All Blogs
Howdy Partners – Capsule8 Launches a New Partner Program
Today is a big day at Capsule8 as we expand our inner circle and extend our reach with the newly launched Capitalize program. Rolling out nationally and beginning with more than 10 carefully-selected VARs and integration partners, including Gotham Technologies, Fortifire, and SideChannel, we’re working hard to create a frictionless experience so that our Partners […]
Case Study: Mimecast
With Capsule8, Mimecast is able to strengthen their security posture and meet critical compliance standards. Industry: Technology Company Size: 1,700 + employees worldwide Challenges: Lack of deep visibility and strict compliance requirements Key Benefits: Enhanced visibility, capability to respond in a systematic way to potentially malicious behavior, controls to meet compliance certifications As a leading […]
Establishing a Scalable Collaboration Between Security and DevOps
In a recent blog post, we’ve discussed the journey many IT organizations are on to digital transformation and the trajectory they have taken in recent years. Drawing from a recent webinar run with 451 Research, part of S&P Global Market Intelligence, we looked at the cloudy future of workload deployment locations and current DevOps adoption […]
Heap Overflow in Sudo: The Struggling Escape Artist (CVE-2021-3156)
Yesterday, the Qualys Research Team disclosed a heap overflow vulnerability in sudo, CVE-2021-3156, called “Baron Samedit” (in a show of delightful wordplay with the Haitian Vodou spirit). It allows a local user to become root and gain control over the target system. Why it’s cool: Sudo, short for “superuser do”, is a default utility in […]
Bringing Your A-Game: Availability for Security People
The security industry tends to focus on the protection of sensitive data, forgetting that availability falls under the classic C.I.A. triad. This is a mistake, and an especially egregious one considering the rise of the service delivery economy. This post is intended as an overview of why infosec teams stand to substantially benefit from rediscovering […]
Security Gaps in the Digital Transformation Journey
In a recent webinar produced in partnership with 451 Research, part of S&P Global Market Intelligence, Kelly Shortridge and Fernando Montenegro discussed the elements necessary for security teams to better engage with DevOps. But to realize that kind of transformation, context is needed. Digital transformation is a holistic process. It’s a journey that every organization […]
Our Top Linux Security Posts of 2020
Throughout the year, the Capsule8 blog discussed many of the pressing issues and challenges faced by organizations in a rapidly-shifting security environment. We’ve collected the top eight blog posts written in that time and summarized them all below for easy reference.
From Catastrophe to Chaos in Production
Production is the remunerative reliquary where we can realize value from all of this software stuff we wrangle day in and day out. As has been foretold from crystal balls through to magic eight balls, the deployment and operation of services in production is increasingly the new engine of business growth, and few industries are […]
Put Us In Coach – Cloud Security is a Team Sport
Recently Fernando Montenegro of 451 Research, part of S&P Global Market Intelligence, released a new thought leadership report, “Cloud Security is a Team Sport,”* (*Login required) that breaks down the need for collaboration and teamwork when tackling cloud security in two key areas: Within the vendor community, highlighting the need for collaboration between cloud service […]
Capsule8 Enhances Linux Protection for Production Infrastructure
The growth of Linux environments powering commercial organizations is rapid, especially as more workloads are migrated to the cloud. Attackers are targeting Linux systems with tactics built specifically for them, not copy-and-paste versions of Windows attacks, presenting a challenge for many businesses that have yet to fully understand or mitigate the risk. At Capsule8, we […]
An Introduction to Container Escapes
“‘ESS-ca-pay’… that’s funny, it’s spelled just like the word ‘escape’!”-A famous fish with ephemeral memory Containers are more popular than well-understood. Container escapes are even less understood. This post is intended to solve the latter issue and demystify the heretofore arcane art of container escapology, even for people who feel confused by containers or uneducated […]
aka AK: Capsulator Adrian Kwak
According to Capsule8 Product Manager and Console Designer Adrian Kwak (aka AK), a common misperception of her role is that she “makes websites pretty.” Since joining the team a year ago, AK has been a huge part of our product team and while we at Capsule8 know her contributions far exceed that simple definition, it […]
Q&A: Secure Cloud Migration During a Crisis
Back in July, Capsule8’s Chief Product Officer, Rob Harrison, chatted with guest speaker Andras Cser, vice president and principal analyst at Forrester Research, about how security considerations for a cloud migration have changed over the past few months and how future trends change risk when adopting accelerating strategies. The evolving technology landscape can already make […]
Top 3 Security Problems Caused by Rogue Developers
The Road to Fail is Paved with Good Intentions Security vulnerabilities are often a top concern for security teams. But when it comes to defending production systems, it’s not about bugs. There are a number of seemingly innocent developer behaviors that can wreak as much, if not more, havoc — or even worse, take an […]
HR-You Ready?: Capsulator King Krompicha
One of the first people you’ll meet when you apply for a job at Capsule8 is our wonderful Director of Human Resources, King Krompicha. King joined our team one year ago after leading the tech recruiting efforts at Harry’s, a direct-to-consumer goods company, and has made a huge impact on not only human resources, but […]
Capsule8 named CB Insights Cyber Defender for 2020
The folks at CB Insight recently released a new report, “Cyber Defenders 2020” where they highlight what they consider emerging cybersecurity trends for 2020 and recognize the startups they believe will shape the space in the coming year. The report discusses vendors in a number of categories, including Anomalous Behavior Detection, Third-Party Risk Management, and […]
SOC 2 Compliance Playbook for Cloud Native
Part 2: SOC 2 Type 1 MVP Playbook Click here to read Part 1: From Monster to Mascot Of the SOC 2 principles (criteria) of security, availability, process integrity, confidentiality, and privacy, you can choose which principles to include in your SOC 2 audit but security must be included in any MVP SOC 2 audit. […]
Compliance in a Cloud Native World
Part 1: From Monster to Mascot How did a fairly straightforward endeavor – an IT audit – become that monster under the bed? Compliance projects all too often feel a massive box checking exercise. You may be pulling staff and co-workers into a vast abyss, mapping arcane compliance controls, deciphering audit speak, all to hopefully […]
Black Hat Preview: Uncommon Sense
Detecting Exploits with Novel Hardware Performance Counters and ML Magic The end of July usually comes with a bit more preparation involving updating your software, encrypting your devices, buying a burner phone, and so on, as the infosec community prepares to descend down onto the Las Vegas strip for Black Hat and Defcon. While the […]
Grubbing Secure Boot the Wrong Way: CVE-2020-10713
Today, researchers at Eclypsium disclosed a buffer overflow vulnerability in GRUB2, CVE-2020-10713, affectionately termed “Boothole.” It basically results in a total pwn of Secure Boot in systems using GRUB, which is a lot of them — all Linux distros, a bunch of Windows machines, and more. Additionally, the mitigation process is a certified hot mess, […]
Security Considerations for Cloud Migration
Many companies have long resisted migrating to the cloud for security reasons. An evolving technology landscape can already make a well-planned cloud migration strategy seem like a complex task, but what if you add in a global pandemic? An entire workforce operating remotely? Murder hornets? These unforeseen challenges (OK, maybe not the murder hornets) can […]