Cavirin Systems, Inc., the only company providing risk, cybersecurity and compliance posture for the enterprise hybrid cloud, today announced auto-remediation capabilities spanning compute instances and cloud services in Amazon Web Services (AWS) and on-premise environments. Many organizations separate security posture monitoring from change management, leaving them exposed when security alerts monitored by SecOps teams wait for DevOps teams for remediation. Closing this security gap via auto-remediation is a key outcome enabled by Cavirins CyberPosture Intelligence.
Cavirins CyberPosture Intelligence secures both the public cloud control plane as well as target hybrid cloud workloads (servers), on-premise, within the public cloud, and within containers. The resulting CyberPosture score permits organizations to compare their current security posture against the desired ˜golden posture and immediately take corrective action. The latest update delivers auto-remediation workflows for both AWS as well as on-premise infrastructures as follows:
- For AWS, Cavirin monitors network ports associated with AWS Security Groups and ranks vulnerabilities based on Cavirins CyberPosture Scoring methodology. DevOps users can remediate one or more security groups with one click, which invokes a Cavirin-authored Lambda function deployed within a customers AWS account(s). Remediation for Google Cloud and Azure will follow in upcoming releases.
- For compute instances in AWS, Google Cloud, Azure or on-premise environments, Cavirin monitors operating level configuration parameters for drift compared to a golden state defined for a group of machines. Cavirin automatically creates the list of drifting machines as well as a list of configuration settings that require remediation in Ansibles format. The Ansible server combines the Ansible artifacts with the Cavirin-supplied Ansible playbook to remediate machines to the golden state. The same approach can also be used to create ˜golden images during pre-production by assessing candidate images against a golden posture.
These workflows enable enterprises to significantly reduce the effort and time required to plug security holes and minimize risk, and align, in our opinion, with Forresters October 2018 ˜Best Practices: Cloud Workload Security report that recommends: Take time to integrate CWS with CICD, DevOps, and other critical tools. IT pros increasingly use CICD pipeline tools like Ansible, Chef, Jenkins, and Puppet to build and configure workloads. Security tooling and configuration is not a cloud instance runtime task it has to be designed and preconfigured into the build pipeline.
Cavirins capability to bridge security posture monitoring and change management, both on-premise and in the cloud, speaks to the flexibility and usefulness of the solutions design, said Brajesh Goyal, vice president of engineering at Cavirin. This new functionality of Cavirins CyberPosture Intelligence platform is just the beginning of delivering a true closed-loop remediation solution across the hybrid cloud.
WANT TO BUILD A FINANCIAL EMPIRE?
Subscribe to the Global Banking & Finance Review Newsletter for FREE Get Access to Exclusive Reports to Save Time & Money
By using this form you agree with the storage and handling of your data by this website. We Will Not Spam, Rent, or Sell Your Information.
Cavirin removes security compliance as a barrier to cloud adoption through automation with the broadest set of customizable frameworks, benchmarks and guidelines available. The company will showcase its CyberPosture Intelligence solution at booth #2725 at AWS re:Invent 2018, which takes place November 26-30 in Las Vegas. For more information, please visit https://www.cavirin.com/why-cavirin/get-cyberposture-score or read our auto-remediation blog.
Santa Clara, California-based Cavirin is a global provider of risk, cybersecurity and compliance posture intelligence for the enterprise hybrid cloud. Cavirin is the only organization that delivers CyberPosture intelligence for the hybrid cloud by providing real-time risk & cybersecurity posture management and continuous compliance, while further integrating security into DevOps. For more information, visit the companys website, and follow the company on Twitter at @Cavirin and on LinkedIn.
Lumina Communications for Cavirin
Jacqueline Meyler, 669-234-9775