Get My Score

Blog

With the release of Cavirin 1.2, we’re upping the game in providing a comprehensive hybrid infrastructure security solution that spans on-premise, multiple clouds, and Docker. Note that this solution goes beyond cloud-account level security provided by CISPA (Cloud Infrastructure Security Posture Assessment) vendors or most CWPPs (Cloud Workload Protection Platforms).  Our belief is that true control of the cloud can only be accomplished by both cloud account as well as individual virtual or Docker instance level visibility, and the two must tie together. Key new capabilities include multi-cloud support, continuous monitoring, ‘Cavirin Secure’ DevSecOps scripting, true enterprise scalability, and additional 3rd party integrations. The platform’s scalability, usability, and DevOps capabilities were also recognized in a recently published SC Magazine product review with both a 5-star rating and recommendation.

True Multi-Cloud Support

As enterprises migrate critical workloads to the cloud, they increasingly leverage or are planning to leverage multiple CSPs.  For example, they may initially deploy on AWS, but place live or standby workloads on Azure for resiliency, geography, cost, or application compatibility reasons.  Cavirin now supports workloads across the three major clouds – AWS, Azure, and GCP – and has built a powerful abstraction layer that will permit our customers to deploy across other CSPs in the future.  The new hybrid enterprise requires a solution that spans all four deployment domains – on-premise, the cloud platform, cloud instances, and containers. We uniquely deliver a solution meeting this requirement.

0
0
0
s2sdefault

The need to have strong security practices in place to protect sensitive government data from outside threats has never been greater.  By December 31, 2017, the Department of Defense will require NIST SP 800-171 compliance for all its contracts that handle controlled unclassified information (CUI) outside of government agencies. 

According to the U.S. Nation Archives and Record Administration “CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended”.  In other words, it’s unclassified sensitive information that the US federal government believes should be protected to assure minimal risk of cyberattacks on America.  This includes citizen’s financial, legal, higher education, immigration, tax and healthcare records plus organizations patent, proprietary business, and SAFETY Act Information.   You can find the complete list of categories and sub-categories (with descriptions) on the National Archives Web site.  

0
0
0
s2sdefault

There is a great deal of interest in the NIST CSF and how to apply it within an organization.  Cavirin recently hosted a webinar detailing the rationale behind the framework, the suggested implementation process, and most importantly, the actual mapping to specific policies and controls.  Here, we detail this third point.

The CSF outlines five major functions – Identify, Protect, Detect, Respond, and Recover.  Using Identify as an example, the workflow is as follows:

So, mapping of the CSF to an organization’s environment is first accomplished by selecting the proper reference and control, and then selecting the Target of Evaluation, aka the operating system to which the control applies.  In the example above, ‘Ensuring separate partition exists for /tmp’ is one of literally dozens of controls that apply to RHEL7 and within ID-RA-1.  The audit and remediation for this is detailed within the CIS Red Hat Enterprise Linux 7 Benchmark, and specifically section 1.1.2.

We detail how this workflow matches the Cavirin Platform implementation, in our new infographic, as well as in a whitepaper available via NIST.   Visit https://www.cavirin.com/solutions/continuous-compliance/nist-cybersecurity.html to learn more!     

 

0
0
0
s2sdefault

Cavirin provides vulnerability assessments for your operating systems (in the cloud, on-premise or hybrid) as well as Docker Images. This article shares vulnerability trending insights we have seen when working on vulnerability analysis project and training our risk reporting algorithms. 

Cavirin platform uses a synchronized feed from the NIST National Vulnerability Database. This feed directly provides the Common Vulnerabilities and Exposures (CVEs) severity and base score that is used in its risk scoring algorithm to project the risk posture from unpatched vulnerabilities

0
0
0
s2sdefault

From minimal use just a few short years ago, containers, and most notably Docker, has gained nearly 30% penetration. This container penetration is primary with DevOps; but it crosses production environments and all sizes of environments. Unfortunately, with early adoption there was less of a focus on security. This has been rectified over the past year or so, with security solutions for images, containers, and orchestration now available. However, any container security solution must be agile enough to echo the speed at which containers are created and destroyed if the chance of a breach is to be minimized. Legacy scanning architectures won’t suffice. 

0
0
0
s2sdefault
The Center for Internet Security (CIS) Kubernetes Security Benchmark 1.8

The CIS Benchmark for Kubernetes 1.8 release continues to bring security enhancements to the core orchestration platform. The CIS Kubernetes community has been busy working on refreshing the benchmark to align with the new released features and narrow the gap between the announcement of the GA version of the product and the benchmark release. Download your copy of the benchmark from the CIS website today (NOTE:  Actual benchmark title aligned to the new release is ‘CIS Kubernetes Benchmark v1.2.0).

This version of the benchmark has undergone significant changes. The most awaited and subtle change is that the entire benchmark is re-factored to consider kubeadm based deployments. Kubeadm is increasingly becoming the developer’s choice of deployment rather than individual installation of various Kubernetes components. This standardization also helps any other deployment mechanisms to map and adopt the procedures easily.

0
0
0
s2sdefault

© 2019 Cavirin Systems, Inc. All rights reserved.