Container Security Platform

Windows protection tends to focus on “find the bad executable,” which makes sense in that environment because bad executables are ubiquitous in an attack, noted Capsule8’s Viega.

However, that approach doesn’t work well in a Linux environment, so Capsule8 focuses on detecting and protecting against system compromise, he told LinuxInsider.

The other typical approach in Linux is a network appliance, Viega said. However, there is not much context on the network, particularly as end-to-end encryption starts to become ubiquitous in the enterprise, so this approach doesn’t find much and leads to many spurious alerts.

“The result is that most Linux compromises either go undetected or are a surprise — companies find their data on a forum at a later date and they find they had no clue they were attacked,” he explained.

Among the most noteworthy incidents, the company cited the massive breach at Yahoo, which went undetected for years until the stolen data showed up on the Web.

While Linux-based systems present many of the same security problems as Windows-based systems, the biggest difference in attacks can be found around malware, according to Mark Nunnikhoven, vice president of cloud research at Trend Micro.

“While we do regularly see malware targeting Linux systems, it’s a more common occurrence that the malware implanted on Linux systems is there to be distributed to Windows clients connecting to that Linux system,” he told LinuxInsider.

On the defensive front, there’s a stark contrast in the amount of effort required to support the rapidly changing software on Linux platforms, Nunnikhoven pointed out.

“Given the nature of Linux and GNU, release cycles are a bit more erratic, and there’s a lot more variation that requires a mature and robust response by security providers,” he said.

 

Customer Base

Capsule8 already has signed up customers for its prerelease product, including SourceClear and Namely.

Capsule8 is the first product that supplements SourceClear’s predeployment detection with runtime threat protection for Linux systems, CEO Mark Curphey said.

There are three core principles that should guide decision making when adopting new technology, suggested Daniel Leslie, director of cybersecurity and technology at Namely. They are scalability, maintainability and security.

Protecting infrastructure at scale without sacrificing stability or performance is essential, he said.