The Capsule8 Difference
The Capsule8 Platform proactively detects Indicators of Attack (IoA) across your entire Linux production environment, pointing you to the true attacks that require attention. The ability to detect live exploitations (IOA) allows you to address security incidents quickly, versus looking for Indicators of Compromise (IOC) which implies awareness only after an attacker has taken hold of your environment. Importantly, Capsule8 requires only small amounts of security-critical telemetry data to provide protection.The vast majority of this telemetry is managed locally, and not shared over network, ensuring the solution will not have an undue performance impact on production.
Real-Time, High Fidelity Protection without Signatures
Once you’ve been breached, it can cost millions to recover. There’s no cost, however, if you stop an attack before it becomes a breach. We provide you with high-fidelity data in real-time, which greatly improves visibility and response time. With Capsule8, it’s easy to determine the legitimacy of each alert and to automate the response accordingly. Furthermore, the Capsule8 platform is not signature-based, so you won’t be stuck waiting for point-in-time product updates.
Deep Context in Alerts to Help Understand Each Attack
Capsule8 finds exploits – including those based in the kernel – that other tools miss. Our alerts deliver true positives with deep context about the users, activities, and timing involved so that you can understand the nature of an attack and quickly kill or freeze processes that violate policy. Capsule8 provides only the right information and doesn’t slam you with volumes of irrelevant data.
Capsule8 provides insight into all activity pre-and post-exploitation, including commands issued, files and networks accessed. Much like a bank robber is focused on your money (not all your office supplies), an attacker is looking for your most sensitive data (not every resource you own). Correlation data is important for understanding everything an attacker is doing throughout your environment. Our analytics reflect associations between actions and events and what they mean.
Flexible and Efficient Operations
Capsule8 offers a number of ways to manage alert data to minimize performance impact to your production systems, which is always a concern of your operations team.
- Capsule8 allows you to set limits that control its consumption of CPU, memory, disk space and event rate.
- Our development philosophy is to be API-first, providing flexibility to integrate with your existing cloud, security, and storage tools. Send alerts to your existing tools and workflows via API, file, stdout and S3 Bucket.
CVE Analysis Reports
Capsule8’s provide you with reporting on how our protection fared against Linux Common Vulnerabilities and Exposures (CVEs). Our security researchers and data analysts document relevant CVEs, the type of exploit involved, and the Capsule8 detection methods that would have prevented the exploit. This provides transparency in Capsule8’s abilities to protect your organization.