Linux Security Served Up from the Big Apple

Once in a great while, you encounter a cyber security solution that manages to embed practical learnings from past solution deployments with exciting new advanced techniques for the detection and prevention of cyber attacks. This something-old, something-new scenario is awesome when it’s done right, because it correctly matches the present state of cyber security. That is, we have some promising solutions, but our overall cyber defenses are simply not working.

I recently had the great opportunity, along with my son Matt, an undergraduate senior computer science major at Lehigh University, to sit down over coffee in TriBeCa with a couple of old friends who are creating some new cyber security technology that looks truly promising. John Viega and Dino Dai Zovi, both with connections to NYU, have started a cyber security company called Capsule8. And in their crosshairs is the idea that they can help you protect your Linux servers.

Here is the something-old part of their approach: Consistent with many years of enterprise deployment of host-based intrusion prevention systems, the Capsule8 software embeds so-called telemeters (OK, agents) into your Linux system to detect suspicious file system activity, errant system calls, indicators in packet data, unexpected processes, and so on. This is traditional wheelhouse work for John and Dino, both experienced security hackers and world class programmers. Their detection algorithms look like they will work well on Linux servers.

But there’s also the something-new part to their approach: Embedded in the deployment is an underlying backplane that supports cooperation within a clustered community of systems to be protected in the data center. Each entity in the cluster is a Linux system, and the Capsule8 telemeters are designed to secure workloads that are running inside containers such as Docker. Cool additional technical features such as land mines (OK, tar pits) round out the offering, which is notable if only because it focuses on supporting Linux containers, as opposed to the usual Windows server obsession in our industry.

In fact, a surprising issue I’ve noticed as a cyber security analyst covering our industry is the relative lack of world-class commercial product offerings focused on securing Linux servers. This seems so weird given Linux’s clear victory in the cloud services operating system competition. Maybe it’s the open source tendency of Linux administrators to roll their own security administrative solutions, but world-class, professionally-supported Linux security products have not been as available as one might have expected. Hence, John and Dino’s work should be welcomed by the community.

Capsule8 is still a small company with an initial set of financial services industry customers evaluating the solution and its API model for connecting to other security infrastructure components in the enterprise. But with veterans doing the design and development, this new company is likely to succeed – not to mention that it is one of the few to smartly select New York City as its real headquarters. I believe that a critical mass of excellent cyber security talent in the Big Apple remains untapped and this will give Capsule8 an advantage over its competitors.

My advice is to keep an eye on this little company, because based on my analysis, I believe the correct ingredients are all here: You have two founders who are the real deal. You have an important market that is under-supported. And you have a solution that combines something-old with something-new into a cloud infrastructure that will benefit from IT and cloud security tailwinds for the coming decade.