Get My Score

Risk Management & Analytics

Risk and policy management

Excellent Hybrid Cloud Environment with Real-time Visibility

We are excited to announce that this week Cavirin’s CyberPosture Intelligence for the Hybrid Cloud was recognized by SC Magazine. The Cavirin solution earned five-star marks (the highest rating) in all six review categories: Features, Documentation, Value for Money, Performance, Support, and Ease of Use.

 

Risk and policy management - SC Magazine

 

The SC Magazine five-star rating is especially gratifying as it is based on an objective evaluation of features and capabilities.  Leading the charge, the reviewers thought that one of the most prominent features was Cavirin’s nonpareil CyberPosture Score.  

According to Cavirin’s Director of Product Management, the CyberPosture Score is derived by continuously assessing the security posture of all managed cloud services and workloads to compute a CyberPosture score, a number between 0 and 100. A score of 100 represents the least risk. Representing risk in this manner facilitates prioritized response plans and in-depth security analytics including score drill downs from the company level to asset groups, individual resources, policy pack/control families and operating systems. At any of these levels, with visibility that spans your entire hybrid infrastructure, Cavirin’s solution depicts trends of CyberPosture scores to help CISOs assess the impact of security posture improvements.

 

Risk and policy management - SC Magazine

 

In addition, SC Labs evaluators Matthew Hreben & Katelyn Dunn highlighted the importance of a single, unified view, emphasizing that “point” security solutions can be costly and have limited visibility into an organization’s defensive security posture:

“Users typically struggle building a meaningful risk security assessment process across a hybrid environment due to the lack of network visibility and the cost of needing multiple products. Cavirin CyberPosture Intelligence for the Hybrid Cloud serves as a single, unified view of the hybrid cloud environment that gives real-time, continuous monitoring and assessment, has automatic asset discovery and encompasses an API-first architecture that integrates security into DevOps. It enables continuous improvement of security posture and is cost-effective compared to alternatives requiring multiple products.”

In closing, the verdict of the SC Magazine analysts on Cavirin’s CyberPosture Intelligence for the Hybrid Cloud is:

“Great API-driven technology that integrates with Slack, Jira and Okta for SSO, also provides users concrete documentation and workflow suggestions. This is a strong contender in its space and worth a look.”

 To read the complete review visit, scmagazine.com

 For more information on Cavirin’s CyberPosture Score check out our latest whitepaper:  Cavirin CyberPosture - Your Credit Score for Security.

 

0
0
0
s2sdefault

Last night I had the pleasure to attend a panel hosted by the EC Council on insider threats.  Panelists included the CISO from San Francisco, the VP of Systems from Macy’s, and most interestingly, Eric Snowden’s former boss at Booz Allen Hamilton.   All three were covering various aspects of the STRIDE model.   For example, the crisis that SF ran into about 8 years back, where a single employee held the city network hostage by collecting router passwords, was a combination of disclosure and elevation.   It took the mayor, at the time, to diffuse the situation.

The NSA suffered the same, with Snowden, in the first week of his new assignment in Hawaii, requesting passwords from colleagues and spending off hours on-site.   More damaging, it is rumored but not confirmed that his credentials from his former IT role were not revoked.   This, married up with his new access to higher levels of classification, created an opportunity.    And it is never a single issue.   His CIA HR records, if shared with the NSA, which they were not at the time, would have raised additional flags, and at the time, employees were not subject to daily exit searches, providing him with the opportunity to exit with his USB dongles.

Left to Right - 

Steven Bay, former boss of Eric Snowden

Joe Voje, CISO, City of San Francisco

Brian Phillips, VP, Macy’s Systems and Technology

And, Macy’s was the first to admit that their procedures in place to address insider capture of PCI data were not up to snuff.   They are now, and just recently the company has taken a very aggressive approach on limiting data access as part of their announced store closures, since there is an interim period where employees have been notified but are still employed.

Net-net, the last decade has been a learning experience, across both commercial and government, but with increased focus, awareness, and sharing of best practices, we’re making progress.

 

0
0
0
s2sdefault

Most people find stories like the Uber snooping lawsuit pretty unsettling.  If you heard nothing of this but the accusation of Uber's use of "God View" as explained in a recent series of articles by Forbes , it is important to know that Uber collected customer and employee information, and used that information in a manner that was well outside of reasonable use by the standards of California Privacy Legislation.

“Exhibit A contains customer data collected by Defendant and constitutes Defendant’s confidential, proprietary, and private information about its users — the very existence, content, and form of which are of extreme competitive sensitivity to Defendant in that they demonstrate what data Defendant considers important enough to capture, how that data is stored and organized, and could, individually or in the aggregate, provide Defendant’s competitors with insights into how Defendant views, analyzes and executes certain aspects of its business,” Uber wrote in a court filing.

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.