Capsule 8: Container Security Product Overview and Analysis


See our complete list of top container and Kubernetes security vendors

Company Description

Founded in fall 2016 and headquartered in Brooklyn, NY, Capsule8 was started by experienced hackers and security entrepreneurs John Viega, Dino Dai Zovi, Brandon Edwards and Pete Markowsky, and funded by Bessemer Venture Partners and ClearSky.


Capsule8 is targeting Fortune 1000 enterprises as well as high-growth tech companies looking to proactively protect their legacy and next-generation Linux infrastructure. Key verticals include financial services, technology, and media.


Capsule8 provides a real-time, zero-day attack detection platform capable of scaling to massive production deployments. Capsule8 delivers continuous security across customers’ entire production environment — containerized, virtualized and bare metal — to detect and shut down attacks as they happen.

Key Features

The Capsule8 platform has features that help enable production workloads. When an organization’s system or network is under heavy load, Capsule8 ensures that overall performance isn’t impacted, all without deploying any kernel modules or high-risk components. It deploys alongside an organization’s infrastructure, not as a SaaS solution, leaving full control of data on the customer’s premises.

Capsule8 detects signs of exploitation in progress, as well as evidence of post-exploitation activity. The company’s distributed telemetry makes it easy to perform forensic investigations on historical data, without significant impact to network performance or storage. With Automated Disruption, Capsule8 can go beyond detection and enable companies to automatically disrupt an attack once detected. For instance, customers can strategically (and automatically) kill attacker connections, restart workloads, or alert an investigator immediately upon initial detection.

Product Performance Metrics

In most cases, Capsule8 has no impact on performance. Under moderate load (40 percent), there was no significant overhead. Running Apache Bench with a load average of 6 (CPU maxed out and trying to use far more), Capsule8’s performance impact maxes out at 10 percent without any optimization turned on.


Capsule8 deploys easily in a Kubernetes orchestrated environment through cloud providers such as AWS, GCP or Azure, as well as bare metal environments deployed with an organization’s operations tools of choice such as Ansible, Puppet, Chef or SaltStack.

Capsule8 is designed with an API-first approach via a gRPC pub/sub interface (and an optional HTTP/JSON bridge), ensuring that any functions which can be accessed via the GUI and Command line are also available via the API. This enables operations functions to plug Capsule8 into their existing detection and response workflows.


Capsule8’s pricing structure is an annual license based on number of servers/nodes.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles