Tutorial News Comments FAQ Related Articles

Capsule8 Launches Linux-Based Container Security Platform

server-room-data-center-backup-mining-hosting-concept-advanced-data-center-with-cloud-computing

Cybersecurity startup Capsule8 this week announced that it has raised US$2.5 million to launch the industry' s first container-aware, real-time threat protection platform designed to protect legacy and next-generation Linux infrastructures from existing and potential attacks.

CEO John Viega, CTO Dino Dai Zovi and Chief Scientist Brandon Edwards, all veteran hackers, cofounded the firm. They raised seed funding from Bessemer Venture Partners, as well as individual investors Shandul Shah of Index Ventures and ClearSky' s Jay Leek.

" The cloud has catapulted Linux to the most popular platform on the planet, and now the use of container technology is exploding," said Bob Goodman, a partner at Bessemer. " Yet there has been no world-class commercial security offering focused on securing the Linux infrastructure -- until now."

Capsule8 is solving the difficult problem of providing zero-day threat protection for Linux, whether it be legacy, container or some combination of the two, he added.

Windows protection tends to focus on " find the bad executable," which makes sense in that environment because bad executables are ubiquitous in an attack, noted Capsule8' s Viega.

The other typical approach in Linux is a network appliance, Viega said. However, there is not much context on the network, particularly as end-to-end encryption starts to become ubiquitous in the enterprise, so this approach doesn' t find much and leads to many spurious alerts.

" The result is that most Linux compromises either go undetected or are a surprise -- companies find their data on a forum at a later date and they find they had no clue they were attacked," he explained.

Among the most noteworthy incidents, the company cited the massive breach at Yahoo, which went undetected for years until the stolen data showed up on the Web.

While Linux-based systems present many of the same security problems as Windows-based systems, the biggest difference in attacks can be found around malware, according to Mark Nunnikhoven, vice president of cloud research at Trend Micro.

On the defensive front, there' s a stark contrast in the amount of effort required to support the rapidly changing software on Linux platforms, Nunnikhoven pointed out.

" Given the nature of Linux and GNU, release cycles are a bit more erratic, and there' s a lot more variation that requires a mature and robust response by security providers," he said.

Tags:

Author:

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

How is this supposed to be used?

The Capsule8 sensor is intended to be run on a Linux host persistently and ideally before the host begins running application workloads. It is designed to support API clients subscribing and unsubcribing from telemetry dynamically to implement various security incident detection strategies

What types of events can be subscribed to currently?

Container lifecycle, process lifecycle, raw system calls, file opens, network activity, and kernel function calls.

Kernel function calls?

You can subscribe to calls to a chosen exported function symbol and receive telemetry events with named values of the data requested. This data can include function call arguments, return values, register values, and even values dereferences via offsets from any of them. For a more detailed description of what's possible, see the Linux kernel kprobe docs.

What guarantees does the Sensor provide?

The Capsule8 sensor provides telemetry events on a best-effort basis. System-level events are intentionally monitored through perf_event_open(2) such that an excessive volume of events causes them to be dropped by the kernel rather than blocking the kernel as the audit subsystem may do. This means that telemetry events, and even some of the information within them, is "lossy" by design. We believe that this is the right trade-off for monitoring production environments where stability and performance are critical.

what is capule8 in linux?

Capsule8 today emerged from stealth mode to unveil its plans for the industry's first container-aware, real-time threat protection platform designed to protect legacy and next-generation Linux infrastructures from both known and unknown attacks. Founded by experienced hackers John Viega, Dino Dai Zovi and Brandon Edwards, Capsule8 is being built on the real-world experience of its founders to protect against exploitation of previously unknown vulnerabilities.

Rank

User

Points

Top Contributers

naveelansari

135850

Top Contributers

ayanbhatti

92510

Top Contributers

hamzaahmed

32150

Top Contributers

linuxhelp

31040

Top Contributers

muhammadali

24500

Can you help Jayce ?

What are the types of table used in IPtables

What are the various types of table used in IPtables and how to use that for my server security?