Posts Tagged ‘Capsule8’

News From Capsule8 – Series B and Board of Advisors

Posted by

When we launched Capsule8 1.0 back in April, we knew were on the right track for solving a huge market problem. We had completed a successful beta with some of the biggest companies from Wall Street and Silicon Valley and one of our first customers had signed on. What we didn’t know was how quickly our momentum would pick up, even within the (less than) one quarter that our product has been on the market. It is that momentum that brings us to today, as Capsule8 is proud to announce two more major milestones – we have secured a Series B round of funding, and have some of the brightest minds in security helping guide us in our newly formed Board of Advisors.

First, the funding. We have secured $15M Series B round, led by ClearSky Security, and also features participation from Bessemer Venture Partners, Rain Capital and other strategic investors who believe in Capsule8. This brings our total funding to $23.5M will be huge in helping us scale Capsule8’s engineering and sales teams as we continue to hone our product and extend our reach into new markets.

Second, we announced our new Board of Advisors. The folks who have signed on to use their own expertise and experience to help Capsule8 as we enter this new phase of growth include people the team has known, worked with, and admired for years. They are big names who have helped big security companies do big things, and we’re lucky to have them on board:

  • Jim Bandanza – Bandanza has more than 20 years of experience as an executive at multiple cybersecurity and cloud companies, including Chief Revenue Officer at COO at CounterTack, EVP and COO at Egenera, and Senior VP of Field Operations at RSA, the Security Division of EMC.
  • Christopher Bolin Bolin has been in information security for more than 20 years, having most recently served as Chief Strategy Officer at Absolute. Previously he was CEO/President of two European based companies, Uniblue and Prevx, and also CTO and EVP of Products at McAfee.
  • Ben Johnson – Johnson is CTO and co-founder of Obsidian Security. Prior to founding Obsidian, he co-founded Carbon Black and most recently served as the company’s Chief Security Strategist.
  • Zane Lackey – Lackey is the Co-Founder and Chief Security Officer at Signal Sciences and the author of Building a Modern Security Program (O’Reilly Media). He serves on multiple Advisory Boards including the National Technology Security Coalition, the Internet Bug Bounty Program, and the US State Department-backed Open Technology Fund. Prior to co-founding Signal Sciences, Zane was at the forefront of the DevOps/Cloud shift as CISO of Etsy.
  • Caleb Sima – Sima recently left a senior security role at CapitalOne, where he spearheaded many of their security initiatives. Prior to CapitalOne, Sima founded SPI Dynamics (acquired by HP) and BlueBox Security (acquired by Lookout) and has served as an advisor, investor, and CEO for security companies.
  • Gil Zimmermann – Zimmermann leads cloud security go to market, innovation, market expansion strategy and execution for Cisco’s $3B Security business. Before Cisco, Zimmermann was the CEO and co-founder of CloudLock, which he grew into a cybersecurity market leader, resulting in its acquisition by Cisco in 2016.

We have been lucky to have so many big companies raise their hands to work with us, and we are committed to keep their trust.

What does this mean? It means we are doing something right, and we aren’t going to stop now.  We are doing something big here at Capsule8 and hope that you’ll continue to follow us (or join us!) for the ride.

Driving Toward the SOCless Enterprise

Posted by

Alex Mastretti, engineering manager of the security intelligence and response team at Netflix, recently declared the formation of a “SOCless detection team,” signalling a shift in their security program in an effort to bring detection and response closer together. Optimizing your team’s approach to security can feel like a huge, but worthwhile undertaking, and as we discussed in our post, “Time to Blow Up the SOC?” the time for change is now. Many teams are re-examining their organizations’ security programs come to the realization that their SOC may be burdening their team’s efforts instead of helping them. As Alex so deftly put it, “The last thing we want is a bunch of lame alerts creating busy work for a large standing SOC.”

In short, a SOC is often faced with a constant barrage of data, making it nearly impossible to keep up with alerts, nevermind respond to them appropriately. Issues such as alert fatigue are very real and put the security of entire organizations in jeopardy. Improving data quality and automation are two key factors that Alex addresses, and they can go hand in hand to minimize false positives and help effectively respond to attacks as soon as they happen.

First, when it comes to data, more is more – but that could mean more alerts, not increased protection As we often say here at Capsule8, “The answer to more efficiently finding the needle in the haystack isn’t collecting more hay.”  It’s crucial to focus on telemetry data that can provide meaningful signals and not just noise. Data pumped in through a traditional security appliance, for example, can provide a look at network traffic but not the necessary context to make a good, and immediate, call. This means your confidence in each potential alert is lower, so you have to investigate each one and eat up valuable time and resources that could be spent on more meaningful security issues. Relevant data on the machine level provides better visibility into what’s happening on a file system, what’s happening in memory, what’s happening in the OS, and even what’s happening in the application (for common applications). That’s telemetry data that can help you hone in on important signals and push aside the false positives that can divert the attention of your team.

Second, security teams should be focused on automation to aid in providing quick and effective responses to stop attacks as they happen. As Alex discusses, “every triggered rule should fire automation before it fires an alert to a human. When a human gets an alert they should be the right person, and be provided the right context and the right set of options.” This approach of “decentralizing alert triage to system experts,” will help immediate investigation when there is the highest probability of a real attack and monitoring the truly critical events in real time. To take it one step further, automated responses such as such as strategically killing attacker connections or restarting workloads upon detection of an attack can disrupt  them as soon as they are detected, saving the crucial seconds, minutes, hours, or even days it would take for a typically SOC response. Another key aspect of this approach is aligning the pain of alert fatigue with the security team responsible for the systems that generate them. By aligning the alert triage with those who have the ability to reduce them, incentives are aligned for high-quality alerts.

This “SOCless” approach could also be (and was, by one of our co-founders) called “Capsule8 in a box.” It’s a more proactive approach to security so time and resources aren’t wasted by false alerts and ensuring the ensuing response is the right one. This approach will help to cut down on wasting countless hours investigating false alarms and our “shoot first, ask questions later,” strategy for attack disruption means that alerts that are highly likely to be real attacks can be stopped faster, before any damage is done.

Driving toward the SOCless enterprise is the motivation behind the Capsule8 Platform. Over the coming weeks, expect more from us on how security engineering organizations can take the journey to becoming SOC-less.