Tending Bonsai and Analyzing Tons of Data: Capsulator Harini Kannan

Harini Kannan is a data scientist at Capsule8. She joined us in May of 2017 as a data science intern after graduating from the University of Texas, Arlington, and has …

No More Tiers: Reimagining the Structure of SecOps

Why not both? I’m not sure who thought that arbitrary hierarchical silos among a team of individual contributors was good for team morale and load-balancing, but here we are. During …

RAMming Down Hype via Intel CSME

Recently, security researchers found new vectors of exploiting a vulnerability in Intel CSME, CVE-2019-0090, affecting all Intel chips other than Generation 10 (Ice Lake). The researchers haven’t released exploitation details …

Container Security – Nobody Knows What It Means But It’s Provocative

The current understanding of “container security” as a term and market is muddled, especially given containers are used by different teams in different contexts. It could mean scanning image repositories …

EDR for Linux: Detection and Response in Linux Environments

The 3 pillars every solution needs to protect critical Linux production environments Despite the steady ascent of Linux to the top of the production stack, security has often been an …

A Cloudy Forecast for ICS: Recap of S4x20

Photo credit: @montaelkins – Kelly Shortridge Keynote at S4x20 Last week, I keynoted S4x20, the biggest industrial control systems (ICS) security conference in the world, and was able to catch …

Takeaways from Art into Science

What do you get when you take a security conference and pare back its typical formula of swag-laden vendor tables, high-concept lighting that promises to be “an experience”, bougie parties …

Unsupervised Anomaly Detection Using BigQueryML and Capsule8

In a sea of data that contains a tiny speck of evidence of maliciousness somewhere, where do we start? What is the most optimal way to swim through the inconsequential …

What is the Linux Auditing System (aka AuditD)?

The Linux Auditing System is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. In this post, we will cover what …