Blog

A lot has been written about the Equifax breach and the impact it has on Americans. But, perhaps there are few articles that focus on what we can do about keeping the systems patched (the actual cause of the breach was a missing patch). Here are three things that relate to the Equifax breach but precisely tell you things that you might want to consider for your systems to avoid becoming the next Equifax.

1. Detect – The majority of hacks these days, as Gartner predicted, are not zero-day. They come from known vulnerabilities. So, it is important that you have a detection system in place which can continuously keep you alerted if there are any security misconfigurations or unpatched systems. The Cavirin platform provides a very strong detection mechanism which can detect not only security misconfigurations and missing patches on individual operating systems for both machines on-premise but also in the cloud.    

   Details

   Category: Trending in Security

   • CIS Benchmarks
   • equifax
   • breach
   • apache struts

   Read more ...

   0

   0

   0

   s2sdefault
   powered by social2s

As we get ready to head east next week to Boston and the HIMMS Cybersecurity Forum, download our new infographic covering the less than excellent state of HIPAA in America.   From multiple analysts and interviews, the key takeaway is that the healthcare rates a ‘C’ in security.   The industry must improve today’s state of affairs where the sector has had more incidents of breaches than any other sector critical to the economy, the personal health data (ePHI) of almost half of US residents have been compromised, and the resulting non-covered impact to these victims is $30B or more.  Looking back, the implementation of electronic health records was to help streamline care, but in fact interconnectivity and poor practices have helped the hackers are well.   The theft of ePHI also opens the door to persistent identity theft, since a social security number can’t be replaced as easy as a credit card.  On a larger scale, the total cost of a breach isn’t limited to the impact on the patient alone.  Once revealed, the organization is subject to fines, increased oversight, and damage to its brand.

Details

Written by David Ginsburg

Category: Regulatory Compliance

• CIS Benchmarks
• hipaa
• ephi
• healthcare

Read more ...

Cavirin is excited to announce the availability of CIS Android 8.0 Security Benchmark! Download your copy from CIS Website today.

Android 8.0 (a.k.a. Android Oreo) was released on eclipse day last week by Google. It brings several enhancements to improve user experience and bolster platform security.

Some of the changes that affected the security benchmark were:

• Redesigned Settings Menu – This required us to update the audit and remediation steps for all the 39 recommendations in the benchmark. The settings area and various menus have been reorganized to make things as simple and straightforward as possible.

• Instant apps - Instant apps allow you to use apps without installing them on your device. On clicking app links, the browser downloads and run app modules as desired by the user. The new recommendation – “1.28 Ensure 'Instant apps' is set to Disabled” reads that “Having exposure to an app like this is dangerous since any malicious link could then potentially trick the user and then browser could download the app code and run on your device without requiring installation. Also, this feature defies enterprise security that relies on blacklisting or whitelisting apps based on installation. Hence, it is recommended to turn off instant apps.” 

Details

Category: Continuous Security Assessment & Remediation

• CIS Benchmarks
• Android Benchmark

Read more ...

Cavirin is pleased to announce the inclusion of the latest framework from NIST – the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 draft. The latest revision is a major update to the original 2014 document, and includes a common security vocabulary to help with cyber supply chain management.  For example, a small business selecting a cloud service provider or a federal agency contracting with a system integrator.

The overall framework is divided into five Framework Core Functions:

• Identify (ID) - Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

• Protect (PR) -  Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

• Detect (DE) -   Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

• Respond (RS) - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

• Recover (RC) - Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Details

Category: Continuous Security Assessment & Remediation

• Cloud Security
• Devops
• Cybersecurity
• NIST

Read more ...

Ten Selection Criteria, from the Cavern eBook, 'Securing Your Hybrid Cloud'

1: Flexibility

The ease of implementation and the ability to span multiple workload environments (i.e., IaaS, PaaS, on-premise, VMs, containers, and in the future, FaaS), delivering a single view, is integral for mid-size and enterprise organizations. Ideally, if initially deployed on-premise, the same tools and applications will extend into the cloud. This implies that the platform architecture has been conceived from the start for hybrid environments. Flexibility also includes ease of installation from a cloud service provider’s marketplace.

2: Extensibility

DevOps-friendly open APIs open the platform to external data sources and sinks such as IAM/PAM, SIEM/UEBA, logging, threat intelligence, or a helpdesk. This out-of-the box cloud and API interoperability is essential to accommodate business-critical applications. APIs also enable integration into an organization’s CI/CD process and their DevOps tools. This of course relates to lifecycle container support that encompasses images, the container runtimes, and orchestration.

3: Responsiveness

As today’s security threats quickly multiply, minimizing the time required for implementation and time to baseline, as well as quickly identifying any changes in posture, has become vital. This implies a microservices-based architecture for elastic scaling, and an agentless architecture that adapts well to containers and function-based workloads as well as eliminating ‘agent’ bloat that impacts CPU, memory, and I/O.

4: Agility

Permitting the organization to initially sample what part of the network (fraction of workloads) is critical to them within a given time period, and then scale from there. The cloud provides this agility, and the security tool architecture must be designed to follow suit.

5: Deep Discovery

It’s essential to automatically identify existing and new workloads as well as changes to existing ones across multiple cloud service providers, and then the ability to properly group these by function. This discovery should be a simple process, leveraging existing AuthN and AuthZ policies to avoid having to create a special IAM policy every time.

6: Broad Policy Library

The platform must support a wide range of benchmarks / frameworks / guidelines and the creation of custom polices based on workload type. These policies should automatically apply to existing and new workloads. Broad coverage also relates to OSs, virtualization, and cloud service providers. Capabilities may include OS hardening, vulnerability and patch management, configuration management, whitelisting, and system monitoring.

7: Real Time Risk Scoring Across Infrastructure

Assets, once discovered and with policies applied, must be scored. This may be individually, across different slices of the infrastructure (i.e., location, subnet, department), by workload type across environments (i.e., cloud and on-premise), or by application (i.e., PCI, web). Scoring must be prioritized, available historically, integrated with 3rd party tools for automation or into an existing UI, and most importantly, correlated. For example, an organization operates a web server farm with 10 on-premise Red Hat Enterprise Linux servers and begins to transition to the cloud. Mid-way through the migration, five web servers are on Azure, and five on-premise. If tracking PCI compliance, the tool must generate a normalized view across both environments.

8: Container (Docker) Support

Docker technology has attracted the attention of many enterprise adopters -- if you are implementing containers either on-premise or as part of a cloud deployment, you need to ensure that their workloads are secure. And, if you bring in images from a registry, you need to ensure that these are not corrupted. Many of the same capabilities described in (6) apply here as well, such as hardening, scanning, and whitelisting. One way to look at container support is across a lifecycle that includes image scanning, run-time hardening, and security at the orchestration layer.

9: Cloud-agile Pricing

Reflecting the cloud compute and storage pricing model, it’s important to adopt a pricing model that has the exibility to meet changing requirements. This may involve a SaaS offering, or connecting the back-end of the platform to the cloud service provider’s billing engine, with an ability to charge to the minute. Alternatively, pricing may be abstracted but still agile, closer to the concept of committed and burst workloads, and analogous to a cellphone provider’s rollover-minutes model. In either case, this is a departure from existing static pricing.

10: Intelligence

Predictive analytics permits the platform to ‘predict’ the outcome of change, a ‘what-if’ analysis for con gurations and OSs, is crucial in today’s quickly changing environment. It is capable of bringing in data from 3rd parties via APIs to create a more correlated view of this change. Some customers describe this as a ‘virtual whiteboard.’

For more content from the eBook go to, https://www.cavirin.com/ebook-securing-your-hybrid-cloud

Details

Written by David Ginsburg

Category: Continuous Security Assessment & Remediation

• Docker
• Cloud Security
• AWS
• Microsoft Azure
• Containers
• GCP
• Devops

 Did you know? 

• Through 2020, 90% of cloud breaches will be due to customer misconfiguration, mismanaged credentials, or insider theft, and not cloud provider vulnerabilities
• 89% of breached organizations had a firewall in place at the time of compromise
• 70% of all healthcare data breaches were due to device theft or loss
• In one case, a US health insurer experienced a data breach of millions of patient (PHI) records, with a direct cost of only 4% but a total exposure of $1.68B

Is there a way out?

We’re pleased to announce the availability of our eBook, ‘A Modern Approach to Securing Hybrid Workloads.’  It looks at how to build an architecture that is both continuous and agile for cloud infrastructure security, reducing the potential threat of a breach by providing a single, hybrid view, across private and public clouds.  We look at the following challenges facing CISOs, their IT staff, and DevSecOps, and outline solutions.

• What are the challenges facing today’s CISO with regard to information overload and accountability?
• Why continuous security is so critical in the cloud and for containers
• The shared responsibility model and where enterprises trip up
• Fundamentals of a cloud-native security architecture including micro-services and APIs
• Operations including an AWS CloudFormation example
• Container security and Functions as a Service
• Ten Selection Criteria –
  • Flexibility
  • Extensibility
  • Responsiveness
  • Agility
  • Deep Discovery
  • Broad Policy Library
  • Real-Time Risk Scoring Across Infrastructure
  • Container (Docker) Support
  • Cloud-agile Pricing
  • Intelligence
• Benchmark Development
• Glossary and references for cloud security

Learn more - Pick up your copy today

Details

Written by David Ginsburg

Category: Continuous Security Assessment & Remediation

• Docker
• Cloud Security
• AWS
• Microsoft Azure
• Containers
• GCP
• Devops