Capsule8 Protect

High-performance attack protection for your Linux infrastructure - whether containerized, virtualized, or bare metal, on-premise or in the cloud.

Capsule8 monitors your entire Linux infrastructure, detecting and preventing attacks and other unwanted activity to keep your production environments safe and stable – whether they live in the cloud, containers, or on-prem. We help companies of any size collect and understand all the data needed to protect themselves, without having to reinvent the wheel with costly manual effort.

Capsule8 is designed to support software delivery performance, protecting Linux production resources without risking uptime, reliability, or stability. By providing detection, prevention, and response for a broad range of Linux hosts – no matter how they are deployed – Capsule8 provides a self-contained system monitoring your virtual and container workloads, optimizing security and operational productivity.

Prevention, not busywork. Capsule8 focuses on detecting attacks and unwanted activity by collecting the right data, not hoovering and dumping out every data point from your hosts. Our strategy is to observe techniques at each stage of the attack lifecycle, giving you multiple opportunities to shut down unwanted activity before it results in a production incident.

Advantages of Capsule8’s Attack Responsiveness:
  • Detect and prevent the events that matter to your organization as they happen, instead of cleaning up incidents afterwards
  • Monitor virtual and container workloads across your entire Linux production infrastructure
  • Strategically (and automatically) kill attacker connections, restart workloads, or immediately alert an investigator to respond to attacks before they become incidents

Capsule8 Investigations enables cloud users to maintain a dedicated database just for security data without the cost or burden of having to set up an actual database. In short, Capsule8 Protect’s Sensors can ship investigations event data as Apache Parquet to Amazon S3 Buckets or Google Cloud Storage. From there, the data can be used effectively by Amazon’s Athena or Google’s BigQuery so security teams can quickly figure out what happened in an incident, figure out why it happened, and refine automated response actions to prevent it in the future.

Advantages of Capsule8’s InVESTIGations:
  • Create an on-demand security database – without the manual effort​
  • Quickly determine what transpired in an incident​
  • Easily query Linux hosts using SQL syntax to answer critical questions
Capsule8 Investigations Screenshot, AWS Athena
Everyone’s adoption of cloud and microservices is unique, and Capsule8 protects your Linux production hosts regardless of your mix of deployments. You receive the same detection and prevention in one self-contained solution whether you operate in multi-cloud, container, VM, and on-prem server environments – or all of the above. Capsule8 is built to be API-first, so our alerts can be directly piped into your organization’s favorite cloud, security, orchestration, collaboration, and storage tools. Capsule8 sends alerts to your existing tools and workflows via API, file,  webhooks, and stdout, giving you the flexibility to create custom responses or playbooks in response to incidents.
Advantages of Capsule8’s Integrations:
  • Works with most flavors of cloud, microservices, and on-prem Linux you run
  • Keep using the tools you love in the way you know best, with full flexibility in how you consume and store alert data
  • Boost incident response productivity with lean but metadata-rich alerts that work with your existing SIEM and security orchestration tools

Capsule8 helps you protect your Linux production infrastructure without jeopardizing uptime so that your systems can stay as performant as possible. We built Capsule8 to be highly performant and lightweight, providing the complete protection that security teams require with a DevOps-friendly design – avoiding the stability and reliability risk that plagues other security tools.

Advantages of Capsule8 for Production Performance:
  • Set hard limits on resource consumption of CPU, memory, disk usage, and event rate to avoid impact on uptime and bottlenecks
  • Runs in userland (outside the operating system’s kernel) and collects kernel-level data without the need of a kernel module, removing stability and reliability risk
  • Deployment and maintenance designed to minimize manual effort with Ops-friendly tools, even in hybrid environments

See How Capsule8 Works to Optimize Performance for Sec and DevOps