Capsule8 ‘Investigations’ To Provide More Proactive Prevention for Linux-Based Environments
Brooklyn, N.Y.-based Capsule8 today announced new “full endpoint detection and response (EDR)-like investigations functionality for cloud workloads” for Capsule8 Protect, its platform that protects Linux-based production environments.
Called “Investigations,” the new capability is “designed to remove the manual effort required to maintain a dedicated database just for security data,” which enables enterprises ” to quickly determine what transpired in an incident (who, what, when, where),” according to the announcement. The company says that cloud-native technologies, including AWS Athena and Google BigQuery, are leveraged by organizations to “create an on-demand database and make that data accessible for security practitioners seeking additional context about alerts and system activities.”
Event data captured by Capsule8 Protect Sensors, enabled by Investigations, is shipped as Apache Parquet to Amazon S3 Buckets or Google Cloud Storage. AWS Athena or Google BigQuery allows “security practitioners” to access the data and use it to conduct investigations on activity data, such as network connections and process activity. According to Capsule8, companies can use the information to “adopt a more proactive approach to prevention while increasing incident response productivity.”
“Nobody wants to take on the cost or burden of maintaining a database until they absolutely need one,” said John Viega, co-founder and CEO of Capsule8, in a prepared statement. “Even if the need is there, sometimes the resources are not. We wanted to bring the benefits of data warehousing to security in a way that is simple, inexpensive, and scalable.”
For more information about Capsule8 and Capsule8 Protect, go here.
>> Source Link