Contact Us
Cavirin Systems, Inc. Cavirin Systems, Inc.
 
  • Product
  • Environments
    • AWS
    • Azure
    • Google Cloud
    • Docker/Kubernetes
  • Solutions
    • Secure Cloud
    • Secure Compute
    • Cloud Compliance
  • Customers
  • Resources
  • Blog
  • Support
  • Search Icon
  • Home
  • Login

Blog

Automated Insider Threat Management

Most people find stories like the Uber snooping lawsuit pretty unsettling.  If you heard nothing of this but the accusation of Uber's use of "God View" as explained in a recent series of articles by Forbes , it is important to know that Uber collected customer and employee information, and used that information in a manner that was well outside of reasonable use by the standards of California Privacy Legislation.

“Exhibit A contains customer data collected by Defendant and constitutes Defendant’s confidential, proprietary, and private information about its users — the very existence, content, and form of which are of extreme competitive sensitivity to Defendant in that they demonstrate what data Defendant considers important enough to capture, how that data is stored and organized, and could, individually or in the aggregate, provide Defendant’s competitors with insights into how Defendant views, analyzes and executes certain aspects of its business,” Uber wrote in a court filing.

Details
Category: Risk Management & Analytics
  • CIS Benchmarks
  • Insider Threat

Read more ...

The Hackers – Time Magazine person of the year runner-up

The Hackers – Time Magazine person of the year runner-up, and what it means for the rest of us

This last week, Time announced their person of the year, and as expected, President Elect, Donald Trump got the nod. More interesting was the selection of Hackers as number three. In fact, cybersecurity also touches Donald Trump, the person of the year, and Secretary Hilary Clinton, the runner-up, both knee deep in the conversation and controversy. Trump with his ties to Putin and attacks against the DNC, and Hilary with her private email server. 2016 also saw terms such as ransomware, malware, and IoT botnets enter water-cooler conversation, and the credit card hacks of the past were eclipsed by an order of magnitude when Yahoo admitted the breach of over 500 million email accounts. Even the Internet was not immune, with a denial of service attack in October cutting off connectivity to many well-known web properties.

Details
Written by David Ginsburg
Category: Trending in Security
  • Containers
  • CISO
  • Cybersecurity

Read more ...

Docker Container Security and STRIDE

The first step in building a secure infrastructure is to understand the threats. Threats are potential events which lead to something useful for the attacker. It could be money, it could be bragging rights, or it could just be pure fun mutilating the reputation of a business entity. Threat risk modelling is an essential exercise to categorize threats and determine strategies for mitigating them. One such threat assessment model is STRIDE.

STRIDE is an acronym for six threat categories as outlined below:

  • Spoofing Identity – An attacker could prove that she is an authorized user of the system
  • Tampering with Data – An attacker could successfully add, modify or delete data
  • Repudiation – An attacker could deny or make it impossible to prove his delinquency
  • Information disclosure – An attacker could gain access to privileged Information
  • Denial of Service – An attacker could make the system unresponsive to legitimate usage
  • Elevation of privilege – An attacker could elevate her privileges

The STRIDE threat model forces you to think about securing your infrastructure from a threat perspective.

Details
Category: Docker Container Security
  • CIS Benchmarks
  • Docker
  • Cloud Security

Read more ...

No security = No business in the cloud

 No security means you will likely have no business in the cloud

For an engineer such as myself, who is involved in cloud computing, and generally excited about being in the middle of nothing short of a “computing revolution”, attending AWS re:invent 2016 is akin to making an annual pilgrimage. The experience of being among the fellow travelers at the expo hall, listening to keynote addresses that set the tone for next phase of cloud computing, and walking by the myriad of booths with solutions that vie with each other pushing the envelope, was nothing short of transformational.

Details
Category: Security Compliance Platform

Read more ...

Why align with ISO/IEC 27002:2013?

THE ISO/IEC 27002:2013 CHALLENGE

ISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for information security controls

You might think that implementing an ISO 27002 ISMS program is fairly straight forward, and even an easy sell to the business and supporting enterprise.  After all, Information Security is defined by the the C-I-A triad, the most well-known model for security policy development.  Who can resist a tried and true C-I-A triad?

Details
Category: Regulatory Compliance

Read more ...

Swim in the Cloud or Die

Cloud computing, on its own is a benign concept, identified as having these five attributes:

Details
Category: Security Compliance Platform

Read more ...

  1. Docker Security, A Product Manager's View
  2. Why Earn SOC 2 Certification
  3. Docker Container Security with Cavirin ARAP
  4. UK Cyber Essentials and Cyber Essentials Plus
  • Start
  • Prev
  • 11
  • 12
  • 13
  • ...
  • 15
  • 16
  • 17
  • 18
  • 19
  • ...
  • Next
  • End

Subscribe

Tag Cloud

  • security platform
  • Remediation
  • NIST
  • Hybrid-Infrastructure
  • hybrid cloud
  • hipaa
  • Devops
  • Data Security
  • Cybersecurity
  • CyberPosture
  • Containers
  • Compliance
  • Cloud Security
  • CIS Benchmarks
  • AWS

Categories

  • Continuous Security Assessment & Remediation (18)

  • Amazon Web Services (AWS) (4)

  • Cloud Migration (6)

  • CyberPosture (8)

  • DevOps (11)

  • Docker Container Security (8)

  • Google Cloud Platform (GCP) (2)

  • Regulatory Compliance (9)

  • Risk Management & Analytics (3)

  • Security Compliance Platform (10)

  • Security Programs and ISMS (4)

  • Trending in Security (29)

About Cavirin

Cavirin is the only organization that delivers cyberposture intelligence for the hybrid cloud by providing real-time risk & cybersecurity posture management, continuous compliance, further integrating security into DevOps.

Company

  • About Us
  • Leadership
  • Advisory Board
  • Careers
  • News & Events
  • Contact
  • End User License Agreement

Cavirin Partners

  • Partners
  • Partner with Cavirin
  • Global Channel Partners
  • Technology Alliances
  • Partner Program

Contact Us

Phone: 408-200-3544
Email: info@cavirin.com

5201 Great America Pkwy.
Suite 419,
Santa Clara,
CA 95054

© 2019 Cavirin Systems, Inc. All rights reserved.

  • Login
  • Support Desk
  • Privacy Policy
  • Sitemap
  •   
  •   
  •   
How can we help you
X