Cavirin Blog

At Cavirin, 2017 was no less than re-thinking securing the hybrid enterprise and pioneering massive scalable solutions. This blog is a summary of all our announcements and key features related to Content and Policy frameworks that we brought to our customers and the community last year.

Read on!

Cavirin also released CIS Android Security Benchmark and launched CIS communities for Kubernetes and Azure benchmark development.

0
0
0
s2sdefault

Now and then you come across a truly valuable presentation or piece of collateral.  In this case, USTelecom, the organization that represents telecommunications businesses in the US, has put together a bit of both as a gift to the community at-large.

It was developed to help individuals and organizations better understand cybersecurity challenges and responses.  The 50 slide PowerPoint show includes over 350 links to almost every security guideline imaginable – government, corporate, academic, analyst – and includes definitions, reports, best practices, and strategies.

0
0
0
s2sdefault

In November 2017, Fortune, leveraging data from Recorded Future, ran this sobering graphic on the price of various hacker tools, spanning personal records, attacks, and even services. 

Continuous Security Needed to fight cybercrimes

In the article, they quoted a statistic from Cybersecurity Ventures stating the global cost of hacking at $3 Trillion (with a T!) in 2015 will increase to $6 Trillion in 2021.Welcome to the era of Hacking-as-a-Service (HaaS).  

How does the advent of HaaS impact the average consumer or employee?  Why should they be concerned?  I personally maintain a credit card virtual ‘go bag’ listing the 10-15 calls or emails I need to make when I receive the semi-annual notification that my primary credit card has been compromised. 

0
0
0
s2sdefault

Big Data aficionados should be familiar with data volume, velocity and variety as the key pillars that distinguish modern analytics environments from the prior generation. A similar trend is taking shape in infrastructure security with the adoption of public clouds and micro services architectures, significantly complicating the Security Operations (SecOps) job.

According to Datadog, there are 185 million Docker containers in use across 10,000 companies or 18,500 containers per company on average, for those that do use Docker! If this is any harbinger of scale, SecOps teams will continue to have a lot on their hands. Automated profiling and management of risk is the only way to secure an environment with such volumes. 

Several company’s DevOps organizations, are pushing code as often as several times a day – Amazon.com, for example, deploys every 11 seconds (see Velocity Culture). Compound that with the desire to optimize costs via auto-scaling approaches. The average container lifecycle is 2.5 days while the average virtual machine lasts 14 days, likely reflecting the transient nature of auto-scale workloads. An inadvertent configuration change or a vulnerable package in a high velocity continuous deployment can jeopardize your security posture. Active monitoring of infrastructure and timely remediation of gaps in security are keys to SecOps success.

According to Forbes citing RightScale’s 2017 State of the Cloud Survey: “85% of enterprises have a multi-cloud strategy today, up from 82% in 2016, 58% are planning a hybrid cloud strategy, up from 55% a year ago. RightScale also found an increase in the number of enterprises planning for multiple public clouds (up from 16% to 20%)”.

SecOps = Secure Hybrid Infrastructure  

 

0
0
0
s2sdefault

I am pleased to announce the availability of DISA STIGs on the Cavirin’s next generation Platform. Cavirin DISA STIG support provides several new security baselines for assessing and securing mission critical and several value-adds to DISA STIG assessments that ease implementation and usability.  These include browsing, as well as assessment and reporting.

 

DISA STIGs Browsing

DISA does not provide an easy to navigate mechanism for browsing the STIGs, requiring the user to work with XML and stylesheets.  There are no spreadsheets, pdfs, or detailed documentation, requiring the user to  work with the XML and the enclosed stylesheets to browse the content. If you are like me, perhaps, you have been using the STIG viewer for a long time.

0
0
0
s2sdefault

With the release of Cavirin 1.2, we’re upping the game in providing a comprehensive hybrid infrastructure security solution that spans on-premise, multiple clouds, and Docker. Note that this solution goes beyond cloud-account level security provided by CISPA (Cloud Infrastructure Security Posture Assessment) vendors or most CWPPs (Cloud Workload Protection Platforms).  Our belief is that true control of the cloud can only be accomplished by both cloud account as well as individual virtual or Docker instance level visibility, and the two must tie together. Key new capabilities include multi-cloud support, continuous monitoring, ‘Cavirin Secure’ DevSecOps scripting, true enterprise scalability, and additional 3rd party integrations. The platform’s scalability, usability, and DevOps capabilities were also recognized in a recently published SC Magazine product review with both a 5-star rating and recommendation.

True Multi-Cloud Support

As enterprises migrate critical workloads to the cloud, they increasingly leverage or are planning to leverage multiple CSPs.  For example, they may initially deploy on AWS, but place live or standby workloads on Azure for resiliency, geography, cost, or application compatibility reasons.  Cavirin now supports workloads across the three major clouds – AWS, Azure, and GCP – and has built a powerful abstraction layer that will permit our customers to deploy across other CSPs in the future.  The new hybrid enterprise requires a solution that spans all four deployment domains – on-premise, the cloud platform, cloud instances, and containers. We uniquely deliver a solution meeting this requirement.

0
0
0
s2sdefault

Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.