New Investigations functionality defends cloud workloads
Capsule8 today announced the release of Investigations, new functionality similar to endpoint detection and response (EDR) that’s built into the vendor’s Protect platform for cloud workloads in Linux environments.
The Lowdown: Investigations aims to reduce manual security database management, allowing security teams to access attack and incident data in a cloud-based, on demand repository as part of their process of digital forensics and incident response, or DFIR.
The Details: Approaching the security of cloud workloads as more of a data warehousing problem, Capsule8’s Investigations amasses event data ranging from network connections to process activity in Amazon S3 buckets or Google Cloud Storage. Investigations then leverages scalable, Big Data-capable query services like AWS Athena or Google’s BigQuery to facilitate detection and response activities at scale.
The Buzz: “Nobody wants to take on the cost or burden of maintaining a database until they absolutely need one,” said John Viega, co-founder and CEO of Capsule8. “Even if the need is there, sometimes the resources are not. We wanted to bring the benefits of data warehousing to security in a way that’s simple, inexpensive, and scalable. With Capsule8, customers in the cloud now have a way to take advantage of all of these big warehouses that security companies previously haven’t touched and get real insights into what has happened within their production environments to help prevent future incidents or alerts.”