CloudCow.com

Cavirin Systems, Inc., the only company providing risk, cybersecurity and compliance posture for the enterprise hybrid cloud, today announced the general availability of its Summer 2018 CyberPosture Intelligence release. CyberPosture is a consolidated risk score for the hybrid infrastructure, based on configuration checks, vulnerabilities, and risk, security and compliance audit frameworks requirements, permitting the CISO's team to immediately compare the organization's current security posture against the desired ‘golden posture' and immediately take corrective action. CyberPosture Intelligence provides a set of visibility and control capabilities that allows organizations to automate security policy across their hybrid cloud data centers to reduce a growing attack surface and assure compliance with industry regulations.

"Cavirin for the first time is truly integrating continuous compliance and cloud security posture management into a single, actionable view for the CISO and their teams," said Nemi George, Senior Director of Information Security and Service Operations at Pacific Dental Services. "This innovation will help cut through the myriad of operational noise (event alerts and notifications), helping to identify the real risks across our hybrid infrastructure whilst providing actionable intelligence."

According to research conducted by ESG, businesses plan to increase the number of workloads they have deployed in a public cloud platform. However, as more organizations leverage the flexibility of both on-premise and public cloud platforms to gain agility in an increasingly competitive business environment, the need for cybersecurity and mitigating risk becomes complicated by the resulting expansion of the intrusion surface. The new CyberPosture Intelligence capabilities from Cavirin close the loop for protection, monitoring, and remediation across cloud workloads and cloud security posture management, while permitting organizations to retain full control of their assessment data, important in many verticals such as those subject to FedRAMP. This approach differs from a SaaS-based solution where confidential data is sent outside of the user's environment.

"With hybrid cloud growth, enterprises need a solution that includes both workloads as well as securing their portion of the cloud under the shared responsibility model," said Doug Cahill, Senior Analyst and Group Director at ESG. "Cavirin's approach is another great example of the convergence of disparate controls, which makes a ton of sense for both security and operational reasons."

The latest Cavirin CyberPosture Intelligence release delivers technical innovations for the hybrid enterprise on multiple fronts:

• A new ‘CISO Dashboard' delivers a "credit-score" like representation of the organization's risk, security and compliance posture across Amazon Web Services (AWS), Google Cloud, Azure, containers and on-premise infrastructure. CyberPosture scores help organizations prioritize and respond to their most important issues. Cavirin's CyberPosture scoring extends the NIST CyberSecurity Framework by factoring signals of risk including those indicated by over 27 security and compliance benchmarks for AWS, GCP, Azure, Docker, Kubernetes and on-premise infrastructure. Organizations can also influence issue prioritization by differentiating resources based on their confidentiality, integrity, and availability impact.
• A new integrated cloud workflow scales to large deployments to identify, monitor, and then automatically remediate cloud services. The solution's closed-loop capabilities are available via a Cavirin authored AWS Lambda function, with Google Cloud and Azure planned by end of 2018.
• New Google Cloud security posture capabilities include over five hundred individual network policies as well as support for a set of key CIS policies to maintain account integrity. This is in addition to the system's current support for target VM and container workloads on Google Cloud. Cavirin has co-authored the new CIS Google Cloud Platform Foundation Benchmark, available vis CIS.
• A new policy definition language permits Cavirin and partners to rapidly map new standards and benchmarks to technical controls. Examples of this include support for the recent CIS Azure Benchmark, Azure and Google Cloud network policies, and frameworks supporting California Consumer Privacy Act technical controls as well as IT General Controls (ITGC).

"I'm proud of innovations delivered for CyberPosture Intelligence for multiple clouds with this release," said Brajesh Goyal, Vice President of Engineering at Cavirin. "While adding new capabilities, we continue to focus on ease of use and time-to-value, with our CyberPosture Intelligence solution deployable equally well by Fortune 500 enterprises, commercial accounts, and Managed Security Service Providers."