Caveonix, the provider of a unified platform for hybrid multi-cloud governance, compliance, and security management, is launching the fifth-generation offering of its Caveonix Cloud platform, built to provide actionable insights and real-time continuous protection of applications.
“As organizations are developing and delivering applications at a record pace, securing software development lifecycles, and ensuring continuous compliance across hybrid multi-cloud environments is becoming a tremendous challenge,” said Kaus Phaltankar, co-founder and CEO of Caveonix. “Keeping this in mind, we designed Caveonix Cloud 5.0, an innovative platform for comprehensive full-stack visibility to all your hybrid cloud assets, helping customers prioritize findings for high efficiency and effectiveness and staying continuously compliant with all local to global regulatory and industry requirements.”
Whether applications are built on containers, cloud native services, or traditional three-tiered architectures, Caveonix Cloud 5.0 utilizes its DefenseBot technology—as well as policy enforcement execution for Zero-Trust implementation—to continuously protect those applications.
“What DefenseBot technology essentially provides is, in real-time, it can detect the spin up and assess it against the policy; if you ask it to be set in an alert-only mode, it will send out an alert. Alternatively, if you ask it to mitigate mode, then you can actually change the policy and then secure the asset,” said Phaltankar.
Featuring fully integrated eGRC, Cloud Native Application Platform (CNAPP), Cloud Security Posture Management (CPSM), and Cloud Workload Protection Platform (CWPP), the next-gen platform offers capabilities that help a range of enterprise roles to proactively manage their security and compliance posture landscapes.
AI-powered CNAPP, a new platform capability, helps to secure the entire DevOps lifecycle from coding, to testing, to deployment. Gathered under a shift-left methodology umbrella, the Neural-Insight AI engine automatically checks security configurations in infrastructure as code (IaC) before and during deployment. This happens within a CI/CD pipeline, ensuring all potential risks are detected and resolved at the source of its inception. Users can additionally write custom policy checks with YMAL and REGO language, according to the vendor.
“In your pipeline, whether it's Jenkins or Ansible, or cloud native pipelines, we can actually run the assessments based on policies that are predefined,” explained Phaltankar. “We have over 10,000 policies prebuilt and then you can also write your custom policies and if they fail, we can send the note to Jenkins to stop the deployment. And that's also for any containerized deployments happening with Kubernetes.”
The platform additionally offers enhanced attack path visibility, leveraging risk analytics and quantification to drive accelerated understanding of actions and their impacts. By identifying and assessing new critical risk combinations, this feature maps the attack path with a graphical representation for streamlined ingestion of attack potential.
With automated eGRC, Caveonix Cloud 5.0 standardizes processes, models scenarios, and more effectively prepares for continuous ATO (cATO). Automated eGRC simplifies internal controls, ultimately driving collaborative workflows that ensure accountability, efficiency, and compliance.
“Our full eGRC capability is built in, and this allows you to document all your non-technical controls, the policy process procedure, any documentation on technical controls, and create a full audit and compliance package for your internal review and external audit review,” said Phaltankar.
The next-gen platform also features powerful anomaly detection which locates anomalies in user behavior, application behavior, and network flows; these endpoints are then automatically quarantined by the platform’s AI engine, mitigating the spread of infection to other assets.
Customizable dashboards, another enhanced feature in Caveonix Cloud 5.0, is configurable based on user and associated role, enabling a range of users to ensure their default dashboard is in alignment with their unique needs and workflows. Underpinned by a rich library of insights, users can assess risk and take appropriate action based on their personal dashboards that support a wide variety of categories—including CIEM, compliance, risk, public exposure, and more.
To learn more about Caveonix Cloud 5.0, please visit https://caveonix.com/.