Product: Capsule 8 Protect
Vendor: Capsule 8
Price: Sliding scale based on number of concurrent servers.
What it does: Provides endpoint protection and response for Linux based production systems. Offering targets enterprises operating production facilities that cannot slow down or stop.
What we liked: Smooth workflow for managing many separate data points. It facilitates rapid processing of large volumes of data without negatively impacting production.
The Bottom Line: While it is not the most glamourous protection software on the market, it caters to a niche clientele that have a dire need to protect Linux-based production systems.
A quick look at vendors in the endpoint security space reveals that most struggle with effective telemetry and detection capabilities on Linux-based systems.
Enter Capsule8 with its Protect product that offers out-of-the-box analytics for endpoint detection response and delivers real-time attack protection for Linux production systems. A relatively new company to the marketspace with a first year of sales wrapping up at the conclusion of 2019, Capsule 8 spent nearly three years developing the Protect solution platform. During this time, the company focused on creating a high-performance attack protection system for Linux-based production environments by combining response, detection and investigation capabilities with seamless operation on Linux platforms.
As a result, Capsule8 Protect has checked all necessary boxes for a variety of production-focused industries. The development process started by interviewing more than 50 large enterprises on what really matters for endpoint detection and response in production environments. In doing so Capsule8 also found venture capital backing from a select group of organizations that ultimately supplyied more than $30 million in funding. This funding created an influx of cash that helped launch Capsule8 Protect, which is designed to replace Intrusion Prevention, File Integrity Monitoring and Antivirus endpoint offerings with a single platform.
A key aspect of the Capsule8 Protect platform is what the company calls “communicators of attack,” which are the leading signs that malicious activity may be occurring. This unique attack detection approach generates little to no noise in the systems being monitored and it was an important design consideration since large-scale production facilities cannot afford to halt operations every time an alert is generated.
Capsule8 achieved this low-noise result by processing analytics in real time on the endpoint agent. Data is pulled from the OS and fed directly into the agent-based analytics engine. Questionable behaviors generate alerts that are sent to a centralized Capsule8 console or the preferred SIEM technology. A significant market focus for Capsule 8 has been in the technology vertical, as sector members tend to be early adopters and rapidly grasp the value of protecting Linux endpoints.
Data collected is managed in Parquet data format, an open source file format for Hadoop. When compared to a more traditional approach where data is stored in rows, Parquet provides significant storage and performance efficiencies.
The intuitive dashboard is responsive and easy to use because the data is stored in containers, allowing users to quickly scan, search for and locate specific alerts. Each alert is ranked by level (high, medium, low), class, node and container affected. Alerts are also tagged with a description that specifies what triggered it and what steps could be taken to prevent it in the future.
Capsule8 has literally “hit the market running” with the release of Capsule8 Protect, supporting a variety of large enterprises with a virtual management tool that monitors and protects data without slowing down production; for organizations that are heavily vested in Linux operating systems it’s worth looking at this technology.
AT A GLANCE