Product

Capsule8:

Capsule8 is the industry’s only real-time, zero-day attack detection platform capable of scaling to massive production deployments. Capsule8 delivers continuous security across your entire production environment — containerized, virtualized and bare metal.

Capsule8 detects and can instantly disrupt attacks in the production environment before the attack takes hold.

Key features of Capsule8 include:

Real-time Detection at Scale:

Capsule8 utilizes distributed, expert-driven analytics to detect attacks in real time. The result is that an organization’s typical flood of alarms and false positives reduce to a trickle of high value, high context alerts of actual attacks – not just potential threats. Moreover, unlike conventional detection approaches that don’t scale, Capsule8 relies on distributed architecture that can scale detection to tens of thousands of nodes – without impacting performance.

Built for Production:

Purpose built for production workloads, Capsule8 works without deploying any kernel modules or high-risk components. Moreover, it deploys alongside your infrastructure, not as a SaaS solution, giving you full control of your data and eliminating the risks of potential dissemination, deletion, or corruption of your data by third parties.

Intelligent Investigation:

Capsule8’s distributed telemetry makes it easy to perform forensic investigations on historical data, without significant impact to network performance or storage.

Automated Disruption:

Capsule8 can go beyond detection and enable you to automatically disrupt an attack once detected. For instance, customers can strategically (and automatically) kill attacker connections, restart workloads, or immediately alert an investigator, immediately upon initial detection.

Support for Cloud Native and Legacy:

Capsule8 supports both orchestrated and non-orchestrated workloads. Capsule8 deploys as easily in a Kubernetes orchestrated environment through cloud providers such as AWS, GCP or Azure, as well as bare metal environments deployed with your operations tools of choice such as Ansible, Puppet, Chef or SaltStack.

How Capsule8 Protects the Production Environment

Explore how Capsule8 detects and stops zero-day attacks in real time at scale

1001010010001011001010010001011

101100010001011101100010001011

001100010100100010110011000101001000101100110001010010001011

10000110000100010111000011000010001011

100110010010001011100110010010001011100110010010001011

1001010010001011001010010001011

101100010001011101100010001011

001100010100100010110011000101001000101100110001010010001011

10000110000100010111000011000010001011

100110010010001011100110010010001011100110010010001011

1001010010001011001010010001011

101100010001011101100010001011

001100010100100010110011000101001000101100110001010010001011

10000110000100010111000011000010001011

100110010010001011100110010010001011100110010010001011

Capsule8 sensors, running outside the kernel, scan for threats without negatively impacting workload stability or performance

1001010010001011001010010001011

101100010001011101100010001011

001100010100100010110011000101001000101100110001010010001011

10000110000100010111000011000010001011

100110010010001011100110010010001011100110010010001011

C8 Sensors capture only small amounts of security-critical data, and stream it through the Capsule8 Backplane to nearby Capsule8 Detect analysis instances

Capsule8 can automatically kill attacker connections, restart workloads, or immediately alert an investigator.

This means your business can instantly contain or even prevent damage.

SIEMs

ORCHESTRATION TOOLS

SLACK

DATA STORES

Simple integration with SIEMs, orchestration tools, Slack, and big data stores, makes central management easy.

Azure

Data Center

AWS

How it Works

We bring continuous security to your entire production environment, allowing you to detect and shut down attacks as they happen.

  1. With just a couple lines of configuration, you can deploy all aspects of Capsule8 throughout a complicated hybrid deployment.

  2. Capsule8 automatically deploys sensors throughout your production infrastructure that collects data without risking performance or stability.

  3. Key event data is streamed in real time to a distributed, real-time analysis engine, which focuses on detecting evidence of attacks in progress, allowing you to catch zero-days and credential theft, not just known vulnerabilities.

  4. Capsule8's analysis engine then leverages multiple dimensions of data, including network, system and application-level data, to provide vastly more accurate alerting than possible with traditional methods.

  5. Capsule8 can respond immediately when attacks are detected -- for instance, by shutting them down without impacting production, or immediately alerting a responder.

  6. Capsule8 then stores events in a distributed "flight recorder" that you allows you to perform detailed forensic investigations, or go back through data after-the fact to look for indicators of compromise (IOCs).

  7. To manage alerts centrally, Capsule8 easily integrates with all your favorite tools, including SIEMs, orchestration tools, Slack and even big data stores.

  8. Using Capsule8's fully extensible API, you can easy to build your own analyses, integrations or even security tools on top of the Capsule8 platform.

Want to Learn More?