Ansible Playbooks and AWS Lambda Functions Integrated into Cavirin Close the Loop from Monitoring to Change Management
SANTA CLARA, Calif. – November 13, 2018 –Cavirin Systems, Inc., the only company providing risk, cybersecurity and compliance posture for the enterprise hybrid cloud, today announced auto-remediation capabilities spanning compute instances and cloud services in Amazon Web Services (AWS) and on-premise environments. Many organizations separate security posture monitoring from change management, leaving them exposed when security alerts monitored by SecOps teams wait for DevOps teams for remediation. Closing this security gap via auto-remediation is a key outcome enabled by Cavirin’s CyberPosture Intelligence.
Cavirin’s CyberPosture Intelligence secures both the public cloud control plane as well as target hybrid cloud workloads (servers), on-premise, within the public cloud, and within containers. The resulting CyberPosture score permits organizations to compare their current security posture against the desired ‘golden posture’ and immediately take corrective action. The latest update delivers auto-remediation workflows for both AWS as well as on-premise infrastructures as follows:
For AWS, Cavirin monitors network ports associated with AWS Security Groups and ranks vulnerabilities based on Cavirin’s CyberPosture Scoring methodology. DevOps users can remediate one or more security groups with one click, which invokes a Cavirin-authored Lambda function deployed within a customer’s AWS account(s). Remediation for Google Cloud and Azure will follow in upcoming releases.
For compute instances in AWS, Google Cloud, Azure or on-premise environments, Cavirin monitors operating level configuration parameters for drift compared to a golden state defined for a group of machines. Cavirin automatically creates the list of drifting machines as well as a list of configuration settings that require remediation in Ansible’s format. The Ansible server combines the Ansible artifacts with the Cavirin-supplied Ansible playbook to remediate machines to the golden state. The same approach can also be used to create ‘golden’ images during pre-production by assessing candidate images against a golden posture.
These workflows enable enterprises to significantly reduce the effort and time required to plug security holes and minimize risk, and align, in our opinion, with Forrester’s October 2018 ‘Best Practices: Cloud Workload Security’ report that recommends: “Take time to integrate CWS with CICD, DevOps, and other critical tools. IT pros increasingly use CICD pipeline tools like Ansible, Chef, Jenkins, and Puppet to build and configure workloads. Security tooling and configuration is not a cloud instance runtime task — it has to be designed and preconfigured into the build pipeline.”
“Cavirin’s capability to bridge security posture monitoring and change management, both on-premise and in the cloud, speaks to the flexibility and usefulness of the solution’s design,” said Brajesh Goyal, vice president of engineering at Cavirin. “This new functionality of Cavirin’s CyberPosture Intelligence platform is just the beginning of delivering a true closed-loop remediation solution across the hybrid cloud.
Cavirin removes security compliance as a barrier to cloud adoption through automation with the broadest set of customizable frameworks, benchmarks and guidelines available. The company will showcase its CyberPosture Intelligence solution at booth #2725 at AWS re:Invent 2018, which takes place November 26-30 in Las Vegas. For more information, please visit https://www.cavirin.com/why-cavirin/get-cyberposture-score or read our auto-remediation blog.