There are two main methods of detection in the security marketplace—Indicators of Attack (IoA) and Indicators of Compromise (IoC). The two methods approach detection in vastly different ways.
In this Quick Read, we’ll cut through the crosstalk to compare and contrast IoAs and IoCs. Plus, we’ll share examples of Capsule8 Protect’s different approach to attack protection.
The rapid adoption of Linux-based microservices in enterprises has driven the shift to solutions that detect IoAs. For those in SecOps, a modern IoA detection approach must be:
Capsule8 Protect is the only attack protection solution that:
Download our Technical Primer: Demonstration of Detection Capabilities in Capsule8 Protect to learn how we support modern Linux environments without slowing down production.
A system that keeps you safe but doesn’t let you get your work done will produce one of two results: Your company’s productivity will slow to a crawl or your employees will start using workarounds that will leave you even more vulnerable than before.
So it’s critical that the approach you take, whether it’s IoA- or IoC-based, not disrupt production. But even though one part of your company might think things are going well with the chosen protection method, another might encounter disruptions. For example, SecOps might think things are humming along nicely, but that doesn’t necessarily mean Ops will feel the same, especially when you’re dealing with agents and kernel modules.
Capsule8 enables IoC and IoA methods but we believe IoA is the superior method for today’s advanced attacks.
So we engineered Capsule8 Protect using the kprobe + perf approach to Linux monitoring. kprobes are subsystems that grant visibility into the kernel via syscalls between specific processes. When used in conjunction with perf, a stabler alternative to kernel modules, you can extract kernel data without performance compromise.
The kprobe + perf approach designed by Capsule8 Protect is a safer way to perform Linux monitoring because it:
Learn more about this better way to do Linux monitoring in our recent blog post.
Customer needs are at the core of Capsule8 Protect