Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Capsule8 Launches Zero-Day Threat Detection Platform for Linux

    By
    Sean Michael Kerner
    -
    April 11, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Capsule 8 1.0 Dashboard

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Security startup Capsule8 officially launched the 1.0 release of its zero-day threat detection platform on April 11, after more than a year of active development.

      Capsule8 1.0 is intended to help secure both container as well as non-container based Linux workloads from unknown zero-day threats. Among the risks that Capsule8 aims to help mitigate are side-channel memory attacks, like the recently disclosed Meltdown and Spectre vulnerabilities.

      “The Capsule8 1.0 product is really focused on real-time security detection for production systems,”John Viega, Capsule8 co-founder and CEO, told eWEEK. “So that includes any production Linux servers, as well as containerized cloud native environments, providing zero-day protection and detection in real time at scale, that enables our customers to disrupt attacks.”

      Viega and his co-founder Dino dai Zovi first revealed the company in February 2017 and detailed Capsule8’s early ambitions in an April 2017 eWEEK video. At the time, Dai Zovi explained that Capsule8 is container-aware, real-time threat protection for Linux-based production environments. The company has raised a total of $8.5 million in venture funding, including a $6 million Series A round announced in September 2017.

      Detection Landmines

      Viega explained that Capsule8’s zero-day detection involves having a very high signal to low noise ratio for evidence of exploitation in a production environment. Rather than simply scanning for known vulnerabilities (CVEs), he noted that Capsule8 looks for signals that some form of exploitation is in progress.

      “We are looking generically if an attacker has got a zero day vulnerability, what are the things that they are going to have to do go around ASLR (Address Space Layout Randomization) and other system level protections,” Viega said.

      Capsule8 has a concept called “kernel landmines” which are triggers that Viega said his company’s platform can place in a running Linux kernel. The kernel landmine is placed in an area that is associated with a process that shouldn’t normally be touched by regular authorized processes and application usage.

      Viega noted that the Capsule8 kernel landmines are not a deception technique. Deception technologies place “false flags” for hackers to follow in an attempt to trick them into taking a certain path where they can be contained.

      “A landmine is not really a deception technique. We’re not really changing the Linux kernel. We’re just being really strategic about monitoring places in the kernel that are possible windows into exploit behavior,” Viega said.

      Spectre and Meltdown

      Among the classes of zero-day attacks that Capsule8 aims to help mitigate are side-channel memory attacks like the Spectre and Meltdown issue that were first disclosed in January. Capsule8 was among the first vendor to provide a freely available open-source detection tool for Spectre and Meltdown. In the Capsule8 1.0 release, Viega said that his company is providing enhanced side-channel attack detection capabilities that also benefits from some machine learning capabilities in the platform.

      Viega said that what he heard from many large enterprises that he visited was that in their production environments they had no visibility for the meltdown and spectre threats. Additionally, given that patches for those flaws are not easily implemented by all organizations, the need for visibility into potential attacks is important.

      Looking forward, Viega said that Capsule8 will continue to develop its’ namesake platform, providing integrations with other enterprise IT tools to make it easier for security professional to investigate incidents.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×