Capsule8 launches open source sensor capable of detecting meltdown
Capsule8 has created the first practical strategies for detecting meltdowns of
Linux based systems and is now making these available to the public.
It has unveiled the beta version of the Capsule8 open source attack detection sensor. The new sensor is used as part of the Capsule8 Protect platform, and will facilitate real-time detection of Linux based attacks. Next, the company has announced providing open source proof-of-concept code for the fast and efficient detection of the Intel Meltdown vulnerability, with minimal false positives.
“Remediation works but it’s painful in terms of the time and resources required. The necessary upgrades lead to huge cost and stability risks,” said Dino Dai Zovi, co-founder and CTO of Capsule8.
The Capsule8 open source sensor is built to support an efficient gathering of system level telemetry, much like the commonly used auditd, but is built for performance under load. Currently, Capsule8’s Protect platform is in beta mode. It uses the sensor to do real-time attack disruption, enabling people to detect zero-day attacks and respond to them in real-time.
Anyone using the Capsule8 open source attack detection sensor can build their own attack strategies. As an example, the company has provided a strategy for detection of the recent Meltdown vulnerability under an Apache licence.
The sensor works for any out-of-the-box version of Linux, dating back to the Linux 2.6 kernel.
“Now, organisations can specifically detect attempts to exploit these problems, giving them the ability to monitor for the problem and respond in real-time, up until they’re able to remediate appropriately,” said John Viega, co-founder and CEO of Capsule8.