The move to cloud-native technologies is a challenge made only more difficult by trying to remain compliant with requirements, such as PCI, HIPAA, FINRA, and FedRAMP. Enterprises are left trying to meet these demands by deploying a host of legacy security tools such as anti-virus protection, remote access detection, file access and integrity management, intrusion detection and protection systems, and so on. Drowning in alerts and trying to maintain all these systems means the quality of security has suffered as a result.
The Capsule8 Difference
The Capsule8 Platform proactively detects Indicators of Attack (IoA) across your entire Linux production environment, pointing you to the true attacks that require attention. The ability to detect live exploitations (IOA) allows you to address security incidents quickly, versus looking for Indicators of Compromise (IOC) which implies awareness only after an attacker has taken hold of your environment. Importantly, Capsule8 requires only small amounts of security-critical telemetry data to provide protection.The vast majority of this telemetry is managed locally, and not shared over network, ensuring the solution will not have an undue performance impact on production.
Following a rigorous evaluation by DirectDefense, a leading provider of PCI and security assessment services for PCI DSS, Capsule8 has was found to be a compliant solution for several controls regarding IDS/IPS, FIM and AV for architectures that rely on Linux for their host operating systems, including several of the key “control” statements in Requirements 5, 6, 10 and 11 . This allows organizations to replace legacy IDS/IPS, File Integrity Monitoring and AV solutions in their Linux production environment with a single solution.
Among the PCI DSS requirements the Capsule8 solution helps address are the following:
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs – Capsule8 provides comprehensive protect and detection, not only from unknown and ‘zero-day’ attacks, but also for malicious programs.
Requirement 6: Develop and maintain secure systems and applications – To stay current, Capsule8 Labs has a continuous process to identify and evaluate new and existing CVEs (Common Vulnerabilities and Exposures), testing its product continually against new exploits to ensure effectiveness.
Requirement 11: Regularly test security systems and processes – Capsule8 Protect provides cloud native IDS and IPS capabilities, that leverage workload-level data to provide vastly superior detection to traditional IDS/IPS. The solution also provides a comprehensive policy capability, including File Integrity Management (FIM)s.
Following a rigorous evaluation by DirectDefense, a leading provider of HIPAA and security assessments, Capsule8 was deemed compliant for HIPAA controls regarding access, anti-virus, IDS/IPS and file integrity monitoring for architectures that rely on Linux for their host operating systems. Specifically, Capsule8 enables:
Protection of system services from unauthorized access to ePHI: Capsule8 performs file access monitoring and alerts on unauthorized program access.
Automatic or manual reconfiguration of access settings when there is an emergency: In the event of a suspected compromise, Capsule8 can put a Linux system into a secure mode, allowing only key administrator rights to ensure that the system is secure and to re-enable normal operations when conditions are safe again.
Review and audit of key activity regarding access to ePHI: All actions pertaining to ePHI are logged, establishing a permanent record. Capsule8 applies a risk-based categorization for key audit events to determine the scope and magnitude of any potentially inappropriate access.
Protection of production Linux systems from unwanted alteration or destruction: Capsule8 reports violations of security policies configured by system operators, allowing for complete audit logging of policy violations and specific response actions (if desired) for egregious policy breaches. Additionally, forensic data is stored in a database for further investigations.
Protection of Linux systems from unauthorized access to services and data: Capsule8 employs integrity verification to detect unauthorized changes to ePHI and provides notifications to management upon discovering discrepancies during integrity verification.
Immediate response to breaches of ePHI confidentiality: Capsule8 protects systems and data by performing actions configured to react to attempts at unauthorized access.
Capsule8 aligns with the controls laid out in NIST SP 800-53 R4 for Access Control, Configuration Management, Risk Assessment, and Systems and Information Integrity. Meeting these strict requirements demonstrates
Capsule8’s mission of supporting our customers in any environment by detecting unwanted activity and upholding systems resilience. For customers subject to FedRAMP, you can gain confidence that your Linux infrastructure is protected as part of your FedRAMP projects.
Capsule8 helps you meet the following FedRAMP requirements in your Linux infrastructure pertaining to Access Control (AC), Configuration Management (CM), and Risk Assessment (RA):
Session Termination – AC-13: Capsule8 can automatically kill processes associated with user sessions exhibiting unwanted or unauthorized activity.
Remote Access – AC-17 (1, 4, 9): Capsule8 detects remote interactive shells and execution of privileged
commands, with the ability to shut down either activity automatically.
Least Functionality – CM-7 (2, 4, 5): Capsule8 detects the execution of unwanted or programs and enables
program allowlists and denylists.
Vulnerability Scanning – RA-5: Capsule detects kernel and userland exploitation of vulnerabilities, and monitors critical system, configuration, and content files.
The reality for most organizations is that they are somewhere between hybrid cloud and cloud native on their cloud transformation
Ready to modernize your enterprise security?
Request a demo or speak with our technical sales team to answer your questions.