Capsule8 for Google Cloud Platform

Real-Time, Zero-Day Attack Detection for GCP

Capsule8 delivers continuous security across Google Cloud to detect and shut down attacks as they happen.

With Capsule8, GCP customers can achieve:

Real-time Detection at Scale:

Capsule8 utilizes distributed, expert-driven analytics to detect zero-day attacks in real time, reducing an organization’s typical flood of alarms and false positives to a trickle of high value, high context alerts of real attacks.

Built for Production:

When your system or network is under heavy load, Capsule8 responds appropriately to ensure overall performance isn’t impacted, all without deploying any kernel modules or high-risk components.

Intelligent Investigation:

Capsule8’s distributed telemetry makes it easy to perform forensic investigations on historical data, without significant impact to network performance or storage.

Automated Disruption:

Capsule8 can go beyond detection and makes it easy for you to automatically disrupt an attack once detected. For instance, you can strategically (and automatically) kill attacker connections, restart workloads, or alert an investigator, immediately upon initial detection.

How Capsule8 Works with GCP:

  1. Capsule8 runs entirely in the customer's Google Compute Engine environment and accounts. Capsule8 requires a lightweight installation-free sensor running on each GCE instance, typically consuming around 3-5% of one CPU core and 20MiB RAM. Capsule8 Sensor supports all Google-supported public Linux-based GCE images and instance sizes.

  2. Capsule8 Sensors stream behavioral telemetry to an available Capsule8 Backplane node in its Availability Zone with capacity that performs stream analysis on the behavioral telemetry to identify attacks in real-time.

  3. The Capsule8 Flight Recorders also optionally run on each node in order to provide historical replay of system activity from an on-disk circular buffer.

  4. The Capsule8 Console, also running in GCE, provides a web-based interface to real-time and historical queries, alerts, and configuration. The Capsule8 Console can be configured to use any PostgreSQL-compatible database (including Cloud SQL).

  5. Capsule8 can also be installed via a Helm chart to Google Kubernetes Engine (GKE) for a one-command installation. For Google Kubernetes Engine users that do not use Helm, Kubernetes manifests are provided for manual customization and installation.

  6. Capsule8 is an API-first product and provides integration into Cloud Security Command Center, making it possible to forward Capsule8 Alert objects to the CSCC GCS bucket or API endpoint.

Want to Learn More?