Capsule8 Protect

Next-Gen Infrastructure Requires Next-Gen Security

We don't just alert you to attacks.
We stop them in real time.


Capsule8 Protect provides the transparency required for real-time protection, monitoring and troubleshooting. Traditional appliance-based approaches which rely on IP or host names for monitoring simply don’t work in the dynamic world of containers. Capsule8 delivers real-time visibility cluster wide across system, network and intra-container data to provide the visibility needed for true protection.

Real-Time Threat Detection

Unlike conventional approaches that rely on batch analytics and alert you to an attack hours – or even days – after it occurred, Capsule8 alerts you to an attack instantly. By combining distributed, expert-driven analytics with artificial intelligence, Capsule8 Protects detects attacks in real time and triggers exponentially fewer alerts and false positives than traditional methods.

Automated Attack Resilience

Capsule8 Protect shuts down both known and zero-day attacks as they occur. When Capsule8 detects stateless workloads, our "shoot first, ask questions later" approach automatically freezes any infected component and replaces it without impacting performance. When a stateful workload is detected, Capsule8 can immediately alert a responder and/or isolate the component to prevent a possible attack without impacting production.

Intelligent Investigation

Artificial intelligence combined with expert-driven analytics provides insight into complex, multi-system applications, leading to swift investigation and recovery. And once an attack is shut down, all events are stored in a distributed "flight recorder" that allows you to perform detailed forensic investigations, or review historical data for signs of an attack.

Easy Integration

For DevOps teams, Capsule8 offers a simple, one-line install into your platform with no impact on performance. For security teams, Capsule8 delivers straightforward integration with your favorite forensic or ops tools such as Slack, Hadoop, Splunk and others.

Want to Learn More?

How it Works

We bring continuous security to your entire production environment, allowing you to detect and shut down attacks in the instant they happen.

  1. With just a couple lines of configuration, you can deploy all aspects of Capsule8 Protect throughout a complicated hybrid deployment.

  2. Capsule8 Protect automatically deploys sensors throughout your production infrastructure that collects data without risking performance or stability.

  3. Key event data is streamed in real time to a distributed, real-time analysis engine, which focuses on detecting evidence of attacks in progress, allowing you to catch zero-days and credential theft, not just known vulnerabilities.

  4. Capsule8 Protect’s analysis leverages multiple dimensions of data, including network, system and application-level data, to provide vastly more accurate alerting than possible with traditional methods.

  5. Capsule8 can respond immediately when attacks are detected -- for instance, by shutting them down without impacting production, or immediately alerting a responder.

  6. Capsule8 Protects also stores events in a distributed "flight recorder" that you allows you to perform detailed forensic investigations, or go back through data after-the fact to look for indicators of compromise (IOCs).

  7. Simple integration with all your favorite tools, including SIEMs, orchestration tools, Slack and even big data stores makes central management easy.

  8. The API is fully extensible, making it easy to build your own analyses, integrations or even security tools on top of the Capsule8 Protect platform.