Caveonix RiskForesight introduction
Enterprises that undergo a digital transformation are adopting a hybrid cloud strategy. This strategy includes workloads in both the private cloud and multiple external cloud environments, such as the public cloud or a cloud managed by a service provider. Most enterprises are also faced with the challenge of protecting an ever-increasing attack surface while simultaneously maintaining compliance with industry and regulatory compliance requirements.
To protect this expanding attack surface, enterprises need continuous visibility into workloads from the start until the end of their lifecycle. Enterprises must maintain a “full-stack” understanding of the workload vulnerabilities and configuration issues at the infrastructure, platform, and application level in the context of threats and compliance requirements. Enterprises need predictive analytics to “connect the dots” to give a proactive view of their cyberrisk and compliance risk posture in this vast, new hybrid world.
Caveonix RiskForesight™ provides proactive workload protection from risks due to cyberthreats and regulatory compliance issues. It provides real-time visibility into what is running in an enterprise’s hybrid cloud through native integration into cloud orchestration platforms. Combining such visibility with risk reduction models and enforcement actions that can be automated, RiskForesight quickly develops a prioritized list of actions to mitigate. RiskForesight is a multitenant-aware hybrid cloud workload protection platform that implements a proactive risk management framework. This framework can operate at multiple control planes: network, compute, security, and compliance, while the implementation of the framework at cloud scale is automated.
The platform is fully integrated into the VMware® technology stack from vCD, vRA, vCenter to NSX and many public clouds. The RiskForesight platform has three key modules: Detect, Predict, and Act, providing 360-degree visibility into hybrid cloud workloads in real time by natively integrating into hybrid cloud orchestration modules. It is the industry’s first, seamless hybrid cloud protection platform. This platform allows customers to see IT, cyberrisk and compliance risk across the full cybercontrol planes of network, security, compute, and compliance.
Caveonix RiskForesight enables the enterprise to meet industry standards and government regulatory requirements such as PCI, FISMA, HIPAA, GDPR, ISO, NESA, and others.
Caveonix RiskForesight is a multitenant cyberrisk and Compliance Management platform for the hybrid cloud, enabling an enterprise, and its business units, continuous cybersecurity, and compliance visibility into their workloads. The Detect, Predict, and Act modules extend the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). The extensions allow continuous monitoring, quantitative risk analytics, and protective actions in the Risk Management Continuum of Detect, Predict, and Act.
With machine learning and CaveoIQ Risk Analytics Engine, the solution provides proactive workload protection from risks due to cyberthreats. It provides a consistent security and policy framework across a hybrid cloud environment and is fully integrated into the cloud technology stack from VMware and public cloud providers such as AWS.
The three key services available through the RiskForesight GUI are Risk Management, Compliance Risk, and Forensic Management.
Risk management
- Continuous cyberrisk
- Cyberrisk scoring
- Vulnerability scoring and prioritization
- Supports industry-leading vulnerability and configuration scanning tools
- Global benchmarking standards
- Cyberrisk reporting
Compliance risk
- Automated compliance monitoring
- Compliance risk score dashboard
- Automated IA control assessment
- It supports the following global configuration benchmarking standards: PCI, FISMA, FEDRAMP, HIPAA, GLBA, GDPR, NERC CIP Reports Against SCAP, OVAL, and XCCDF.
- Continuously updated and mapped IA controls and standards libraries
Forensic management
- Log management
- Log collection from multiple sources
- Event detection, analytics, and visualization
- Graphical visualization of results
- Data aggregation from multiple sources
- Event-based analytics
- Full drill-down capability for events and log-based analysis
- Alerts and notifications