Cavirin Systems, Inc. demonstrated its closed-loop security
for Google Cloud, as well as Google Cloud Security Command Center (Cloud
SCC) integration at Next ‘19. A leader in providing Google Cloud
support, Cavirin delivers on the demands for continuous security and
compliance across platforms with its recently announced Google Cloud
security capabilities.
As
enterprises increasingly adopt hybrid and multi-cloud solutions, it is
critical that these environments are protected. Augmented with machine
learning, Cavirin closes the gap between monitoring and remediation,
while Google Cloud SCC integration offers users a single point of
security management across their different security tools. Combined with
Cavirin's CyberPosture scoring, which provides the user with a
real-time score that reflects their current cybersecurity posture across
both workloads and cloud services, Cavirin's Google Cloud capabilities
ensure a more secure hybrid cloud for critical applications.
"Our
partnership with Google Cloud highlights a commitment to offering
enterprises security across their hybrid environments, reducing the time
to identify an attack and then remediating," said Anupam Sahai, Vice
President of Corporate Strategy and Business Development at Cavirin. "By
closing the loop through monitoring, risk scoring and auto-remediation,
enterprise customers will reap the benefits of a secure ecosystem,
keeping any financial, reputational and legal security issues out of the
question."
Capabilities demonstrated included:
- Closed-loop Security for Google Cloud via Google StackDriver Monitoring and Google Functions for Auto-Remediation: This
closes the loop from monitoring to change management by offering
automated identification and correction of account and services security
issues before they become an issue. Manual remediation through
prioritized gap reports are supported as well. Services supported
include Virtual Private Clouds, Subnets, IAM, GKE, Compute Engine, Cloud
Storage, BigQuery, Cloud KMS, and more. Additional services will follow in subsequent releases.
- Workload Assessment and Remediation: Discovery
of and visibility into GCP workloads, both VM and container. The
solution assesses and then scores these assets against a broad set of
controls, including the NIST CSF, CIS, SOC2, PCI, HIPAA, and GDPR, and
then offers auto-remediation via Ansible Playbooks.
- Google Cloud Security Command Center integration: Helps
security teams prevent, detect, and respond to threats targeting their
Google Cloud Platform resources from a single pane of glass. This offers
visibility and control into risk posture monitoring and remediation of
the customer's Google Cloud services and resources configurations,
alerting the user to any changes including the what, who, and when, so
he or she can take action. Cavirin's Google Cloud SCC Companion is
available via the GCP Marketplace.
- Application of Machine Learning to Mapping of Technical Controls:
Cavirin is one of the first to apply machine learning to recommend
technical controls for industry standards (e.g. NIST 800-171) and
regulatory frameworks (e.g. HIPAA) with associated weights and
severities, which in turn drives the ability for customers to drive
compliance based on risk, using Cavirin's CyberPosture scores.
Cavirin
removes risk, security and compliance as a barrier to cloud adoption by
automating with a broad set of customizable frameworks, benchmarks and
guidelines. The company's solution secures both the public cloud control
plane as well as target hybrid cloud workloads (servers), on-premise,
within the public cloud, and within containers. Cavirin maintains its
cost-optimized footprint, quick deployment on-premise or within AWS,
Google Cloud, and Azure, and less than 30 minutes to first remediation
on-par with SaaS-based offerings.