Capsule8 Enhances Linux Protection for Production Infrastructure

Capsule8 expands capabilities for the Protect Solution to enhance monitoring, detection for cryptomining, and protection for production systems

New York, Nov. 02, 2020 (GLOBE NEWSWIRE) -- Capsule8, the pioneer behind production-ready infrastructure security for Linux systems, today announced enhancements to its flagship product, Capsule8 Protect. The Capsule8 Protect solutions suite – Protect, Protect + and Complete - incorporates enhanced detections as well as both SaaS and on-prem delivery options, making Linux production protection more accessible to the market without needing deep in-house expertise into Linux, cloud or container threat models.

The Capsule8 Protect solutions suite is designed to avoid costly downtime, overloaded hosts, or stability snafus caused by traditional security tools. Organizations looking to protect their Linux infrastructure, be it a few hundred hosts or tens of thousands, are now able to choose SaaS or on-prem hosting of the management console, as well as select from a number of tiers to best meet their needs - recent enhancements include:

  • New, more powerful detections: Capsule8 continues to provide the most powerful real-time detections on the market to enable companies to confidently defend their organizations’ IT operations. Many new enhancements have been made to detect attacks quickly to reduce incident impact as well as bolster Capsule8’s coverage of the MITRE ATT&CK Framework.

A notable enhancement are the updates to existing cryptomining detection capability. Cryptomining is becoming an increasingly imperative threat consideration for businesses and a priority for infrastructure deployment. Capsule8 provides a low-noise, high-accuracy method of detecting cryptomining that helps remove unwanted users who eat up CPU and drive up costs on any public cloud instance.  

Capsule8 also enhanced its remote, interactive shell detection. Direct system shell interaction with containers running in production is unwanted activity, whether it’s an indicator of attack or risky developer behavior, and spawning shells is a common final step. The latest remote interactive shell detection distinguishes between shells that are wrapped in encryption and author, and when a random process spawns a shell that's wired up directly to a network socket. Capsule8 not only detects that a shell session was spawned, but also what commands were executed.

  • Frictionless from the start: Capsule8 removed operational burden for clients – from installation, to deployment, to management. This new, enhanced user experience is focused on making the solution easy to scale and manage from an operational perspective, as well as presenting security information in an intuitive manner, all through an interactive console. All relevant information is in the same view, allowing teams to make quick decisions on high priority incidents with the necessary supporting investigatory data.
  • Flexible deployment models - Capsule8’s flexibility also extends to two deployment models. Teams wanting to leverage their existing operations workflows can export the findings into their existing automation, orchestration, log management, and incident response tooling. Teams who prefer a dedicated graphical interface can leverage Capsule8’s console via a SaaS deployment or on-prem model, with SaaS providing decreased operational overhead.

“There are a number of teams struggling to protect a growing number of Linux environments, especially with more and more workloads moving to the cloud, and you can’t just port Windows protection over and make it happen,” said Capsule8 Co-founder and CEO, John Viega. “Attackers are targeting Linux systems with tactics built specifically for them, and Capsule8 is built specifically for the security teams looking to defend against them. These latest updates to Capsule8 Protect ensure that we can help our customers in a way that is effective for Linux and makes sense for their teams without introducing any friction or risk.”

“Our latest product release is the culmination of a significant amount of market-led research and investment driven by our customers, prospects and industry insight. We have focused on building detection capabilities that identify the most advanced and prevalent threats in Linux environments whilst also making our solution as straightforward to consume as possible for security and operations teams. I am proud of our teams’ achievements and this significant milestone for our business,” said Capsule8 Chief Product Officer, Rob Harrison. “This release is another big step forward in our mission to secure production Linux environments for businesses of all sizes, in all industries, globally.”
About Capsule8
Production systems start with Linux – and so do we. Capsule8 is the pioneer behind production-ready infrastructure security for Linux systems. Designed to avoid costly downtime, overloaded hosts, or stability snafus caused by traditional security tools, organizations depend on Capsule8 to efficiently protect their cloud workloads with monitoring,detection, and protection in any environment. Founded in 2016 by experienced hackers and security entrepreneurs, and funded by Bessemer Venture Partners, ClearSky and Intel Capital, making it possible for organizations to modernize without compromise. Learn more at


Contact Data