Customer Challenge

Today, the customer has their on-premise datacenter but wants to extend to the public and private clouds such as Amazon, Azure, or IBM cloud. Each environment may have its own technology stack with different controls. So how can customers embrace the hybrid cloud in a secure and compliant way?  How can they ensure that they can leverage their existing security policies without any boundary between internal and external clouds?

Introduction

Caveonix is the first company introducing a common Risk Management Control Plane (RMCP).  RiskForesight’s Risk Management Control Plane (RMCP) creates a secure and compliant on-ramp from Azure, to Rackspace, to AWS.  This on-ramp enables your digital transformation by ensuring a secure and compliant way to the hybrid cloud. The Risk Management Control Plane (RMCP) ensures continuous and proactive protection of workloads regardless of the cloud provider.

Solution Deep Dive

RiskForesight’s RMCP is a common control plane across the hybrid cloud that:

  • Maintains continuous and real-time visibility of workload deployments at scale
  • Incorporates the knowledge of the latest cyber threats and regulatory compliance needs
  • Evaluates workload specific Cyber and Compliance risks due to vulnerabilities and configuration issues
  • Provides proactive defense for each application and its workload using agentless enforcement at network, security and compute control planes of deployment

Each of the planes of the RMCP extends to the boundary of the hybrid cloud creating insight at the various levels of the stack by determining what has changed across each of these planes. It defines what is required to maintain a common and consistent security policy and framework across by analyzing what has changed across the security plane and ensures a consistent control framework for compliance, compliance monitoring, and non-compliance risk mitigation by analyzing changes to the management plane.

The Risk Management Control Plane (RMCP) consists of reporting and protection planes.  The reporting control planes include compliance and cyber risk posture planes whereas the protection control planes include the network, security, compute, and management planes.

The protection planes ensure proactive or reactive actions at the network, security and compute control planes of the cloud infrastructure, irrespective of the cloud provider and their cloud technology stack. The level of abstraction offered by RMCP enables secure and compliant on-ramp to manage hybrid cloud landscape with as little friction as possible. This abstraction helps ensure smooth digital transformation for Enterprises without losing security control or exposing applications and organizations to compliance risks.

The Reporting Planes provide the Single-Pane-of-Glass view of Cyber and Compliance risk posture for service providers and Enterprise tenants to see workload details, configuration or vulnerability issues, network flows, and alerts for proactive risk mitigation across the Hybrid cloud.

RiskForesight’s Detect, Predict, and Act modules intersect each of these planes. The Detect module determines the changes to the control planes to provide real-time visibility into deployed workloads.    The Predict module takes multi-dimensional data from each of these control as input into the CaveoIQ predictive analytics engine for risk modeling. The Act module identifies which is the best control plane to protect a workload as there are multiple ways to use the control planes to perform a defensive or protective action:

  • Isolation at the security plane by deploying a security policy
  • Shutting down a workload or an application at the compute plane
  • Removing a workload to address a compliance issue at the compliance plane
  • At the compliance level, I may take it out compliance list
  • Segmenting an application at the network level