Contact Us

Closed-Loop Cloud Security, Machine Learning Based Risk Scoring and Expanded Google Cloud Support with Winter 2019 Release

security automation framework


We’re excited to wrap up and announce our Winter 2019 release!

Customers will benefit from closed-loop security, which unlike siloed approaches to proactive and reactive security, assesses the impact of alerts related to new, deleted or changed resources from AWS CloudTrail and Google StackDriver Monitoring using CyberPosture scoring to prioritize infrastructure changes based on their risk. As part of closed loop GCP security, a Cavirin-developed Google Function watches Google StackDriver Monitoring for events related to the creation, deletion and changes to specific Google resource types. As these changes accumulate beyond a certain threshold, Cavirin triggers an assessment of your GCP account. This results in CyberPosture scores for affected resources which in turn helps create a remediation plan sorted based on improvement to security posture. A similar (alert -> threshold trips -> assess -> score) blueprint applies to AWS resources based on AWS Lambda Functions and AWS CloudTrail events.

Next, prioritized security gaps can be auto-remediated using AWS Lambda and Google Functions, as applicable. As the figure below shows, the remediation blueprint for Google comprises of a Google Function that watches for remediation requests from the Cavirin server on a GCP PubSub topic. As the Google Function remediates security gaps, the Cavirin server processes the remediation confirmations as another set of changes to your environment. As before, as changes accumulate beyond a threshold, an assessment is triggered, resulting in updated and improved CyberPosture scores. A similar remediation blueprint applies to AWS.


machine learning in cyber security


Extending closed loop security to operating systems resources, the Winter 2019 release also offers Ansible integration to streamline the hardening of operating systems powering compute instances. Cavirin periodically assesses all instances, checking for drift against a known baseline and recommending and carrying out remediation through Ansible to re-establish the instances’ golden posture. As the figure below shows, as we assess OS resources for policy packs like CIS and generate Ansible artifacts, in particular a variables file (list of failed policies to remediate) and a hosts file (list of Ansible-managed resources that require remediation), which when applied with the Ansible playbook for the given policy pack results in a return to the golden posture.

ai machine learning

Compliance and security professionals struggle with translating regulatory requirements and industry standards to automated technical controls – spreadsheets and manual mapping processes are the state of the art. While organizations like UCF have provided a universal/canonical representation of regulatory requirements, gaps still remain with respect to mapping requirements to technical controls with quantitative inputs that can drive risk scoring and security analytics.  Cavirin’s Winter 2019 release is the first to apply machine learning to recommend technical controls for industry standards (e.g. NIST 800-171) and regulatory frameworks (e.g HIPAA) with associated weights and severities which in turn drives the ability for customers to drive compliance based on risk, using Cavirin’s CyberPosture scores. Machine Learning ensures consistency of mapping and the resulting weights and severity. This further improves the efficacy of CyberPosture scoring and resulting remediation guidance.


cybersecurity through machine learning

Announced earlier, we now feed security findings for resources in a customer’s Google Cloud Platform into Google Cloud Security Command Center, which unifies security finds from a select group of Google Cloud partners. To leverage this feature, be sure to check out Cavirin Cloud SCC Companion and Cavirin CyberPosture Intelligence on the Google Cloud Marketplace!

deep learning for cybersecurity

Reporting enhancements: A new change reports feature offers the ability to compare the latest assessments against the previous one enabling users to quickly gauge the effectiveness of change management. A new reporting service for RSA-Archer permits management of Cavirin-reported compliance posture gaps through an organization’s existing GRC platform. 

Enhanced connectivity through Bastion and proxy hosts: Network segmentation and isolation are important best practices. With the Winter release, customers can isolate compute instances behind bastions and proxy hosts while allowing Cavirin to discover and assess these assets.  

Other new capabilities include additional OS scanning support, including for Amazon Linux 2, SUSE Linux 11/12 and Ubuntu 18.04.



© 2019 Cavirin Systems, Inc. All rights reserved.