud migration strategy seem like a complex task, but what if you add in a global pandemic? An entire workforce operating remotely? Murder hornets? These unforeseen challenges (OK, maybe not the murder hornets) can […]
Black Lives Matter. Actions Speak Louder Than Words.
June 19, 2020
The most recent killings of Black people at the hands of police – Rayshard Brooks, George Floyd, Ahmaud Arbery, Breonna Taylor – are tragically only the most recent reminders of the police brutality that our country has struggled with for decades, and of the broader racial injustice and inequality that has plagued us since inception. […]
container escape webinar
Can’t Contain Ourselves – Container Escapes
June 15, 2020
Register for “Linux & Containers: Brandon and Nick Hack Things Live.” Containers have revolutionized the way we do application development, but, as with most new technologies, their adoption in the enterprise is (rightfully) hindered by genuine security concerns. Ultimately, containers can bring huge security benefits not found in traditional infrastructure. But with new technologies come […]
High STEKs: On-path attacks in GnuTLS (CVE-2020-13777)
June 11, 2020
This month, Fiona Klute disclosed a vulnerability in GnuTLS, CVE-2020-13777. It can either enable on-path attackers for TLS 1.3, or facilitate passive decryption of traffic between servers running GnuTLS for TLS 1.2. Either way, it’s not great! Why it’s cool: Attackers could exploit this vuln to recover previously captured network traffic, like conversations (for servers […]
Machine Learning in Production Environments
Maximizing Business Impact with Machine Learning
June 3, 2020
I recently had the great fortune of presenting a lunch & learn session to the Capsule8 team. In this presentation I discussed how to effectively leverage machine learning to build intelligent products as efficiently as possible. Rather than focus on a single type of audience, I included information relevant to multiple levels including executive leadership, […]
Security Delusions Part 3: Cheat Codes
May 21, 2020
Organizations are unearthing the potential of digital transformation, but security often remains a gatekeeper to this path of promised potential, largely due to its own delusions about what modern infrastructure means. As Herman Melville wrote in Moby Dick, “Ignorance is the parent of fear” – and security is too frequently hindered by its fear of […]
From Historian to Program Manager: Capsulator Cynthia Burke
May 12, 2020
Cynthia Burke is a Program Manager at Capsule8. She gets projects across the finish line-collaborating across the company with engineers, product managers, marketing, and the executive team to keep things on track and deliver value to our customers. She joined Capsule8 about a year and a half ago, with a background that includes a long […]
Security Delusions Part 2: Modern Monsters
May 6, 2020
Organizations are unearthing the potential of digital transformation, but security often remains a gatekeeper to this path of promised potential, largely due to its own delusions about what modern infrastructure means. As Herman Melville wrote in Moby Dick, “Ignorance is the parent of fear” – and security is too frequently hindered by its fear of […]
Hacking Code, Finding Bugs, and Going Back to School: Capsulator Ghost
April 29, 2020
Back when he started college, Nick Gregory raced over to NYU’s OSIRIS Lab and made some friends for the first couple of days of school. Then his classes got crazy and he didn’t hit the lab for a few weeks—he was adjusting to the workload of his freshman year and the stresses that go along […]
eBPF’s Rollercoaster of Pwn: An Overview of CVE-2020-8835
April 23, 2020
Last Friday, Manfred Paul published a blog post about the vuln he used at Pwn2Own 2020, CVE-2020-8835, a local privilege escalation bug in the Linux Kernel. It affects any Linux distros using Linux kernels 5.5.0 and newer. Why it’s cool: eBPF is the Hacker News hotness for tracing (i.e. monitoring execution of) the Linux kernel, […]
Security Delusions Part 1: A History of Cloud Compunction
April 20, 2020
Organizations are unearthing the potential of digital transformation, but security often remains a gatekeeper to this path of promised potential, largely due to its own delusions about what modern infrastructure means. As Herman Melville wrote in Moby Dick, “Ignorance is the parent of fear” – and security is too frequently hindered by its fear of […]
Goal Oriented in Soccer and for Customers: Capsulator Austin Britt
April 1, 2020
Austin Britt, director of sales engineering, has been with Capsule8 since 2018. In his time as a member of the team, he’s seen the company grow from no revenue and no customers to the thriving, but still scrappy, operation that is redefining Linux protection for the enterprise. Those early days bring a smile to Austin’s […]
Harini Kannan
Tending Bonsai and Analyzing Tons of Data: Capsulator Harini Kannan
March 17, 2020
Harini Kannan is a data scientist at Capsule8. She joined us in May of 2017 as a data science intern after graduating from the University of Texas, Arlington, and has been working with us full-time since December 2017. In the nearly three years she’s been a Capsulator, Harini has been an important part of the […]
SecOps Tiers
No More Tiers: Reimagining the Structure of SecOps
March 11, 2020
Why not both? I’m not sure who thought that arbitrary hierarchical silos among a team of individual contributors was good for team morale and load-balancing, but here we are. During a recent guest appearance on the Purple Squad Security podcast, I described my last role working on a security operations team that handled incident response […]
RAMming Down Hype via Intel CSME
March 6, 2020
Recently, security researchers found new vectors of exploiting a vulnerability in Intel CSME, CVE-2019-0090, affecting all Intel chips other than Generation 10 (Ice Lake). The researchers haven’t released exploitation details yet, but proclaimed that “utter chaos will reign”… but not by exploiting this vulnerability! Instead, there’s a potential for chaos if attackers figure out how […]
What is container security?
What is Container Security?
February 21, 2020
Container Security – Nobody Knows What It Means But It’s Provocative The current understanding of “container security” as a term and market is muddled, especially given containers are used by different teams in different contexts. It could mean scanning image repositories for vulnerabilities or exposed secrets, managing credentials for container deployment, or monitoring running containers […]
EDR for Linux: Detection and Response in Linux Environments
February 5, 2020
The 3 pillars every solution needs to protect critical Linux production environments Despite the steady ascent of Linux to the top of the production stack, security has often been an afterthought. That’s right—the OS that runs 54% of public cloud applications and 68% of servers has been getting short shrift when it comes to security.  […]
Kelly Shortridge - Photo credit: @montaelkins
A Cloudy Forecast for ICS: Recap of S4x20
January 30, 2020
Photo credit: @montaelkins – Kelly Shortridge Keynote at S4x20 Last week, I keynoted S4x20, the biggest industrial control systems (ICS) security conference in the world, and was able to catch quite a few talks, too. While it took place in sunny Miami Beach, my highlights from the conference suggest a far cloudier outlook. Specifically, there […]
Takeaways from Art into Science
January 22, 2020
What do you get when you take a security conference and pare back its typical formula of swag-laden vendor tables, high-concept lighting that promises to be “an experience”, bougie parties with LED-lit stemware and a surplus of decibels — not to mention all of the offsec-focused talks? You find a group of dedicated defenders who, […]
Anomaly detection with Google BigQuery ML and Capsule8
Unsupervised Anomaly Detection Using BigQueryML and Capsule8
January 16, 2020
In a sea of data that contains a tiny speck of evidence of maliciousness somewhere, where do we start? What is the most optimal way to swim through the inconsequential information to get to that small cluster of anomalous spikes? Big data in information security is a complicated problem due to the sheer volume of […]
What is the Linux Auditing System (aka AuditD)?
January 7, 2020
The Linux Auditing System is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. In this post, we will cover what it is as well as how people deploy and manage it. We will also discuss its strengths — namely it being offered for the delicious […]
Applying the Linux MITRE ATT&CK Framework with Capsule8
December 18, 2019
The MITRE ATT&CK™ framework is becoming increasingly adopted as a way to validate detection coverage. If you aren’t yet familiar with it, ATT&CK is an open-source knowledge base of tactics and techniques used by attackers. ATT&CK buckets tactics across the kill chain, from initial access to exfiltration or impact, then lists techniques that facilitate those […]
Our 2020 Security Predictions Clickbait Will Leave You SHOOK!
December 12, 2019
Prediction lists in the security industry are mostly self-indulgent fan fiction, so we decided to create an anti-meme in response. Rather than spin tall tales about drones using lasers to fire USBs into your servers to exploit side channel vulnerabilities, here are some things that we think will actually happen in 2020 within the magical […]
OOMyPod: Nothin’ To CRI-O-bout
December 4, 2019
Gather around the fire for a story about the unlikely partnership of bugs that led to a partial container escape. While this is a fairly technical post covering some container and Kubernetes components, we included links throughout if you want to learn about them or need a refresher while reading.   TL;DR Three issues in […]
Don’t Get Kicked Out! A Tale of Rootkits and Other Backdoors
November 14, 2019
Introduction When it comes to rootkits and other backdoors, everything is on the table. There exists a vulnerability that can be exploited in a system binary to gain root access? There’s a rootkit1 for that. You allow kernel modules? A plethora of nefarious goodies can be part of your system! Your new chip is made […]
The Curious Case of a Kibana Compromise
October 31, 2019
The sun rose, coffee was guzzled, and fingers clicked away at keys, making it a typical day at Capsule8 HQ – until it wasn’t. As the Capsule8 team deployed one of our toy target instances (one with exploitable software on it for demo purposes), we noticed alerts firing from components which weren’t part of our […]
An Infosec Lens on the 2019 State of DevOps Report: What It Means for Us
October 28, 2019
Understanding DevOps trends is essential for infosec professionals. Before you angrily close the tab because you are tired of lectures about the need for infosec to work with DevOps, consider whether the idea of a job focused on strategic, innovative work rather than firefighting and gatekeeping is appealing. If so, then these trends matter for […]
HELO, Is It Me You’re Exploiting For?
October 1, 2019
Another month, another pre-auth RCE in Exim, an open source mail server for Unix systems. This time, it’s CVE-2019-16928, a heap-based buffer overflow reported this weekend. Why it matters: If you heard about the other Exim bug from mid-September, you probably did the smart thing and patched to the latest version (4.92+). Regrettably, this new […]
Major Key Alert: Data Discovery for Red Teams with an ML Tool for Keylogging
September 18, 2019
With the glut of security vendors who promise to secure to the moon and back on the star-glazed spaceship of Machine Learning (ML) technology, where is the equivalent for red teams? Imagine a scene: an earnest red teamer hunched at their desk, hand under chin, eyes hazy with fatigue as their finger presses the down […]