Capsule 8: Container Security Product Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.


See our complete list of top container and Kubernetes security vendors

Company Description

Founded in fall 2016 and headquartered in Brooklyn, NY, Capsule8 was started by experienced hackers and security entrepreneurs John Viega, Dino Dai Zovi, Brandon Edwards and Pete Markowsky, and funded by Bessemer Venture Partners and ClearSky.


Capsule8 is targeting Fortune 1000 enterprises as well as high-growth tech companies looking to proactively protect their legacy and next-generation Linux infrastructure. Key verticals include financial services, technology, and media.


Capsule8 provides a real-time, zero-day attack detection platform capable of scaling to massive production deployments. Capsule8 delivers continuous security across customers’ entire production environment — containerized, virtualized and bare metal — to detect and shut down attacks as they happen.

Key Features

The Capsule8 platform has features that help enable production workloads. When an organization’s system or network is under heavy load, Capsule8 ensures that overall performance isn’t impacted, all without deploying any kernel modules or high-risk components. It deploys alongside an organization’s infrastructure, not as a SaaS solution, leaving full control of data on the customer’s premises.

Capsule8 detects signs of exploitation in progress, as well as evidence of post-exploitation activity. The company’s distributed telemetry makes it easy to perform forensic investigations on historical data, without significant impact to network performance or storage. With Automated Disruption, Capsule8 can go beyond detection and enable companies to automatically disrupt an attack once detected. For instance, customers can strategically (and automatically) kill attacker connections, restart workloads, or alert an investigator immediately upon initial detection.

Product Performance Metrics

In most cases, Capsule8 has no impact on performance. Under moderate load (40 percent), there was no significant overhead. Running Apache Bench with a load average of 6 (CPU maxed out and trying to use far more), Capsule8’s performance impact maxes out at 10 percent without any optimization turned on.


Capsule8 deploys easily in a Kubernetes orchestrated environment through cloud providers such as AWS, GCP or Azure, as well as bare metal environments deployed with an organization’s operations tools of choice such as Ansible, Puppet, Chef or SaltStack.

Capsule8 is designed with an API-first approach via a gRPC pub/sub interface (and an optional HTTP/JSON bridge), ensuring that any functions which can be accessed via the GUI and Command line are also available via the API. This enables operations functions to plug Capsule8 into their existing detection and response workflows.


Capsule8’s pricing structure is an annual license based on number of servers/nodes.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Sean Michael Kerner Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis