With the release of Cavirin 1.2, we’re upping the game in providing a comprehensive hybrid infrastructure security solution that spans on-premise, multiple clouds, and Docker. Note that this solution goes beyond cloud-account level security provided by CISPA (Cloud Infrastructure Security Posture Assessment) vendors or most CWPPs (Cloud Workload Protection Platforms). Our belief is that true control of the cloud can only be accomplished by both cloud account as well as individual virtual or Docker instance level visibility, and the two must tie together. Key new capabilities include multi-cloud support, continuous monitoring, ‘Cavirin Secure’ DevSecOps scripting, true enterprise scalability, and additional 3rd party integrations. The platform’s scalability, usability, and DevOps capabilities were also recognized in a recently published SC Magazine product review with both a 5-star rating and recommendation.
True Multi-Cloud Support
As enterprises migrate critical workloads to the cloud, they increasingly leverage or are planning to leverage multiple CSPs. For example, they may initially deploy on AWS, but place live or standby workloads on Azure for resiliency, geography, cost, or application compatibility reasons. Cavirin now supports workloads across the three major clouds – AWS, Azure, and GCP – and has built a powerful abstraction layer that will permit our customers to deploy across other CSPs in the future. The new hybrid enterprise requires a solution that spans all four deployment domains – on-premise, the cloud platform, cloud instances, and containers. We uniquely deliver a solution meeting this requirement.
Continuous Monitoring
We believe that two fundamental models are evolving for infrastructure/cloud security management:
- Control Policy Pack-driven assessments that are “on-demand” or on prescribed schedules with a notion of “point-in-time” security posture, and
- “Real time”, “event-driven” security management capable of responding quickly to incidents as well as continuously watch for events or anomalies that may have serious security impact.
In Cavirin 1.2, we are breaking a new ground in offering support for the latter security model, with the integration of “CloudTrail” on AWS. This means that our AWS customers are now able to setup monitoring for critical events on their cloud infrastructure, generate alerts, and quickly act upon them, if identified as critical. The following events are now supported, and more are coming shortly:
- Failed Console Logins
- API Authorization Error
- Launched Instances
- ACL Change with all allowed to ingress
- Modification of VPCs
- Security Group Changes
The key point is that customers not only have visibility into real-time events, but are informed as to their impact on both their cloud accounts as well as their individual virtual or container instances, and can take appropriate action. The monitoring infrastructure we’ve developed is adaptable to any CSP, other 3rd party data feeds, and offers a simple interface to what we call the Risk Signaling Engine for further analysis and display.
DevSecOps Scripting
Effectively integrating security into the DevOps process requires better automation in applying security frameworks to the CI/CD process. Cavirin 1.2 includes ‘Cavirin Secure,’ published Jenkins scripts that permits assessment of in-progress code across the development lifecycle enabling security as an acceptance criteria. This integrates with the platform’s lifecycle container security capabilities.
Scale-Out Performance
Cavirin’s micro-services based scale-out architecture now supports over 10K instances with near-constant throughput for much larger deployments via horizontal scaling, while delivering 5x faster assessments over competing platforms.
Additional 3rd party Integrations
Aligned with the platform’s open API architecture, we continue to support additional external tools. New capabilities in Cavirin 1.2 include ServiceNow, Jira, and Chef integration, all easily configurable via the UI, eliminating any ‘CLI-level’ interactions. For example, the operator may configure the system to send a ticket to Jira if a certain framework, instance, or environment scores below a certain threshold. The team is immediately notified and may take action.
Cavirin 1.2 is available today – contact This email address is being protected from spambots. You need JavaScript enabled to view it..