Capsule8 Enhances Linux Protection for Production Infrastructure

The growth of Linux environments powering commercial organizations is rapid, especially as more workloads are migrated to the cloud. Attackers are targeting Linux systems with tactics built specifically for them, not copy-and-paste versions of Windows attacks, presenting a challenge for many businesses that have yet to fully understand or mitigate the risk.

At Capsule8, we understand the challenges of Linux-specific attacks, which is why we’ve built our Protect Solution to deal with them. Capsule8 Protect is built to defend enterprise infrastructure against attacks that have been developed against Linux, from cloud-native to on-prem data center environments and everything in between.

Those attacks keep changing, and we are changing to keep up with them. Today, Capsule8 is pleased to announce that we’ve launched enhancements of our flagship product, Capsule8 Protect, that bolster monitoring, detection of cryptomining, and protection for production systems. 

The Capsule8 Protect suite is designed to avoid costly downtime, overloaded hosts, or stability snafus caused by traditional security tools. Organizations looking to protect their Linux infrastructure, be it a few hundred hosts or tens of thousands, are now able to choose SaaS or on-prem hosting of the management console, as well as select from a number of tiers to best meet their needs. 

We’ve made some big enhancements to our detections that not only help us detect attacks quickly, which reduces incident impact, but also bolster our coverage of the MITRE ATT&CK Framework. We have a full breakdown of our MITRE ATT&CK coverage coming soon (stay tuned!), but some newly enhanced detections include: 

  • Cryptomining: A notable enhancement are the updates to existing cryptomining detection capability. Cryptomining is becoming an increasingly imperative threat consideration for businesses and a priority for infrastructure deployment. We provide a low-noise, high-accuracy method of detecting cryptomining that helps remove unwanted users who eat up CPU and drive up costs on any public cloud instance.  
  • Remote, Interactive Shell Detection: We’ve also enhanced our remote, interactive shell detection. Direct system shell interaction with containers running in production is unwanted activity, whether it’s an indicator of an attack or risky developer behavior, and spawning shells is a common final step. The latest remote interactive shell detection distinguishes between shells that are wrapped in encryption and author and when a random process spawns a shell that’s wired up directly to a network socket. Capsule8 not only detects that a shell session was spawned, but also what commands were executed. 

Additionally, we have worked hard to remove any operational burden for clients – from installation to deployment to management. Our new, enhanced user experience is focused on making the solution easy to scale and manage from an operational perspective, as well as presenting security information in an intuitive manner, all through an interactive console. All relevant information is in the same view, allowing teams to make quick decisions on high-priority incidents with the necessary supporting investigatory data. 

This new flexibility also extends to two deployment models. Teams wanting to leverage their existing operations workflows can export the findings into their existing automation, orchestration, log management, and incident response tooling. Teams who prefer a dedicated graphical interface can leverage Capsule8’s console via a SaaS deployment or on-prem model, with SaaS providing decreased operational overhead. Capsule8 has also developed a tier structure so organizations can access protection in a way that best fits their teams and their environments. 

The newly available tiers include: 

  • Capsule8 Protect, which is designed for organizations that require protection of their Linux production environments from the most prevalent threats and are predominately running workloads in AWS, GCP, or Azure with standard kernels. 
  • Capsule8 Protect+, which is designed for organizations that require more detailed security monitoring with an increased level of system context, as well as those looking to satisfy compliance or regulatory needs, and may be operating in more complex or custom Linux environments. 
  • Capsule8 Complete, which is designed for organizations that require a complete Linux security solution and have incident response or threat-hunting teams who are experienced in building their own detections and specialized threat models. Capsule8 Complete supports customers with highly complex Linux environments, including custom kernels, that need additional tailoring for their unique operational context. 

Regardless of which level of solution you choose, Capsule8 enables security and operations teams to efficiently defend their Linux infrastructure with monitoring, detection, and protection built for production systems. No matter what mix you are of on-prem legacy systems, public and private cloud, or microservices and containers, Capsule8 protects your infrastructure as it looks now and as you continue to evolve it.

We’re proud of how far we’ve come in the past three years and we’d love to show you what we can do.

If you’re interested in learning more about Capsule8 Protect, you can view our new product brief here.

Ready to see it in action? Request a demo here and see how we can help you modernize without compromise.