Cavirin Blog

Securing the Hybrid Enterprise – Cavirin’s Reflection on 2017

At Cavirin, 2017 was no less than re-thinking securing the hybrid enterprise and pioneering massive scalable solutions. This blog is a summary of all our announcements and key features related to Content and Policy frameworks that we brought to our customers and the community last year.

Read on!

Cavirin also released CIS Android Security Benchmark and launched CIS communities for Kubernetes and Azure benchmark development.

  • Securing Container Ecosystem– Cavirin announced security services around container ecosystem. It had a key presence at DockerCon, which took place in Austin, Texas, April 17-20, 2017. It announced:
    • CIS Docker Security Benchmark assessment targeted at hosts running containers
    • Docker Image Scanning à Scanning Docker Images for vulnerabilities and misconfigurations
    • CIS Kubernetes Security Benchmark assessment targeted at Kubernetes cluster components such as API Server and Controller.

All of the above capabilities are available via the APIs to build an effective CI/CD pipeline that automatically scans your application images before they are deployed in the production.

All the above implementations support policy tailoring.  For example, a recommendation from CIS AWS Foundation Benchmark reads that “1.1 Avoid the use of the "root" account”. To implement this accurately, you could provide the “Actual root account email address” and also “the time since which the root account should not be found logged into”. Together this information is preserved for assessments for your respective cloud accounts.

  • DISA STIGs – Cavirin platform added support Windows and Linux DISA STIGs. It brought several enhancements that enrich your STIG assessment experience.
  • GDPR Readiness – Cavirin announced two core capabilities – GDPR Automated assessments and GDPR Manual attestation framework. Compliance with the General Data Protection Regulation (GDPR) will become a requirement on May 25, 2018 for any company handling personal information belonging to EU citizens, irrespective of their physical location. Combining the automated and manual framework ensure GDPR compliance not only for your technology side of things but also covers people and process. Watch a demo here.
  • All-Cloud Readiness – Cavirin completed seamless integration for workload assessments for all major cloud providers – AWS, Azure and GCP. It also introduced a brand-new monitoring service that could alert on security anomalies in the cloud and helps you control your drift immediately and effectively.
  • E-book for Securing Hybrid Workloads – We summarized all our learnings from the above and published an easy to read e-book. You can pick up your copy today!
  • Award Winning Security – Cavirin platform was demonstrated at several conferences and to industry leaders and analysts. Cavirin won TiE50 award, Stevie Tech Startup, Startup 50, and a 5-star rating from SC Magazine.

We are looking forward to exciting times at Cavirin. Our latest assessment content, SaaS offering, cloud and Docker integrated monitoring and several key touch point integrations and workflows such as Jira, ServiceNow, Chef, Puppet and Ansible, when tied with the power of machines and algorithms, can help you maintain an effective security and compliance posture and mitigate several critical risks from operating in the hybrid cloud environment.

Happy New Year!

 

 

 

 

0
0
0
s2sdefault

Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.