Cyber-security startup Caveonix has emerged from stealth mode with the introduction of its RiskForesight platform for hybrid cloud workload protection.
RiskForesight provides cyber-risk and compliance features for workloads that span both on-premises and cloud deployments. At the core of RiskForesight is Caveonix’s CaveoIQ machine learning and predictive analytics technology that provides compliance risk mitigation capabilities. Caveonix announced the availability of RiskForesight on Aug. 22; the platform will be demonstrated at VMworld 2018 in Las Vegas from Aug. 27-31.
“The focus for the company is providing a proactive, risk-based defense for hybrid cloud environments,” Kaus Phaltankar, co-founder, president and chief technology officer of Caveonix, told eWEEK. “As the name of our product RiskForesight implies, it provides foresight into enterprise cyber-risk.”
Caveonix got started in May 2017 and is now coming out of stealth with RiskForesight, which has its roots in technologies that the company acquired in 2017 called Eunomic. Phaltankar explained that Eunomic’s product provided orchestration of cyber-security policy deployments across network infrastructures.
“We took the Eunomic technology, which was a narrow market solution, and broadened it for cloud and data center environments, providing a wider scope and a larger set of capabilities,” he said.
Measuring Risk
RiskForesight makes use of the National Institute of Standards and Technology (NIST) risk management framework for performing quantitative risk analysis, according to Phaltankar. With RiskForesight, organizations can track risk over time and adjust policies as well as take actions based on the latest threat data and compliance requirements. The ability to take action is a key attribute of the RiskForesight platform, he added.
“We’re not just a monitoring company where you can understand what the risk is but not be able to take an action,” he said. “We have an Act module in the product that allows you to take an action after risks are detected or predicted.”
From a deployment perspective, Phaltankar said RiskForesight has an API-based integration for hybrid cloud workloads. On the enterprise side, the API integration is with VMware technologies including vCloud Director, vRealize automation, vCenter and NSX. As soon as an organization starts a workload on VMware, Caveonix’s system starts the risk analysis to help ensure and enforce risk compliance, he said. After a workload starts, the RiskForesight system continuously monitors the VMware environment for compliance and risk. In the cloud, Caveonix has integration with OpenStack as well as Kubernetes-based environments.
Caveonix has also created a normalized policy abstraction layer to make it easier for organizations to have a consistent policy for risk across different cloud deployments.
“Each application represents an intent, and that’s what we capture, whether from a customer definition or via machine learning for a baseline of what is normal activity,” Phaltankar explained. “We objectify the intent into implementation code, maintaining a consistent policy for the intent across the different cloud platforms.”
One area of workload intent that is not currently covered by Caveonix is user behavior. Phaltankar said the current focus of RiskForesight is on workloads, though he noted that adding some form of user analytics is on the roadmap for the future. He added that currently Caveonix also has support for Amazon Web Services (AWS) and will be extending support to Microsoft Azure and the Google Cloud Platform in the future.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.