Cavirin’s Continuous Security for Hybrid Workloads Adds Monitoring and General Data Protection Regulation (GDPR) Support

Cavirin Systems, Inc., offering continuous security assessment and remediation for hybrid clouds, containers, and data centers through correlated risk scoring and simple deployment, announced today additional continuous monitoring capabilities as well as GDPR support, critical for organizations doing business in or with the European Union (EU). Other new benchmarks supported include the Health Information Trust Alliance (HITRUST) as well as guidelines issued by the New York Department of Financial Services (NYDFS) and the Criminal Justice Information Services (CJIS).  

Cavirin’s microservices-based assessment and remediation platform is agentless, permitting multiple deployment options across private/on-premise environments as well as public clouds. The platform’s new capabilities offer event-driven security monitoring with a real-time view of any and all changes to the organization’s on-premise and/or cloud infrastructure and assesses the impact on the security posture. These capabilities eliminate the need for an agent, which can introduce performance and maintenance issues and add management overhead to already stretched IT operations teams. The security monitoring of AWS cloud workloads is greatly simplified by the integration of Cavirin’s platform with CloudTrail, which provides flexibility for configuring and creating alerts for specific security events and the automated remediation that might follow.

"Cavirin’s platform offers us the flexibility and coverage to enable us to maintain a complete view of our risk posture across our environment," said James Tu, Chief Information Security Officer of Cepheid. "Being able to continually assess our workload security and immediately take corrective action if required helps better secure our server environment."

Compliance with the General Data Protection Regulation (GDPR) will become a requirement within a year for any company handling personal information belonging to EU citizens, irrespective of their physical location. In addition to Cavirin’s broad support for international guidelines, the platform now supports a GDPR-specific module that permits testing of an organization’s technical controls and identifies any weaknesses, in addition to a manual attestation module that applies to people and processes. Cavirin already supports Tier 1 cloud service providers including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, who have already announced support within their infrastructures for GDPR, so the support from the Cavirin platform completes the equation.

Other new frameworks supported include NYDFS, HITRUST, and CJIS. NYDFS helps companies verify technical compliance with the New York State regulations that mandate a holistic approach to cybersecurity, including periodic risk assessments. HITRUST enables healthcare organizations to align to the Common Security Framework to safeguard the integrity of personal data. It complements Cavirin’s existing HIPAA-HITECH support. Lastly, the CJIS framework helps organizations with the technical controls to protect CJI data. When used to fulfill the organization’s role within the cloud shared-responsibility model, and in conjunction with a cloud provider such as AWS that complies with CJIS, it assures multi-layer security.

Other new capabilities include Custom Dynamic Policies, a powerful way of tailoring policies to an enterprise’s applications, is more accurate, extensible, and targeted than off-the-shelf benchmarks. The company also continues to enhance its DevSecOps capabilities with a new Docker image-specific Patches and Vulnerabilities Policy Pack to complement the Cavirin-authored Docker Image Hardening module. Cavirin also enhances the CI/CD pipeline by now integrating with platforms such as Jenkins. With these features, security-minded application development teams can bring in security as an acceptance criterion, thus left-shifting the security management well before applications hit production environments.

The new capabilities are immediately available with the platform available for on-premise deployment as well as within the AWS and Azure marketplaces.

"We continue to add new customer-driven features to our Cloud Workload Protection Platform," said Dr. Rao Papolu, CEO of Cavirin. "Our new capabilities add to the utility of the end-to-end risk scoring required by customers as they adopt a multi-cloud and container architecture."