Capsule8 Launches Linux-Based Container Security Platform

Cybersecurity startup Capsule8 this week introduced that it has raised US$2.5 million to launch the trade’s first container-aware, real-time risk safety platform designed to guard legacy and next-generation Linux infrastructures from present and potential assaults.

CEO John Viega, CTO Dino Dai Zovi and Chief Scientist Brandon Edwards, all veteran hackers, cofounded the agency. They raised seed funding from Bessemer Enterprise Companions, in addition to particular person traders Shandul Shah of Index Ventures and ClearSky’s Jay Leek.

“The cloud has catapulted Linux to the most well-liked platform on the planet, and now using container know-how is exploding,” stated Bob Goodman, a companion at Bessemer. “But there was no world-class business safety providing centered on securing the Linux infrastructure — till now.”

Capsule8 is fixing the troublesome drawback of offering zero-day risk safety for Linux, whether or not it’s legacy, container or some mixture of the 2, he added.

Linux Focus

Home windows safety tends to give attention to “discover the dangerous executable,” which is sensible in that setting as a result of dangerous executables are ubiquitous in an assault, famous Capsule8’s Viega.

Nonetheless, that method doesn’t work effectively in a Linux setting, so Capsule8 focuses on detecting and defending towards system compromise, he instructed LinuxInsider.

The opposite typical method in Linux is a community equipment, Viega stated. Nonetheless, there’s not a lot context on the community, significantly as end-to-end encryption begins to turn out to be ubiquitous within the enterprise, so this method doesn’t discover a lot and results in many spurious alerts.

“The result’s that almost all Linux compromises both go undetected or are a shock — firms discover their knowledge on a discussion board at a later date they usually discover they’d no clue they have been attacked,” he defined.

Among the many most noteworthy incidents, the corporate cited the huge breach at Yahoo, which went undetected for years till the stolen knowledge confirmed up on the Internet.

Whereas Linux-based techniques current lots of the similar safety issues as Home windows-based techniques, the most important distinction in assaults might be discovered round malware, in response to Mark Nunnikhoven, vice chairman of cloud analysis at Development Micro.

“Whereas we do frequently see malware focusing on Linux techniques, it’s a extra widespread incidence that the malware implanted on Linux techniques is there to be distributed to Home windows purchasers connecting to that Linux system,” he instructed LinuxInsider.

On the defensive entrance, there’s a stark distinction within the quantity of effort required to assist the quickly altering software program on Linux platforms, Nunnikhoven identified.

“Given the character of Linux and GNU, launch cycles are a bit extra erratic, and there’s much more variation that requires a mature and sturdy response by safety suppliers,” he stated.

Buyer Base

Capsule8 already has signed up prospects for its prerelease product, together with SourceClear and Particularly.

Capsule8 is the primary product that dietary supplements SourceClear’s predeployment detection with runtime risk safety for Linux techniques, CEO Mark Curphey stated.

There are three core ideas that ought to information choice making when adopting new know-how, steered Daniel Leslie, director of cybersecurity and know-how at Particularly. They’re scalability, maintainability and safety.

Defending infrastructure at scale with out sacrificing stability or efficiency is important, he stated.

Analytics vs. EDR

Capsule8 probably will take an agent-based method primarily centered on visibility, speculated Adrian Sanabria, senior analyst for info safety at 451 Analysis.

“They’re speaking about gathering tons of particulars about what’s happening with the working system, processes, functions, community connections, file exercise, and so on.,” he instructed LinuxInsider.

“I believe EDR (endpoint detection and response) is definitely the very best and closest comparability I can discover — it’s extra like that, based mostly on the small print I can discover up to now,” Sanabria maintained.

There’s an enormous distinction between safety analytics merchandise and EDR, in that “EDR merchandise are typically workstation-based, and none of them are container-aware that I do know of,” he identified.

“On the container facet, there’s a whole lot of competitors already,” Sanabria continued, “however not one of the container safety startups are doing Linux safety. The one exception could be Development Micro. The newest launch of Deep Safety contains container-aware assist, and the product actively defends towards assaults, whereas it feels like Capsule8 will initially simply be a monitoring product.”

Business container safety might be Capsule8’s greatest guess for development, he steered.

“451 does a whole lot of enterprise surveying regularly,” Sanabria famous, “and I’ve received to say, ‘Linux Safety’ is one factor I’ve by no means seen on the checklist of ‘ache factors’ — even on the backside of the checklist.”