The container security support includes continuous monitoring capabilities that are integrated with Amazon Simple Notification Service (SNS). This allows for the creation of event-driven security policies to monitor, alert, and act upon customized security policies.
Dave Ginsburg, vice president of marketing at Cavirin, explained the company generally focuses its initial release plans on a single platform — Docker in this case — before expanding support to other platforms. He noted Cavirin was part of the most recent Center for Internet Security (CIS) update for the latest Kubernetes 1.8 release.
Cavirin also integrates AWS’ CloudTrail monitoring platform to track launched instances, modifications to Amazon Virtual Private Cloud (VPC), access control list changes, and security group changes triggered through AWS Lambda. Ravi Rajamiyer, vice president of engineering at Cavirin, said Lambda is one of the more common ways its customers manage access to security groups.
Lambda is AWS’ serverless computing platform, which has become an early standard in the space. Serverless computing, which is often referred to as a function-as-a-service platform, further abstracts applications from standard architecture to reduce operational overhead.
Rajamiyer said the company was looking to expand triggered support to serverless platforms from Microsoft Azure and Google Cloud Platform (GCP). Ginsburg noted Cavirin’s “agentless approach” was well suited to function-as-a-service platforms.
Docker Focus of SaaS
Cavirin also launched its SaaS product – dubbed C2 – as an extension of its current hybrid cloud security platform. C2 is available through a usage-based, pay-as-you-go pricing model.
Ginsburg said initial SaaS support would be limited to within AWS, but that the targets of the assessments can be in any CSP or on premises.
“For example, a customer may have servers in both AWS and Azure,” Ginsburg explained. “This demonstrates the offering’s versatility. After we launch the AWS-based service, we plan to do the same for Azure and GCP.”
“We admit that there are some companies that look at a single environment and go deep in one way or another,” Ginsburg said. “We firmly believe that there is a need for a cross-environment solution that is easy to consume with minimal on-boarding and training.”
Gartner recently forecast the cloud security services market to generate $5.9 billion in revenues this year, before nearing $9 billion in revenues in 2020.