Free Trial

Blog

Hybrid Cloud Strategy Advantages

A Hybrid Cloud Strategy is Important for Security 

Cybersecurity is evolving and strengthening every day, but Lloyd’s, in partnership with AIR Worldwide, released a cautionary report entitled Cloud Down – The impacts on the US economy. This report outlines the possible, and probable, repercussions of the failure of one of the leading cloud providers. In focus: the financial impact of such an event.

Why should we care? If these insights are heard and headed, insurance managers could better grow their cyber business in a judicious manner. Along the same train of thought, it is important to remember that these analyses are made with the notion that a unique CSP would be affected at a time. As such, distributing workloads across multiple CSP’s, taking the time to analyze which advantages of each cloud would best help you attain your goals, would be a possible real-world application of this report.

To provide us with a baseline, the report specifies that “the results published in the report are based on the top 15 cloud providers in the US, which account for a 70% market share.”

0
0
0
s2sdefault
DevOps automation

Earlier today, Bashyam Amant, our Sr Director of PLM, and Vaidehi Rao, our Director of Engineering, hosted a webinar entitled ‘Full-Stack Container Security,’ borrowing for the container space a (sometimes confusing) term familiar to many of you.  One of the best definitions, and a good jumping-off point, is at codeup:

‘A full-stack developer is simply someone who is familiar with all layers in computer software development. These developers aren’t experts at everything; they simply have a functional knowledge and ability to take a concept and turn it into a finished product. Such gurus make building software much easier as they understand how everything works from top to bottom and can anticipate problems accordingly. In our opinion, this is the most realistic definition of a full-stack developer.’  For those looking for even more history on the topic, the turtles end at FB.

Extending this paradigm to containers and Docker, in our view, and in order to have a complete awareness as to how your container deployments impact your overall security posture, you must have tools that look at each ‘layer’ of the ‘stack’ while at the same time offering a unified vs a disjointed view. 

0
0
0
s2sdefault
DevOps security automation

Devops Security Automation plays a key role in DevSecOps

Check out the executive viewpoint, “It’s Time to Stir Security into the DevOps Mix”, posted on the Security Current Web site earlier this month.  The article highlights the fact that creating secure software and systems has never been more challenging as the number of devices that hook into company data, coupled with increased mobility and a shift to cloud services and storage, has dramatically increased the potential attack surface of most organizations.  These organization changes required the adoption of a new security approach–chiefly breaking down barriers, boosting collaboration, and increasing automation works—often referred to as DevSecOps.  In the article we emphasize three key ingredients necessary to pursue DevSecOps.

0
0
0
s2sdefault

Too start off the year, at least two publications have reported on surveys that detail the criticality of the cybersecurity skills gap.  For those old enough, it harkens back to the Cold War missile gap of the 1950s.  But unlike the missile gap, which was mostly fictional, this gap is very real, and much more relevant to the typical enterprise.

CSO drew on a Nov, 2017 ESG study that looked at gaps and potential solutions. The most alarming observation is that, despite increased spending and visibility, the percentage of respondents that reported a shortage of skills rose from 23% in 2014 to 51% in 2018. This doubling implies that the majority of organizations are threatened. As solutions, two areas that stand out include:

  • Moving toward technologies with advanced analytics.Think of artificial intelligence and machine learning as a helper application that can accelerate security processes and make the staff more productive.
  • Automating and orchestrating processes.Cybersecurity grew up with a reliance on manual processes, but these processes can no longer scale to meet growing demands. As a result, security automation/orchestration has become a top priority for many organizations.

 

0
0
0
s2sdefault

In my previous blog, I looked it just how easy it is for the typical hacker to obtain a variety of exploit tools, or to obtain compromised data. The hacker lifecycle roughly maps to the diagram below, where he or she first obtains or develops the various tools, or leverages ‘dark web’ services, then leverages these to compromise physical assets with a goal of obtaining useful data.  Here, I’ll look at how Cavirin helps you counter these threats by focusing on the middle phase – how to protect your assets, either on-premise or in the cloud. 

 

 

Hacking as a Service (HaaS)

For those familiar with the Cyber Kill Chain concept (and I realize that there are different views on applicability, but it is useful to frame the discussion), the lifecycle may look familiar.  There are seven stages, with stages 3-5 of interest.  

  1. Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
  2. Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
  3. Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
  4. Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
  5. Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
  6. Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
  7. Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

    0
    0
    0
    s2sdefault

At Cavirin, 2017 was no less than re-thinking securing the hybrid enterprise and pioneering massive scalable solutions. This blog is a summary of all our announcements and key features related to Content and Policy frameworks that we brought to our customers and the community last year.

Read on!

Cavirin also released CIS Android Security Benchmark and launched CIS communities for Kubernetes and Azure benchmark development.

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.