Get My Score

Blog

security automation framework

“NEW” CyberPosture Intelligence Solution

Here is the second part (in a two-part series) that highlights customer benefits along with the features supported in our Summer 2018 release of Cavirin's "New" CyberPosture Intelligence Solution--Check out Part 1.  

 

1. Protect-Monitor-Respond-Predict security automation framework

Cavirin has implemented the Protect-monitor-respond-predict security automation framework which is at the core of everything that Cavirin does. We have provided the various puzzle pieces in this security automation framework over the last few releases and added some new elements in the summer release as well. 

Technology and Infrastructure agnostic solution - Cavirin provides the Protect-Monitor-Respond-Predict security automation framework with a single pane of glass view for the hybrid cloud infrastructure in a technology agnostic, cloud infrastructure agnostic manner so that customers don’t have to worry about the underlying infrastructure type.

In the summer release we have augmented the support greatly, namely:

  • Protect: we have increased the coverage for “protection” policies greatly, including adding new control frameworks such as support for CCPA (California consumer privacy act), Support for CIS Azure and CIS GCP benchmarks, enhancing AWS Cloud policies support, thereby further strengthening the number of policies support to be unparalleled in the industry. Cavirin supports 80,000 policies over 25 control frameworks.
  • Monitor: there are multiple ways that Cavirin implements monitoring,
    • Golden Posture monitoring: Continuous monitoring to ensure any golden posture drifts are detected and alerted through any of the signaling channels supported by Cavirin: JIRA/Slack/ServiceNow/PagerDuty.
    • AWS Lambda and SNS-Based Monitoring: Security monitoring of AWS CloudTrail events has been revamped to detect and alert operations staff via SNS Topics when the configuration of AWS resources are modified. 

  • Respond: Cavirin provides several capabilities to remediate the various issues/problems discovered by the Cavirin solution:
    • Cavirin provides a prioritized remediation gap report which provides a sorted and “prioritized” action plan based on its potential improvement on the overall CyberPosture score. This enables customers to focus on the most impactful remediation plan thereby minimizing time and resources expended.
    • Auto-remediation: Cavirin is launching “CavBots” to execute auto-remediation capabilities that are detailed below.
  • Predict: Cavirin provides data science insights to understand how the CyberPosture score is trending with time. Further, there are ways to analyze the assessment data for all the resources discovered and managed by the Cavirin solution. Capabilities exist to filter, sort, remediate and generate extensive reports with multiple perspectives as required by the customer.

 

2. Auto-remediation through Cavirin Cloud-bots aka “CavBots”

From the CISO Dashboard, there are two ways to get remediation guidance

  • Alerts and Remediation: Users can view failed policies sorted by their impact on the CyberPosture score, get a prioritized gap report along with remediation guidance and post notifications or work-items in Slack, PagerDuty, Jira and ServiceNow.
  • AWS Lambda-Based Remediation (New): Users can configure Cavirin to auto-remediate using built-in auto-remediation capabilities using “Cav-Bots” which execute remediation commands on behalf of the user. Remediation of AWS policy failures are achieved via AWS Lambda. Pre-built Lambda functions can be deployed in customer’s AWS accounts to initiate remediation of failed AWS policies.

 

3. More Enterprise-ready features

There are several enhancements made to support large enterprise-grade scalability and deployability to ensure that Cavirin can integrate with the enterprise infrastructure for large-scale enterprise deployments.

  • Role Based Access Control (New): To support deployments within large organizations, Cavirin’s Role-Based Access Control features allow customers to segment users, asset groups, reports and resources based on user’s role and function. In addition, access to CyberPosture views and actions is restricted by a user’s role. Custom roles can also be defined providing great flexibility.
  • Single Sign-On (New): Support for single-sign-on with Single-Sign-On products including support for Okta.
  • Enhanced OS Support (Enhanced): Certified Cavirin software on Ubuntu 16.04 (from 14.04). the Content team will continue to release content updates every month.
  • Digital fingerprinting of assets: Each asset in Cavirin has a unique identifier (GUID) which is derived by doing a digital fingerprinting of every asset discovered by Cavirin. With the Summer, 2018 release, compute instances are identified by their GUID. A given GUID may have multiple IP addresses. This identifier is used during the entire “Protect”-“Monitor”-Respond-Predict security automation framework. This also helps greatly to identify and de-duplicate compute instances.
  • Cloud workflow framework (New): Significant increase in the number of policies that Cavirin supports across major clouds (AWS, Azure, and Google Cloud). In addition, Cavirin provides the ability to roll-out additional content fast to customers on a regular basis.

Cavirin is a world’s first solution that provides CyberPosture intelligence for the hybrid cloud. It does so by discovering resources located on-premises, in traditional data centers such as virtual/physical machines, in multi-cloud environments (GCP, AWS, and Azure) and/or Docker/Container based environments. Subsequently, Cavirin enables risk, security and compliance management for these hybrid cloud resources through a Protect-Monitor-Respond-Predict based automation framework. Cavirin supports 25 audit frameworks derived from Security (NIST, CIS etc.) and compliance (HIPAA, PCI, GDPR, ISO etc.) domains to ensure corporate security and compliance policies are enforced for the hybrid enterprise of tomorrow! The Cavirin solution has been featured in leading market research reports and has won multiple awards for innovation and market leadership.

0
0
0
s2sdefault
aws outage

15th Annual Cybersecurity Month Kicks Off

Welcome to National Cybersecurity Awareness Month, or NCSAM for short.  Now in its 15th year, the goal is to have each of us do our part in protecting our most critical assets--be it a nuclear power plant or a photo of Niko the pup on Instagram--how can we protect what's important to us? 

The National Cyber Security Alliance has put together themes--the first is home security.  What do you need to do both as a ‘home admin’ as well as communicating security hygiene to your family, with a goal of establishing and maintaining your home ‘CyberPosture.’  We’ve prepared an infographic that summarizes the top tips for strengthening your home's cybersecurity defensive posture along the way.   

Week 1:  Make Your Home a Haven for Online Safety  

Every day, parents and caregivers teach kids basic safety practices ‒ like looking both ways before crossing the street and holding an adult’s hand in a crowded place. Easy-to-learn life lessons for online safety and privacy begin with parents leading the way. Learning good cybersecurity practices can also help set a strong foundation for a career in the industry. With family members using the internet to engage in social media, adjust the home thermostat or shop for the latest connected toy, it is vital to make certain that the entire household ‒ including children – learn to use the internet safely and responsibly and that networks and mobile devices are secure. Week 1 will underscore basic cybersecurity essentials the entire family can deploy to protect their homes against cyber threats.

NCSAM Week 1, by the numbers:

  • The number of smart homes in North America is expected to hit 73 million by 2021, making up more than 50% of all households.
  • Both parents and teens are concerned about online security, according to a 2017 NCSA survey. Among their top fears: someone accessing a teen’s account without permission (teens 41% vs. parents 41%); someone sharing a teen’s personal information about them online (teens 39% vs. parents 42%); and having a teen’s photo or video shared that they wanted private (teens 36% vs. parents 34%).
  • Additionally, 34% of teens indicate that they are the most knowledgeable person about cybersecurity in the family – followed by 24% who think dad is, and 18% who think mom is.

Other NCSAM Happenings

We will be participating in a couple webinars this month, the first a CISO panel, “Best Practices for Cyber Hygiene” is this Thursday at 9 AM PT--Register Here.  Later this month on Oct 24, our Chief Security Office, Joe Kucic, will host a panel, “Protecting Our Critical Infrastructure Starts with NIST.”  He’ll be joined by guest CISOs--Register Here.

For an inside look at the home attack surface, including potential entry points for hackers that you may not have thought of, check out the article “The Too-Smart’ Home - Uninvited Guests” on the IoT Evolution web site.  So what are we doing about these threats?  California, just this week, took a major step forward as the first state in the nation (as usual) with an IoT cybersecurity law to take effect in January 2020.  It helps mandate some common sense baselines for home routers and other Internet-connected devices.

Don't forget to check out our NCSAM Champions page, where we post our favorite materials and events available by other NCSAM Champions. 

For all the latest regarding NCSAM follow and post on Twitter/Instagram using the hashtags #CyberAware and #CyberPosture

0
0
0
s2sdefault
CyberPosture Intelligence

“NEW” CyberPosture Intelligence Solution

Single-click Hybrid Cloud CyberPosture scoring with actionable intelligence using a breakthrough user experience that’s dynamic, interactive and contextual. CyberPosture provides a credit-score like rating 0-100, quantifies the health of the infrastructure, which can be used by customers to do root cause analysis for all cybersecurity, risk and compliance issues followed by protection, monitoring and remediation through prioritized gap reports and/or auto-remediation using Cavirin automation based “CavBots".

Cavirin has announced the “new” CyberPosture Intelligence solution with its Summer 2018 release, now available. With the Summer 2018 release, customers benefit from breakthrough improvements on multiple fronts. Here is the first part (in a two-part series) a highlight of the of the customer benefits along with the features supported in this release: 

 

1.  New User Experience - CISO Dashboard with single-click actionable intelligence 

A new CISO/SecOps dashboard with a new CyberPosture scoring algorithm which enables a “credit-score” like representation of risk, security and compliance posture across the hybrid cloud infrastructure, including AWS, Google Cloud, Azure, containers and on-premises infrastructure. The CyberPosture score “quantifies” the health of the hybrid cloud infrastructure by assigning a score between 0-100, higher the score the better it is. More on the scoring methodology later.

Customers can get contextual actionable intelligence in the form of prioritized gap reports which is updated contextually based on the selections made in the middle pane. Remedial actions such as opening a JIRA/ServiceNow ticket, or signaling through Slack messages is one click away!

Customers can analyze trends and drill down into scores by asset group, environment, policy pack, cloud service, operating systems, and individual resources to pinpoint risk and prioritize remediation plans. Every score provides security & compliance drill downs for on-premise and cloud resources. 

 

 

 

In summary, the new user experience, which has received rave reviews from customers provides the following:

  • CyberPosture Scoring – contributions from security/compliance issues
  • Dynamic, Interactive and personalize-able based on role-based access control. The Dashboard is continuously updated in real-time
  • Ability to click-through and drill down to do root cause analysis to understand the cause for the various issues affecting the customer
  • Actionable intelligence is a click or two away

 

2.  Enhanced Hybrid Cloud Infrastructure Support

Several new enhancements have been made to augment support for the Hybrid Cloud infrastructure in the summer release.

CyberPosture Scoring: Credit score like rating between 0-100 - The CyberPosture score analyses and quantifies the health of the end-to-end hybrid cloud infrastructure by assigning a score between 0-100 using several variables described below. This is unique in the industry and Cavirin is the only company that provides a CyberPosture score for the hybrid cloud.

Higher scores mean that the risk exposure of the infrastructure is lower. This score quantifies the Cyber- Risk Exposure and is a measure of the risk for the hybrid infrastructure due to a combination of security and compliance issues which could lead to cyber-breaches. The list of various contributing factors that contribute to the overall CyberPosture scoring:

  • Asset Criticality: Asset criticality ensures that all the critical assets contribute more towards the overall CyberPosture score than less critical ones. CyberPosture scores are now based on user-assigned Confidentiality, Integrity and Availability ratings for every resource. As a result, critical resources can be identified, scored and prioritized for remediation.
  • Configuration Vulnerability Assessment: All configuration and vulnerabilities related issues are quantified and contribute towards the overall CyberPosture scoring.
  • Real-time Monitoring: the hybrid infrastructure is continuously monitored, and the real-time impact of the monitoring is included in the overall CyberPosture. The score is updated in real-time continuously.
  • Control Frameworks: Cavirin supports 25 control frameworks, 80,000 policies. Depending on the frameworks selected each control policy contributes towards the overall CyberPosture score.

For more information on CyberPosture Scoring, download our whitepaper.  

Enhanced Cloud Policies and Resource Scoring - The cloud resources discovery process has been greatly enhanced in the summer release. Several new control frameworks have been added, please see details below.

Cloud Resource Discovery and Scoring (New) - All cloud resources, services, and accounts are discovered and scored separately as an asset.  Cavirin’s cloud and on-premise resource inventory discovers and depicts resources associated with AWS, Google Cloud and Azure services including object stores (e.g. AWS S3, Google GCS), VPC, Security Groups, databases (e.g. AWS RDS), key management services (e.g. AWS KMS) and more.

CyberPosture for Azure Cloud (New) - Support for CIS Azure control policy framework along with Cavirin specific policies for Azure cloud infrastructure. Developed new Visibility of Azure Cloud resource types (e.g. Azure Cloud Storage) and additional technical controls from CIS Azure Foundation to drive CyberPosture scoring and remediation guidance for Azure.

CyberPosture for Google Cloud (New) - Support for CIS GCP control policy framework along with Cavirin specific policies for Google cloud infrastructure. Visibility of Google Cloud (e.g. Google Cloud Storage) resources and Cavirin-defined technical controls for Google Cloud to drive CyberPosture scoring and remediation guidance for Google Cloud.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Part 2 of this blog series (now available) shares more of the customer benefits and features supported in this summer release.  

0
0
0
s2sdefault
hybrid security framework

Cybersecurity Scoring Blog Series

This is the third in five-part blog series designed to help your organization understand and leverage your own cybersecurity scoring posture--the first blog Introduced you to CyberPosture Scoring. The second one went over Cybersecurity Posture Scoring vs Risk Scoring.  Over the course of the series, we are presenting the concept of cybersecurity posture along with a security framework and an approach to calculate your overall posture score.  

Key Attributes and Elements for Building a Successful Security Framework

In our first two blogs, we presented an overview of what cybersecurity posture scoring is and how it relates to cybersecurity risk scoring. As we take you along the path to generate a CyberPosture score for your company, the first step is to establish an IT security framework from which you will guide your own scoring process leading you to a consistent scorecard that can be used throughout the organization.

When developing a security framework for measuring the CyberPosture of your IT infrastructure, it’s important that the framework adheres to five key attributes:

  • Comprehensive—incorporates all business-oriented risk signals impacting the security posture.
  • Extensible—dynamic ability to incorporate future risk signals and emerging controls that could impact the security posture over time.
  • Comprehensible—consumers of the score must be able to understand it with minimal cybersecurity knowledge.
  • Meaningful—represent your security posture adequately, accurately, and consistently to help drive prioritized action plans.
  • Defensible—based on industry-standard cybersecurity frameworks and supporting details available for those who want (or need) to dig deeper into the analysis.

Your CyberPosture will be driven by the following six elements, which serve as the scoring for your IT security framework:

  • Asset Criticality (discover and classify)
  • Threats (events perpetrated by threat actors in the context of the critical assets and vulnerabilities)
  • Vulnerabilities (weaknesses in the infrastructure)
  • Controls (mitigating controls against the vulnerabilities)
  • Likelihood of a Breach (historical projected)
  • Impact of a Breach (business assessment based on CIA triad)

When the attributes and elements of your posture scoring framework are in place, the information security team can articulate and present a clear view into how well the organization is prepared to deal with the threats and attacks it will likely face.

The rest of this blog will take you through the key factors to consider as you apply this framework to your IT environment.

Key Factors When Applying a Security Framework to Your IT Environment

Asset Criticality—the criticality of IT assets is an important contributory factor to your overall CyberPosture assessment. Assets are classified under the following categories:

  • Information—databases, data files in servers as well as desktops and laptops, system documentation, user documentation, training materials, operational/support procedures, continuity plans, and archived information.
  • Software—application software, system software, development tools, and utilities.
  • Physical Devices—computer equipment, processors, monitors, laptops, modems, printers, and other hardware.
  • Services—general utility services such as power, lighting and air conditioning that are used for IT equipment.
  • People—those who own and run the programs and perform tasks for the IT department related to these assets.

Each asset should be rated using the CIA information security triad—Confidentiality, Integrity, and Availability (CIA). It’s best to have the respective asset owners identify and classify the assets. This ensures that the individual owners’ concerns around security for each asset are taken into consideration.

The criticality of each asset will be scored according to the impact on the business if that asset were to be compromised:

Level 1 - No impact
Level 2 - Insignificant impact that will not result in a business or financial loss
Level 3 - Some impact that may result in some level of business or financial loss
Level 4 - Significant impact that will probably result in a significant business or financial loss
Level 5 - Severe impact that will likely result in a significant business or financial loss


Taking this approach will help prioritize which assets to focus on first as far as raising their posture score. Once the most critical assets are selected, they can then be grouped based on similar criticality ratings.

Of course, the assessment of criticality if only as accurate as the inventory of assets being evaluated. Therefore, the first step as part of this element is to implement a thorough discovery process that can identify the systems, containers, applications, and services in use throughout the organization, both on-premises and in the cloud.

Additionally, one must not forget to explore the environment for assets that may have been brought into the environment by employees, contractors, and partners without the knowledge of the IT department; or “Shadow IT.”

As a final point here, it is also essential to maintain a proactive view into the inventory of these assets, keeping abreast of planned and unexpected changes made to the environment, such as the modification of scope made to an existing workload and/or the launch of a new workload to address a new business requirement or process.

Threats—threat events pertain to conditions that can lead to breaches and are perpetrated by threat actors—either humans (insiders or outsiders), botnets (human-controlled networks) or nation states (government entities).

Threat actors can exploit weaknesses in systems and software to create threat events that portend breaches. The threats could be the result of malice (e.g., a cybercriminal trying to steal data) or unintentional (e.g., an admin-level user who changed access control permissions – to an S3 bucket, for example – without understanding the consequences).

Threat events can span:

  • Configuration issues: unintended data flows that expose data to the outside world.
  • Defects and other vulnerabilities in systems and applications: which can be used to bypass authentication, access rights, and other powerful system-level capabilities.
  • Limitations in compliance frameworks: far too often, the regulatory bar is set way too low, guiding the threat actor for how high they need to jump.

To gain a proper view of the threats the organization faces, the team must consider collecting and consuming one or more threat intelligence feeds. These feeds will provide real-time feedback for threat events pertinent to the organization which will, in turn, contribute crucial intelligence needed to better for a security posture score relevant to the environment within your organization (which, of course, was identified in the asset discovery and criticality element above).

Vulnerabilities and Mitigating Controls—according to owasp.org, a vulnerability is a weakness in an application, operating system, or other components, that allows a threat actor to cause harm or compromise. The weakness can be a design flaw, misconfiguration, operational lapse (ineffective security practices), or other attack vectors.

A mitigating control is a configuration, process, technology, or even a person implemented as a means to safeguard or provide some other countermeasure in which to avoid, detect, counteract, or minimize the risk identified for a given asset.

As one might naturally picture, vulnerabilities and controls are very closely related to threats. The reason for this is simple: threat actors both intentionally and accidentally take advantage of vulnerabilities in the hopes that there are no effective mitigating controls in place. If the threat actor is malicious, for example, they could easily search the open web for the types of systems, applications, and services in use within your organization, do a lookup for the known vulnerabilities and common (out-of-the-box) misconfigurations they possess, and the check to see if there is a control in place to block access and/or prevent the payload from succeeding. 

If there is an adequate control in place, the threat actor can move on to seek out another system or application that is missing the control. If there is no mitigating control in place, the threat actor can choose to exploit the vulnerability and/or misconfiguration and leverage the benefits from doing so; change/increase access rights, change the system/application configuration, laterally move to another location on the network, or even sit and wait to use the machine’s location and capabilities to their advantage at a later time after they perform some additional reconnaissance.

As noted above, there are three types of vulnerability and control assessments that factor into the CyberPosture score:

  1. Configuration related issues
  2. Vulnerabilities related issues
  3. Security and Compliance framework related audit issues

The score contributions will come from any IT infrastructure resources such as OS resources, Cloud accounts, and services—both from an initial assessment contribution followed by a run-time monitoring assessment of the configuration, vulnerability, and control framework policies for which the organization has in place for the hybrid cloud infrastructure. Assessment monitoring also aligns with the CIA model in that one cloud service may require more availability or confidentiality than another.

The Likelihood and The Impact of a Breach—the likelihood of a breach is the probability of an asset being compromised due to threats exploiting the specific vulnerability and can range from <unlikely to occur> to <certain to occur>.

The impact of a breach that results in a business or financial loss should be assessed by the owner of each asset, collection of assets, and the overall business process that utilizes those assets. The value can range from <no impact at all> to <severe impact>, which may result in disastrous consequences or lead to significant financial loss.

The likelihood and impact analysis relies heavily on historical trends within the organization, trends in threat intelligence data, statistics related to the industry in question, statistics related to the geographical location of the business operations (laws and regulations can have an impact), the current patching regimen, and what types of attacks are actually possible against the identified vulnerabilities. There may be other factors as well, but these are the core areas from which the assessment would be made.

As the likelihood and impact are calculated, keep in mind that a single asset may be used to enable multiple business processes and may also be in play in support of multiple business units in many forms and in many locations.

 

Up Next: How CyberPosture Scoring Works 

For the security framework to be successful, you must have visibility into the hybrid world of the OS (both VM and container), of the workloads, and the key set of cloud provider services utilized as well. Remember: the faithfulness of your CyberPosture score is directly related to the rigor, consistency, and honesty that goes into each phase of the process.

In our next blogs, we will take you through the scoring methods to measure your CyberPosture score. We will then show you how to get started with obtaining your own CyberPosture score—including what you need to do before you can start scoring.

In the meantime, should you have any questions or need help generating a CyberPosture score for your organization, visit http://www.cavirin.com/why-cavirin/cyberposture-score or contact Cavirin to speak with one of our CyberPosture scoring professionals. 

0
0
0
s2sdefault
aws outage

The Benefits of a Hybrid Cloud

Having different workloads on both public and private clouds embraces a hybrid cloud strategy that is increasingly becoming popular with IT and CISOs. In essence, this strategy means avoiding the proverbial “putting your eggs in one basket”, which is the best way to invite risk and breaches to your data.

We got a glimpse into the vulnerability of the cloud last week when Microsoft Azure’s South-Central US data center region was down for a while after a severe lightning storm disrupted their cooling system.

According to a TechTarget article, Azure Outage Spotlights Cloud Infrastructure Choices, “the surge hit the power cooling systems, and subsequent rising temperatures triggered automatic hardware shutdowns.  Nearly three dozen cloud services, as well as the Azure status page, bore the brunt of the storm”.  The article cited that “much of the problem lies in how Microsoft has built out its public cloud architecture, where most Azure regions are comprised of a single data center”.  Additionally, there are so many risks of failures from many events, when workloads are solely stored on single data centers. To avoid this happening in the future writer James Montgomery at TechTarget said, “Microsoft must also modify its software to accommodate a multi-availability-zone architecture”.

This Microsoft incident points out, once again, that a cloud first strategy opens up an organization to service outages and downtime.  According to analytics firm Cyence, a startup that models the economic impact of cyber risk, the four-hour AWS outage in 2017 caused S&P 500 companies to lose approximately $150m.  It’s crazy to think how much could be lost if a major cloud provider is offline for days.  Lloyd’s, the specialist insurance and reinsurance market, in partnership with the risk modeler, AIR Worldwide put out a report in January that calculated an "extreme" cyber-incident -- one that takes a top cloud provider offline in the US for three to six days -- would result in industry losses of $15bn. 

Azure Outage, AWS downtime

A hybrid cloud infrastructure provides organizations more control of their critical workloads, which could mean everything if a cloud provider is unfortunate enough to be pushed offline for hours/days.  Check out our eBook, The Enterprise Journey to the Hybrid Cloud, which walks you through the steps required to building a world-class Hybrid Cloud infrastructure from setting goals and developing consensus to building and deploying secure hybrid workloads.

 

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.