CyberPosture Intelligence for Your Hybrid Infrastructure

Transcription

1 VALUE BRIEF CyberPosture Intelligence for Your Hybrid Infrastructure CyberPosture is a consolidated risk score, based on configuration and workload analysis, that executives can present to their board, and that makes sense for business people. Technology agnostic, Cavirin breaks down silos, is simple to deploy, and delivers the situational awareness to help you immediately detect and correct drift from your golden posture. HYBRID CLOUD SECURITY Today s organizations are faced with the challenge of managing security and automating best practices across their hybrid cloud. The CISO s job is becoming more complex, and he or she doesn t have the tools required to enable the required visibility and intelligence. In fact, although over 80% of enterprises have adopted a hybrid cloud, 9 out of 10 identify security as a major issue, and less than a third are using unified security tools that span on-premise and the cloud, or across two or more cloud operators. Traditional solutions provide siloed, delayed visibility, and require manual security remediation and testing, not well suited for the flexibility and velocity of the hybrid cloud. CAVIRIN S SOLUTION Cavirin delivers CyberPosture intelligence for the hybrid cloud by providing real-time risk & cybersecurity posture management, continuous compliance, and by integrating security into DevOps. The Cavirin platform combines automated discovery, infrastructure risk scoring, predictive analytics, and intelligent remediation to help organizations of all sizes leverage the cost savings and agility of the cloud without increasing operational risk or reducing their security posture. It eliminates the gaps and risks inherent with current approaches. Cavirin s solution delivers the broadest horizontal coverage in the industry, deployable on-premise, within AWS, Google Cloud, and Azure, and is available as a SaaS offering. It secures the public cloud account posture as well as server workloads, both VM and container. The agentless solution offers continuous visibility, is quick to deploy, API-driven, and scales to the largest physical and virtual infrastructures. Cavirin offers up-tothe-minute compliance and risk assessments to supply audit-ready evidence as measured by every major regulatory and security best practice framework, including CIS, DISA, GDPR, SOC, PCI, and HIPAA, as well as customized internal corporate policies.

2 REAL VALUE THROUGH PRODUCT CAPABILITIES Reduce attack surface across AWS, Google Cloud, Microsoft Azure, and container deployments. Container security includes OS hardening, image security assessment, container runtime monitoring, and DevOps security automation. Continuous visibility and OS hardening based on patented technology, and a powerful monitoring architecture reduce vulnerabilities and chance for breach. Immediately detect and correct configuration drift from your baseline security posture. Furthermore, predictive analytics moves you from reactive to preventive. Predict events and provide recommendations for auto remediation. Deep discovery using the broadest set of frameworks (NIST, DISA, etc.), benchmarks (CIS OS, cloud, and Docker), and guidelines (SOC, ISO, GDPR, PCI, HIPAA) across OSs and networks. Fast and easy deployment in on-premise, SaaS, and cloud environments. A powerful hybrid-group function allows selection and analysis of workloads spanning on-premise and multiple cloud operators, creating a true end-to-end, unified view of the security posture. An agentless architecture speeds and simplifies discovery and analysis with no impact to workloads and scales-out with the cloud, as well as helping to identify rogue IT. A DevOps-friendly API-first architecture with the Risk Signaling Engine (RSE) interfaces to third-party platforms, such as access management, identity management, vulnerability assessment, logging, notification, and others. The RSE communicates the correlated risk scores used for predictive analytics. Our deployments across AWS and GCP are a good match for the hybrid cloud capabilities of the Cavirin platform. Their support for frameworks and regulations including ISO and SOC2 will help us maintain continuous compliance across our cloud deployments. RELTIO CyberPosture Intelligence for the Hybrid Cloud

3 WE ARE A SOLUTION FOR: Real-time Risk and Security Posture Management A central CISO Dashboard depicts exactly what organizations have at each moment and where they are located. This includes cloud account security posture, as well as virtual machines and container instances. Automated DevOps Security for Hybrid Environments Bridging the gap between DevOps and SecOps, our security workflow helps SecOps automate security and compliance during code development, staging, and deployment. Compliance Management for Hybrid Infrastructures We remove security compliance as a barrier to cloud adoption by delivering one-click compliance across the broadest set of frameworks, benchmarks, and guidelines available today. We are deploying the Cavirin platform to help ensure compliance with government regulations, given our organization s focus. In addition, Cavirin s open architecture and container support permit us to easily integrate its capabilities with our DevOps environment. HUMAN LONGEVITY COMPETITIVE ADVANTAGES Implementation Options Deployable on-premise, within the cloud (AWS, Google Cloud, Azure), or as a SaaS offering. Leadership Role for Coverage & Extensibility Broadest set of frameworks (NIST, DISA, etc.), benchmarks (CIS OS, cloud, Kubernetes, and Docker), and guidelines (SOC, ISO, GDPR, PCI, HIPAA) across OSs and networks. Broad Horizontal Reach Native on-premise, multi-cloud, and container deployments with single click monitoring and remediation. Open APIs Complementary to cloud automation, orchestration, workload cost management, and disaster recovery platforms. Strong DevSecOps capabilities for CI/CD via Open APIs. CyberPosture Intelligence for the Hybrid Cloud

4 Cavirin s Unique Value Flexible: Implements corporate and regulatory policies together; customize and then monitor in real-time. Fast: Wizard-driven UI delivers installation to remediation in under 30 minutes. Interoperable Works with existing security tools and can take input from these tools to combine with analysis and show ongoing security posture. Focused: Guides the customer to the most urgent items to correct. Cavirin s support for Azure will permit us to address both aspects of cloud security the security posture of the cloud itself, as well as the individual workloads. Their vision of a CISO dashboard extending across the hybrid infrastructure is where we see the market going, and will help us deliver a more comprehensive and competitive service. Atmosera. Seamless: A single, unified view that supports the same security posture for on-premise systems and the hybrid cloud. Cavirin Systems, Inc Great America Pkwy Suite 419 Santa Clara, CA CyberPosture Intelligence for the Hybrid Cloud

5 DATASHEET CyberPosture Intelligence for the Hybrid Cloud Benefits to Stakeholders CISOs can assess risk and risk trends associated with their hybrid infrastructure. Overview Cavirin CyberPosture Intelligence combines automated discovery, monitoring, infrastructure risk scoring, and remediation guidance to help organizations of all sizes leverage the cost savings and agility of the cloud without increasing operational risk or reducing their security posture. It eliminates the gaps and risks inherent with current approaches. Cavirin s CyberPosture Intelligence solution delivers the broadest horizontal coverage in the industry, deployable on-premise, within AWS, Google Cloud, and Azure-- securing the public cloud account posture as well as server workloads, both VM and container. The agentless solution offers continuous visibility, is quick to deploy, APIdriven, and scales to the largest physical and virtual infrastructures. Cavirin offers upto-the- minute compliance and risk assessments to supply audit-ready evidence as measured by every major regulatory and security best practice framework, including CIS, DISA, GDPR, SOC, PCI, and HIPAA, as well as customized internal corporate policies. At its core, Cavirin allows enterprises to maintain their golden cybersecurity posture through: VPs of Infrastructure can be assured that Continuous Development/Continuous Integration do not compromise infrastructure security. Chief Compliance or Chief Risk Officers can ensure audit-readiness. SecOps professionals can leverage prioritized response plans to improve their CyberPosture. Continuous risk and cybersecurity posture management via automated scoring Integration of security into DevOps via Cavirin s APIs Continuous compliance to the most comprehensive suite of industry regulations, best practices and frameworks Prioritized remediation guidance for golden posture

6 DATA SHEET CYBERPOSTURE INTELLIGENCE FOR THE HYBRID CLOUD 2 Key Features Agentless Resource Discovery - Agentless discovery of on-premises and AWS, Azure, GCP and Docker resources enables a unified view of all assets at layers including the cloud account, operating systems, containers and container orchestration. Authentication modes for AWS include ARN, IAM roles and Access/Secret Keys, while GCP and Azure are authenticated via service accounts. CyberPosture Dashboard - Armed with visibility, Cavirin continuously assesses the security posture of all managed cloud services and workloads to compute a CyberPosture score, a number between 0 and 100. A score of 100 represents the least risk. Representing risk in this manner facilitates prioritized response plans and in-depth security analytics including score drill downs from the company level to asset groups, individual resources, policy pack/ control families and operating systems. At any of these levels, Cavirin depicts trends of CyberPosture scores to help CISOs assess the impact of security posture improvements. Enterprise Integrations - Cavirin can push change requests into JIRA and ServiceNow for failed policies/controls, helping DevOps users manage work assignments in those systems. Notifications related to completed assessments and real-time monitoring alerts can be pushed to PagerDuty and Slack. Continuous Monitoring & Alerts - Complementing Cavirin s control and compliance frameworks, the solution aggregates events from AWS CloudTrail to detect indicators of compromise of your infrastructure. The alert system is based on thresholds for specific events available via AWS CloudTrail. For example, you can alert SecOps if more than a threshold of AWS instances are instantiated within an hour a well-known pattern of abuse or breach of AWS infrastructure. Any alert can result in a notification via Slack, Pager- Duty or . Alerts can also trigger an AWS Lambda function. Intuitive Workflow - The CyberPosture Dashboard is integrated with a workflow that guides the operator through cloud account selection, target workload discovery, framework selection, monitoring configuration, and finally assessment and remediation. This wizard-based approach reduces training requirements and the potential for error. Comprehensive Reports - Assessments of control frameworks can be run on-demand or on a daily, weekly or monthly schedule. In all cases, reports are generated at the following levels: Asset Group report (Excel, PDF) for a given collection of resources. This report depicts an asset group CyberPosture score, its trend and the ability to drill down by Policy Pack or resources. Cloud Report for AWS and Azure (Excel, PDF). This report depicts pass/fail for policies in the AWS CIS Foundation, AWS 3-Tier Benchmark, AWS Network Policy Pack, AWS HIPAA, AWS PCI or CIS Azure Benchmark. Device report for compute resources (Excel, PDF). This report depicts pass/fail for policies in the various OS hardening policy packs including CIS, HIPAA, PCI and so on, for each compute resource. Remediation report for failed policies (Excel, PDF). This report depicts the list of devices failing each policy for in the various OS hardening policy packs including CIS, HIPAA, PCI, etc. Configurable Controls - Any policy or policy pack can be suppressed to help organizations customize pre-built control frameworks to align with their CyberPosture strategy. Suppressed policies do not impact CyberPosture scores and are audited in compliance reports. In addition, Cavirin s CyberPosture Language can be used by SecOps teams to author organization-specific controls and enforce them*. In the Policy Editor mode, such controls can evaluate any OS-level configuration*. In the Policy Builder mode, less technical users can drag and drop and build rules that evaluate presence of packages or files*. Once these rules are approved for an organization, they can be added to a custom policy pack to augment CyberPosture assessment and scoring. Comprehensive CyberSecurity & Compliance - With Control Frameworks for AWS, GCP, Azure and Containers, Cavirin automates CyberPosture assessments using a suite of configuration and vulnerability management frameworks as follows. Some of these frameworks were authored by Cavirin as indicated below. In aggregate, these frameworks result in 80,000+ controls. * Future release

7 DATA SHEET CYBERPOSTURE INTELLIGENCE FOR THE HYBRID CLOUD 3 Inject Security into CI/CD Workflows - As an API-first platform, Cavirin can inject security into CI/CD workflows so that only containers that meet security golden posture are promoted to development, staging and production. Remediation Guidance based on Golden Posture - Based on a target CyberPosture score, Cavirin can generate an optimized response plan consisting of the list of failed policies, which if addressed will help an organization achieve its target posture. Ansible and Chef playbooks can be authored using the remediation guidance from Cavirin. Top Benefits to Enterprises CyberPosture scores in under 15 minutes. The first CyberPosture scores can be available in under 15 minutes given Cavirin s agentless architecture Protect infrastructure through comprehensive cybersecurity controls Automate DevSecOps by securing containers and images prior to deployment Early warning of breaches or compromise of infrastructure using real-time monitoring of AWS CloudTrail events

8 DATA SHEET CYBERPOSTURE INTELLIGENCE FOR THE HYBRID CLOUD 4 Specifications Control Frameworks For Public Clouds CIS AWS Policy Pack v1.1.0 (43 controls): spans 9 AWS services including IAM, EC2, S3, VPC, Security Group, KMS, CloudWatch, CloudTrail, AWS Config CIS AWS 3-Tier Web Policy Pack (84 controls): spans 17 AWS services including EC2, S3, EBS, IAM, ELB, RDS, Auto-Scaling, IAM, VPC, Security Groups, Subnet, NAT Gateway, CloudFront, CloudWatch, SNS, Route 53, AWS Config AWS Network Policy Pack: spans controls for 500 common ports CIS Microsoft Azure Policy Pack v1.0.0 (Cavirin-led) with 25+ controls For Containers Cavirin Docker Image Hardening Policy Pack CIS Docker Community Edition Policy Pack (Cavirin-led) Cavirin Docker Image Patches and Vulnerabilities Policy Pack CIS Kubernetes Policy Pack v1.1.0 (Cavirin-led) Container Linux (CoreOS) Hardening Policy Pack v1.0.0 For Security (OS Level) NIST R4 Policy Pack v1.1.0 NIST Policy Pack v1.1.0 NIST CyberSecurity Framework Policy Pack v1.1.0 CIS Policy Pack v1.0.0 DISA Policy Pack v1.0.0 Cavirin Patches & Vulnerabilities CIS Google Chrome Policy Pack v1.2.0 For Compliance PCI DSS 3.2 Policy Pack v1.1.0 HIPAA Policy Pack v1.1.0 ISO 27002:2013 Policy Pack v1.1.0 AICPA SOC 2 Type II v1.1.0 PCI DSS 3.2 AWS Policy Pack v1.0.0 HIPAA AWS Policy Pack v1.0.0 CJIS Policy Pack v1.0.0 GDPR Policy Pack v1.1.0 The Patches & Vulnerabilities Policy Pack is updated every two weeks. The remaining policy packs are updated once per month. Deployment Options For deployments in VMware and KVM, use Cavirin s OVA format Launch Cavirin from Azure or AWS Marketplaces Create custom deployments in Azure, AWS, or GCP using AMI/VHD formats or use the Cavirin installer Operating System Based Policy Packs Amazon Linux (2016 and 2017 versions) Ubuntu (12.04, 14.04, 16.04) Debian 7, 8, 9 CentOS 6, 7 RedHat Linux 6, 7 Windows 7, 8, 10, Windows Server 2008, 2012, 2012R2, 2016 Horizontal Scale To scale out assessments, a four node cluster can be set up consisting of a control plane, a database node, a workflow node and a Patches & Vulnerabilities workflow node. Minimum Resource Requirements For compliance and security use cases that do not involve real-time monitoring, a single virtual machine is adequate. Certified configurations include: VMware: 4 core x 16 GB memory with 300 GB disk benchmarked to assess 1,000 target devices for CIS Policy Pack in 5 hours VMware: 8 core x 64 GB memory with 300 GB disk benchmarked to assess 12,000 target devices for CIS Policy Pack in under 10 hours AWS EC2 m4. xlarge: 4 core x 16 GB memory with 300 GB disk benchmarked to assess 1,000 target devices for CIS Policy Pack in under 3 hours AWS EC2 m4.4xlarge: 8 core x 64 GB memory with 300 GB disk benchmarked to assess target devices for CIS Policy Pack in under 10 hours Cavirin Systems, Inc Great America Pkwy, Suite 419 Santa Clara, CA sales@cavirin.com Copyright 2018 Cavirin Systems, Inc. All rights reserved.