未加星标

Capsule8 Launches Linux-Based Container Security Platform

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二04 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

Cybersecurity startup Capsule8 this week announced that it has raised US$2.5 million to launch the industry's first container-aware, real-time threat protection platform designed to protect legacy and next-generation linux infrastructures from existing and potential attacks.

CEO John Viega, CTO Dino Dai Zovi and Chief Scientist Brandon Edwards, all veteran hackers, cofounded the firm. They raised seed funding from Bessemer Venture Partners, as well as individual investors Shandul Shah of Index Ventures and ClearSky's Jay Leek.

"The cloud has catapulted Linux to the most popular platform on the planet, and now the use of container technology is exploding," said Bob Goodman, a partner at Bessemer. "Yet there has been no world-class commercial security offering focused on securing the Linux infrastructure -- until now."

Capsule8 is solving the difficult problem of providing zero-day threat protection for Linux, whether it be legacy, container or some combination of the two, he added.

Linux Focus

windows protection tends to focus on "find the bad executable," which makes sense in that environment because bad executables are ubiquitous in an attack, noted Capsule8's Viega.

However, that approach doesn't work well in a Linux environment, so Capsule8 focuses on detecting and protecting against system compromise, he told LinuxInsider.

The other typical approach in Linux is a network appliance, Viega said. However, there is not much context on the network, particularly as end-to-end encryption starts to become ubiquitous in the enterprise, so this approach doesn't find much and leads to many spurious alerts.

"The result is that most Linux compromises either go undetected or are a surprise -- companies find their data on a forum at a later date and they find they had no clue they were attacked," he explained.

Among the most noteworthy incidents, the company cited the massive breach at Yahoo, which went undetected for years until the stolen data showed up on the Web.

While Linux-based systems present many of the same security problems as Windows-based systems, the biggest difference in attacks can be found around malware, according to Mark Nunnikhoven, vice president of cloud research at Trend Micro .

"While we do regularly see malware targeting Linux systems, it's a more common occurrence that the malware implanted on Linux systems is there to be distributed to Windows clients connecting to that Linux system," he told LinuxInsider.

On the defensive front, there's a stark contrast in the amount of effort required to support the rapidly changing software on Linux platforms, Nunnikhoven pointed out.

"Given the nature of Linux and GNU, release cycles are a bit more erratic, and there's a lot more variation that requires a mature and robust response by security providers," he said.

Customer Base

Capsule8 already has signed up customers for its prerelease product, including SourceClear and Namely.

Capsule8 is the first product that supplements SourceClear's predeployment detection with runtime threat protection for Linux systems, CEO Mark Curphey said.

There are three core principles that should guide decision making when adopting new technology, suggested Daniel Leslie, director of cybersecurity and technology at Namely. They are scalability, maintainability and security.

Protecting infrastructure at scale without sacrificing stability or performance is essential, he said.

Analytics vs. EDR

Capsule8 likely will take an agent-based approach primarily focused on visibility, speculated Adrian Sanabria, senior analyst for information security at 451 Research .

"They're talking about gathering tons of details about what's going on with the operating system, processes, applications, network connections, file activity, etc.," he told LinuxInsider.

"I think EDR (endpoint detection and response) is actually the best and closest comparison I can find -- it is more like that, based on the details I can find so far," Sanabria maintained.

There's a big difference between security analytics products and EDR, in that "EDR products tend to be workstation-based, and none of them are container-aware that I know of," he pointed out.

"On the container side, there's a lot of competition already," Sanabria continued, "but none of the container security startups are doing Linux security. The one exception would be Trend Micro. The latest release of Deep Security includes container-aware support, and the product actively defends against attacks, whereas it sounds like Capsule8 will initially just be a monitoring product."

Commercial container security is probably Capsule8's best bet for growth, he suggested.

"451 does a lot of enterprise surveying on a regular basis," Sanabria noted, "and I've got to say, 'Linux Security' is one thing I've never seen on the list of 'pain points' -- even at the bottom of the list."

David Jonesis a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times .

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: LinuxWindows
分页:12
转载请注明
本文标题:Capsule8 Launches Linux-Based Container Security Platform
本站链接:http://www.codesec.net/view/532594.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(73)