How Capsule8 Supports Stability & Reliability
Reliability and high performance powers the modern enterprise, particularly when it comes to Linux production systems. While Capsule8 offers the attack responsiveness needed to protect your hosts, we designed it to never disrupt the production systems on which you depend.
Built-in performance protection
Capsule8 lets you set hard limits on resource consumption of CPU, memory, disk usage, and event rate. Our intelligent load-shedding strategy functions like a circuit breaker, measuring events per second and determining whether it needs to shed data collection. This allows Capsule8 to maintain the performance of a host under heavy load – ensuring the critical operations required to fuel your business can fire away unimpeded.
Minimal network load to avoid bottlenecks
Because Capsule8 uses distributed analytics, the risk to creating a network bottleneck while performing detection is minimal. Our distributed approach to analytics pushes computation as close to the data as possible, ensuring minimal impact to even the busiest of networks. Combined with our built-in performance protection, you can be confident in protecting your Linux production hosts without clogging network resources.
Architected without kernel modules, minimizing risk
Capsule8 does not rely on a kernel module, avoiding the stability risk created by them. Since Capsule8 is not implemented in-line, any stability issues in our code will not affect anything on the system being protected. While we collect kernel-level data using kprobes, we run in userland outside of the kernel – an approach that minimizes stability risk in production.
Minimal manual effort for deployment and maintenance
Capsule8 is designed with typical DevOps workflows in mind. Deployed as a single, static Go binary, Capsule8 can be installed and updated using most major Linux orchestration tools, including Kubernetes, or by using popular configuration management tools such as Puppet, Ansible, and Chef. Because of our API-first approach, you can export alerts to third-party tools – eliminating the need to add yet another pane of glass to your workflow.