Product

High-Performance Attack Protection for Linux Production Environments

Capsule8 Protect

Capsule8 is the only company providing high-performance attack protection for Linux production environments — whether containerized, virtualized, or bare metal.

Capsule8 liberates SecOps from managing a high volume of manual tasks, while being safe for even the busiest workloads, on the busiest networks.

VIDEO: HOW IT WORKS

For security teams, key features of Capsule8 include:

Real-Time Attack Protection for Linux Production

Capsule8 Protect uses distributed, streaming analytics combined with high- delity data that detects and responds to attacks the instant they’re attempted. This real-time approach allows our customers to respond to attacks before they have costly consequences.

Detection Force Multiplier

Capsule8’s approach includes a Detection Force Multiplier which delivers high-fidelity data and is continuously updated by a team of security experts to uncover the latest zero-day attacks. This approach includes highly technical methods for detecting indicators of common exploitation techniques, while still providing flexible policy-based detection (such as file integrity monitoring).

Low Volume, High Value Data

Capsule8 Protect provides relevant, contextual information that makes it easy to perform investigations that determine why alerts re, and what an attacker does after an attack lands.

Automated Response

Customers can strategically (and automatically) kill attacker connections, restart workloads, or immediately alert an investigator upon initial detection. Capsule8 Protect helps customers respond to attacks in real-time, before they take effect. This eliminates the costly and time- consuming cleanup process that follows an attack or breach.

Easy Integration with Existing Systems

Capsule8 Protect is infrastructure- and cloud-agnostic. We provide seamless, easy-to-deploy detection across the entire infrastructure, with support for containers, VMs, bare metal, and hybrid deployments (i.e. Kubernetes, VMware, and Docker). Our API is fully extensible for easy integration into existing systems and can easily interoperate with backend workflows, giving you full access to your data, wherever you want it.


Capsule8’s product architecture also addresses any concerns from your operations teams including:

No Risk to System Stability

Capsule8 runs in userland (outside the operating system’s kernel) and collects kernel-level data without the need of a kernel module. This approach ensures no risk to stability in production (both servers and networks).

Minimal Performance Impact

To ensure minimal performance impact to hosts and networks, Capsule8 employs a resource limiter that enforces hard limits to system CPU, disk and memory, with an intelligent load-shedding strategy.

Simple Deployment and Maintenance

The Capsule8 agent is a single static Go binary that is portable and easy to install and to update through a wide variety of orchestration mechanisms, including Puppet, Ansible, Kubernetes, etc. Our system works on-premise, in the cloud, or in a hybrid environment.

Minimal Network Load

Our distributed approach to analytics pushes computation as close to the data as possible, ensuring minimal impact to even the busiest of networks.

How Capsule8 Protects Linux Production Environments

Explore how Capsule8 stops attacks—even zero days—in real time

1001010010001011001010010001011

101100010001011101100010001011

001100010100100010110011000101001000101100110001010010001011

10000110000100010111000011000010001011

100110010010001011100110010010001011100110010010001011

1001010010001011001010010001011

101100010001011101100010001011

001100010100100010110011000101001000101100110001010010001011

10000110000100010111000011000010001011

100110010010001011100110010010001011100110010010001011

1001010010001011001010010001011

101100010001011101100010001011

001100010100100010110011000101001000101100110001010010001011

10000110000100010111000011000010001011

100110010010001011100110010010001011100110010010001011

Capsule8 agents, running outside the kernel, scan for threats without negatively impacting workload stability or performance

1001010010001011001010010001011

101100010001011101100010001011

001100010100100010110011000101001000101100110001010010001011

10000110000100010111000011000010001011

100110010010001011100110010010001011100110010010001011

Capsule8 agents capture just-enough security-critical data, performing analysis locally, shipping to the distributed analysis engine for detection of cross-fleet attacks

Capsule8 can automatically kill attacker connections, restart workloads, or immediately alert an investigator.

This means your business can instantly contain or even prevent damage.

SIEMs

ORCHESTRATION TOOLS

SLACK

DATA STORES

Simple integration with SIEMs, orchestration tools, Slack, and big data stores, makes central management easy.

Azure

Data Center

AWS

Want to Learn More?