Cloud Native Protection

Built for the unique threat models of cloud native environments

Visibility into containers without ever relying on kernel modules

Protect any Linux systems at any scale and speed via a decentralized host agent model

Extensive coverage, regardless of size or environment

Built for Cloud Native Environments

Our detection is designed to detect erosion of the isolation boundary of containers, as well as any compromise within the container itself, such as a cryptominer or a developer attempting to debug a container in production via SSH. Capsule8 collects and exposes container metadata so you can pinpoint exactly which workload is involved in an event out of potentially hundreds running on a host.

Capsule8’s team includes some of the most active researchers in container escapology, who develop new container escape exploits for Linux kernel vulnerabilities to continually test our product’s protection against zero-day exploits. We also protect against misuse of cloud metadata to impersonate infrastructure, abuse of orchestrators, and other security issues that could jeopardize your cloud-native systems.

Detect unwanted activity on a per-container basis

Our agent relies on stable Linux features, namely kprobes and perf, that work on any relatively modern kernel. This approach also means Capsule8’s agent can collect activity from inside containers, leaving no coverage gaps in microservices environments, in contrast to traditional tools which rely on kernel modules. Unlike existing Linux auditing solutions, which use a monolithic, global configuration, Capsule8 operates at the cgroup level. This allows you to bind different detections and policies to different control groups.

Secure on any system at any scale

Capsule8 works on any system at any scale – in public or private cloud, containers or VMs, on-prem bare metal, and across different kernel versions and Linux distributions. Capsule8’s decentralized host agent model enables unrestricted scale, because analytics are efficiently performed at the edge (on the host itself). This means you don’t have to send tons of system telemetry for cloud-based analysis across your network, unlike traditional detection solutions that are built for user endpoints, not enterprise infrastructure.

Broad System Coverage

Many organizations are already using Capsule8 across their unique infrastructure deployments and environments. We can protect your mix of enterprise Linux systems, including: