Capsule8 Launches Open Source Sensor for Real-time Attack Detection Capable of Detecting Meltdown

Brooklyn, NY, Jan. 05, 2018 --  Capsule8, the pioneer behind the industry’s only real-time attack disruption platform for cloud-native environments, launched the beta version of the Capsule8 Open Source Attack Detection Sensor. The Open Source Capsule8 Sensor, which is used as part of the Capsule8 Protect platform, facilitates real-time detection of Linux-based attacks. Also today, the company provided open source proof of concept code for the first fast, efficient detection of the Intel Meltdown vulnerability, with minimal false positives. 

“The security world is simultaneously in awe of the attack and panicking about remediation. Remediation works but it’s painful in terms of time and resources required. The necessary upgrades lead to huge cost and stability risk,” said Dino Dai Zovi, co-founder and CTO of Capsule8. “At Capsule8, we’ve created the first practical strategies for detecting them, which we’ve implemented for Linux-based systems and we are now making available to the public.”

The Capsule8 Open Source Sensor is built to support efficient gathering of system level telemetry, much like the commonly used auditd, but built for performance under load. Capsule8’s Protect platform, currently in beta, uses the sensor to do real-time attack disruption, enabling people to detect zero-day attacks and respond to them in real time. 

Anyone using the Capsule8 Open Source Attack Detection Sensor can build their own attack strategies. As an example, the company has provided a strategy for detection for the recent Meltdown vulnerability under an Apache license. This detection is:

• Easy to deploy: There is no needs to recompile software or update a kernel.
• Stable: The detection runs in userland, without the need of a kernel module.
• Efficient: The sensors run with minimal CPU overhead.
• Portable: The sensor works for any out-of-the-box version of Linux, dating back to the Linux 2.6 Kernel.
• Effective: There is an extremely low chance of a false negative in the majority if environments.
• Real-time: Making it possible to automate a response.

“Without any specific detection of Spectre or Meltdown, Capsule8 would still see successful attacks any time such a problem was leveraged to take over a machine, and would allow customers to respond in real time. But now, organizations can specifically detect attempts to exploit these problems, giving them the ability to monitor for the problem and respond in real time, up until they’re able to remediate appropriately,” said John Viega, co-founder and CEO of Capsule8. “We are thrilled to be able to offer this detection capability to any company out there looking to spare themselves from the huge task of remediating Meltdown once it takes hold. Also, early next week we will open source a more generic strategy for detecting both Spectre and Meltdown.”

To learn more about the Meltdown vulnerability, detection strategies, and how to detect Meltdown using the Capsule8 Open Source Sensor, visit: https://capsule8.com/blog/detecting-meltdown-using-capsule8/

To download the Capsule8 Open Source Sensor, visit: https://github.com/capsule8/capsule8

About Capsule8
Founded in fall 2016 and headquartered in Brooklyn, NY, Capsule8 is developing the industry’s first and only real-time attack disruption platform purpose-built for the cloud-native world of Linux, containers and microservices. Founded by experienced hackers and seasoned security entrepreneurs, and funded by Bessemer Venture Partners and ClearSky, Capsule8 is making it possible for Linux-powered enterprises to modernize without compromise. Learn more at www.Capsule8.com.

Lisa Mokaba
Communications Director
Capsule8
[email protected]