Capsule8 Expands Threat Detection Platform for PCI DSS

EXCLUSIVE: Capsule8 now integrates capabilities that meet multiple requirements of the PCI DSS data security standard, including file integrity monitoring, intrusion prevention and antivirus.

Capsule 8 1.0 Dashboard

Capsule8 is announcing on Feb. 27 that it is now certified to help organizations meet multiple requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2.1.

The compliance comes alongside a series of improvements Capsule8 has made to its zero-day threat protection platform in recent months that provide antivirus (AV), intrusion detection and prevention (IDS/IPS) and file integrity monitoring (FIM) capabilities. PCI DSS is a compliance standard for organizations that handle payment card data.

"One of the enhancements that we did was to make sure that we could meet the letter of the law in terms of what it means to be an antivirus solution," John Viega, co-founder and CEO of Capsule8, told eWEEK. "In addition to active protection, the standard says there also needs to be periodic scanning of files for signatures, so even though we like to be very much focused on indicators of attack instead of indicators of compromise, we still needed to add an IOC [indicator of compromise] scanning capability."

Capsule8 has been building its security platform since early 2017, when Viega and his co-founder Dino dai Zovi detailed the direction for the startup in an eWEEK video. The company reached the 1.0 milestone in April 2018 and has been steadily improving the technology ever since. 

The company has also recently achieved another milestone of a different sort. Capsule8 is one of 10 finalists for the annual RSA Conference Innovation Sandbox contest. That event runs on March 4 at the RSA Conference in San Francisco.

Zero-Day Threat Protection

At the core of the Capsule8 platform is a technology approach that looks to protect workloads running on Linux servers from zero-day and unknown threats. While the ability to protect against threats is useful, PCI DSS is more proscriptive in its requirements than simply being about blocking threats.

"We really focused on runtime protection out of the box, and a lot of that work is called exploitation detection," Viega said.

He added that in some respects the exploit detection could be thought of as a next-generation IPS/IDS technology. Additionally, the platform has policy-based detections, which can include file-, network- and activity-based policies.

File Integrity Monitoring

Viega said Capsule8 can now help organizations check several of the boxes on a list of requirements for PCI DSS. Among those boxes is also FIM, a capability that enables organizations to detect whether files have been inappropriately modified.

"File integrity monitoring traditionally is about what files can or can't be touched, and maybe what user can touch them," Viega said. "We have visibility that even the [Linux] kernel doesn't give you to say, ‘Hey, here's what process is trying to touch files,’ so you can make file access policies based on which processes are doing the work."

Organizations Still Need a SIEM

While Capsule8 can now help organizations check off multiple boxes on the requirements list for PCI DSS, there are still other things that an organization needs to be compliant. Among the items that PCI DSS requires is a SIEM (Security Information and Event Management) platform. Viega said that while Capsule8 has visibility into system events and actions, it isn't trying to replace a SIEM as the right place and technology to manage all alerts and handle the overall security workflow.

Looking beyond PCI DSS compliance requirements, Viega said Capsule8 has a robust roadmap of development and new features planned for the months ahead. He said that Capsule8 has been doing work on data exfiltration research and that will turn into a mature platform capability in the future. Additionally, Capsule8 has been working on behavior analytics features.

"We have a tremendous amount coming down the pike, and we will continually be adding new models and helping customers solve more security problems with the same platform," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.