Sophisticated cybersecurity is more important than ever and recent headlines about major hacks only emphasize this. That’s why Capsule8 is the leading industry platform that detects attacks in real time and disrupting attacks before they take place. This platform seamlessly integrates into an organization’s Linux infrastructure and delivers continuous security across an organization’s entire platform. Since it is not offered as a SaaS solution, clients maintain full control of the data, eliminating risks of potential dissemination, deletion, or corruption of data by third parties.
AlleyWatch chatted with CEO John Viega about its recent funding and widespread market demand. This startup was founded in 2016 and it has already raised $23.5M over three rounds.
Who were your investors and how much did you raise?
Recently we announced that we secured a $15M Series B round of funding. The round, led by ClearSky Security, also features participation from Bessemer Venture Partners and strategic investors.
Tell us about the product or service that Capsule8 offers.
Capsule8 is the industry’s only real-time, zero-day attack detection platform capable of scaling to massive production deployments. It delivers continuous security across your entire production environment — containerized, virtualized and bare metal. Capsule8 detects and can instantly disrupt attacks in a production environment before the attack takes hold.
A VC friend told me that being able to detect attacks well in production environments was the industry’s most important unsolved problem (the late Harry Weller from NEA).
Attack detection for production environments is typically done by trying to do post-processing of a massive firehose of data coming from network appliances, such as intrusion detection appliances. For years, this approach has left enterprises drowning in far more alerts than they can sift through, and most of them are uninteresting. It’s a huge problem finding the signal through the noise.
I had already tried (and seen lots of other companies try) to apply big data and machine learning to the problem. In that model, you take all the data you can, dump it into a “data lake” and try to do smart analytics on it. That approach isn’t even remotely a game changer. First, you end up with too much data to sift through efficiently, so typically when you do see an attack, it’s days after it’s taken hold. But more importantly, the analysis quality only goes up a modest amount, primarily because the analysis is fed low fidelity data.
Better algorithms can’t make up for bad data. Thinking that it can is like believing that the TV trope where they “enhance” an incredibly grainy photo into a high-resolution image is real.
One of my cofounders had been thinking about the problem and already had an architecture in mind. We then went out and talked to +40 large enterprises and learned that they typically knew the data they were using was poor, but they were too worried about the stability and performance of their production workloads to do anything better.
We saw that if we could solve that problem, we could do much more accurate detection of security problems, with far fewer false positives and missed attacks. And, we could do it all in real time.
It was too good an opportunity to ignore!
Has there been a transition that you have seen from cybersecurity being an after-thought to the forefront of when planning and conceptualizing applications?
In large enterprises, the DevOps movement has shifted operational responsibility towards engineering organizations. This has led to the rise of DevSecOps, where security for the development lifecycle is owned by developers.
This trend has definitely led to more sophisticated security during the development lifecycle, but the focus has shifted more towards keeping up with known bugs in open source software. Organizations have not seen the same improvement in dealing with the problems left in production once software ships.
How is Capsule8 different?
The best detection in the industry has typically been on desktop machines, and seldom in real time.
Unlike those systems, we handle production infrastructure well. Production requires a different approach to data collection in a server environment because a server running a very heavy workload can’t have stability or performance problems, period. Security is a “nice to have” in comparison. Not to mention that desktop world is mostly Windows, whereas production these days is majority Linux.
Capsule8 detects break-ins (including zero-day attacks!) for Linux boxes without risking stability and performance. It does it at machine speeds, not human speeds, allowing our customers to automatically disrupt attacks. For instance, a customer could automatically kill an attacker’s connection, restart a workload, and notify an investigator.
Additionally, Capsule8 deploys alongside an organization’s infrastructure, not as a SaaS solution, leaving full control of data to the customer and eliminating the risks of potential dissemination, deletion, or corruption of data by third parties.
What market does Capsule8 target and how big is it?
Capsule8 is targeting Fortune 1000 enterprises as well as large Silicon Valley companies looking to proactively protect their legacy and next-generation Linux infrastructure, including financial services, technology, and media companies. Almost all of these companies have significant production deployments, mostly running Linux, or moving toward Linux as part of an effort to move to the cloud and containerize.
What’s your business model?
We currently sell direct to our target customers and charge on a per-host basis.
What was the funding process like?
After our launch in April, the market response to Capsule8 was overwhelming, both from customers and investors. We were not in a position where we needed to raise capital, but we had a number of VCs that wanted to help us into our next phase of growth, so it felt like the right time to move forward with our Series B.
What are the biggest challenges that you faced while raising capital?
We’ve been lucky—we have had supportive investors and no problems at any point.
What factors about your business led your investors to write the check?
Our investors see excellent traction for a company that has just launched, a massive market opportunity, and a solid team.
What are the milestones you plan to achieve in the next six months?
We are focused on both customer acquisition and building a robust, reference network—
my primary goal for the next six months is to make sure everyone we onboard loves the product.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
For companies that haven’t raised capital, I think the most important thing is to ensure your team is as good as you can possibly make it. That’s the number one criteria in an early-stage company. But it sure helps to be able to show brand-name customers that are using the product.
Where do you see the company going now over the near term?
Given that we just launched version 1.0 of our product in April, we are squarely focused on generating customer traction and demonstrating to the market that there is new, better way to protect their production infrastructure.
What’s your favorite restaurant in the city?
Our company was founded over a pizza dinner, so I’ll say Juliana’s, which is a frequent lunch spot for us. But in reality, there are too many good options, and it depends on my mood!