Capsule8 Expands Linux-Based Threat Detection Platform for PCI DSS | eWeek

Capsule8 Expands Threat Detection Platform for PCI DSS

Capsule 8 1.0 Dashboard
Feb 27, 2019
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Capsule8 is announcing on Feb. 27 that it is now certified to help organizations meet multiple requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2.1.

The compliance comes alongside a series of improvements Capsule8 has made to its zero-day threat protection platform in recent months that provide antivirus (AV), intrusion detection and prevention (IDS/IPS) and file integrity monitoring (FIM) capabilities. PCI DSS is a compliance standard for organizations that handle payment card data.

“One of the enhancements that we did was to make sure that we could meet the letter of the law in terms of what it means to be an antivirus solution,” John Viega, co-founder and CEO of Capsule8, told eWEEK. “In addition to active protection, the standard says there also needs to be periodic scanning of files for signatures, so even though we like to be very much focused on indicators of attack instead of indicators of compromise, we still needed to add an IOC [indicator of compromise] scanning capability.”


Capsule8 has been building its security platform since early 2017, when Viega and his co-founder Dino dai Zovi detailed the direction for the startup in an eWEEK video. The company reached the 1.0 milestone in April 2018 and has been steadily improving the technology ever since. 

The company has also recently achieved another milestone of a different sort. Capsule8 is one of 10 finalists for the annual RSA Conference Innovation Sandbox contest. That event runs on March 4 at the RSA Conference in San Francisco.

Zero-Day Threat Protection

At the core of the Capsule8 platform is a technology approach that looks to protect workloads running on Linux servers from zero-day and unknown threats. While the ability to protect against threats is useful, PCI DSS is more proscriptive in its requirements than simply being about blocking threats.

“We really focused on runtime protection out of the box, and a lot of that work is called exploitation detection,” Viega said.

He added that in some respects the exploit detection could be thought of as a next-generation IPS/IDS technology. Additionally, the platform has policy-based detections, which can include file-, network- and activity-based policies.

File Integrity Monitoring

Viega said Capsule8 can now help organizations check several of the boxes on a list of requirements for PCI DSS. Among those boxes is also FIM, a capability that enables organizations to detect whether files have been inappropriately modified.

“File integrity monitoring traditionally is about what files can or can’t be touched, and maybe what user can touch them,” Viega said. “We have visibility that even the [Linux] kernel doesn’t give you to say, ‘Hey, here’s what process is trying to touch files,’ so you can make file access policies based on which processes are doing the work.”

Organizations Still Need a SIEM

While Capsule8 can now help organizations check off multiple boxes on the requirements list for PCI DSS, there are still other things that an organization needs to be compliant. Among the items that PCI DSS requires is a SIEM (Security Information and Event Management) platform. Viega said that while Capsule8 has visibility into system events and actions, it isn’t trying to replace a SIEM as the right place and technology to manage all alerts and handle the overall security workflow.

Looking beyond PCI DSS compliance requirements, Viega said Capsule8 has a robust roadmap of development and new features planned for the months ahead. He said that Capsule8 has been doing work on data exfiltration research and that will turn into a mature platform capability in the future. Additionally, Capsule8 has been working on behavior analytics features.

“We have a tremendous amount coming down the pike, and we will continually be adding new models and helping customers solve more security problems with the same platform,” he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.