Magazine Store

10 Fastest Growing Security Companies 2018

Providing Real-time CyberPosture Management: Cavirin


“Our top priority is helping our customers achieve and maintain the highest standards of security and compliance in the constantly changing technological landscape.”

Businesses today need access to the digital ecosystems of their partners, suppliers, and customers to succeed. To stay on the top, organizations have to be up to date with latest trends in the software industry. Moving to the cloud is not a choice anymore, it has become compulsory in order to grow.

Creating a hybrid-cloud platform allows workloads to move between private and public clouds as computing needs and costs change, giving businesses greater flexibility and more data-deployment options. However, one of the biggest concerns around hybrid cloud for organizations is data security. The biggest security concerns in a hybrid environment are compliance, lack of encryption, poor SLAs, data redundancy, data privacy, and visibility.

Headquartered in Santa Clara, CA, Cavirin’s CyberPosture Intelligence provides the CISO and stakeholders with situational awareness across their hybrid cloud by delivering real-time risk & cybersecurity posture management, continuous compliance, and by integrating security into DevOps. Cavirin’s cloud-agnostic solution breaks down silos, is simple to deploy, and helps immediately detect and correct drift from one’s ‘golden posture’ spanning both public cloud accounts as well as any VM or container workloads.

Industry Obstacles Addressed by Cavirin

In a recent survey from ESG, enterprises moving to the hybrid cloud (81% of those have a multi-cloud strategy) don’t have the visibility required to effectively manage risk. When moving to the cloud, security is still the number one concern. In addition, security is a challenge for 77% of respondents, while 29% see it as a significant challenge.

Cavirin addresses these challenges by offering real-time visibility into risk posture leveraging patented deep discovery as well as cloud account monitoring (i.e., AWS CloudTrail), assessment of the risk posture via the largest set of frameworks and remediation via DevOps automation. The company does this via an automation framework that delivers protection, monitoring, response, and prediction.

With the move to the hybrid cloud, organizations require not only visibility into their deployments, but the ability to remediate identified security gaps as well. Cavirin takes a horizontal approach that spans:

  • Workloads that are on-premise, still very critical
  • Workloads within public cloud deployments, including AWS, Azure, and GCP, though the architecture abstracts the CSPs so the firm could easily support others
  • Container/Docker deployments
  • Cloud account security posture

Dr. Rao Papolu, CEO of Cavirin says “Our competitors address one or two of these environments, but our customers and prospects tell us that to maintain an accurate view into their deployments, they need a platform that spans different domains and offers a consistent, normalized view.”

Cavirin’s new platform builds on past learnings to deliver capabilities not included in competitive offerings:

  • Open API-first architecture to facilitate 3rd party integration
  • Micro-services architecture for scale
  • Wizard-based assessment for the minimal learning curve and the chance of error
  • CSP-independent deployment
  • Best-in-class time to installation and the first assessment
  • Real-time monitoring collector
  • DevOps automation

Providing Golden Security Posture for Hybrid Environments

Cavirin’s software solution is deployable within minutes on-premise or within AWS, Azure, and Google Cloud, delivering first remediation guidance in under 30 minutes. It uniquely offers both cloud security posture management as well as continuous compliance for Linux, Windows, and Docker workloads (servers). Cavirin software automates protection, monitoring, and response. Its capabilities include:

Continuous Risk and Cybersecurity Posture Management: When migrating to the cloud, security and visibility are the main concerns for C-level executives. Cavirin offers a centralized solution supporting the discovery and monitoring of all resources permitting IT to stay on top of any risk related issues uncovered, simplifying training and saving money.

Integrating Security into DevOps: Bridging the gap between DevOps and SecOps, Cavirin automatically injects security into the DevOps cycle – development, staging, and deployment – through CI/CD integration.

Continuous Compliance Management: Cavirin removes security compliance as a barrier to cloud adoption by automating with the broadest set of customizable frameworks, benchmarks, and guidelines available.

Unique Strategies Assuring Success

Cavirin is the only organization that delivers CyberPosture intelligence for the hybrid cloud by providing real time risk & cybersecurity posture management, continuous compliance, further integrating security into DevOps.

The firm’s solutions offer continuous visibility, scale to the largest physical and virtual infrastructures and are agentless and multi-tenant. They offer up-to-the-minute compliance assessments, supplying audit-ready evidence as measured by every major regulatory and security best practice framework including CIS, DISA, GDPR, PCI, and HIPAA. With Cavirin, companies are empowered to make the right decisions faster and de-risk their cloud migrations.

Furthermore, Cavirin has developed the most comprehensive solution to address hybrid cloud workload and container security, as well as the security posture of the cloud accounts themselves. In order for organizations to be truly secure, they must deploy a platform that offers:

  • Real-time visibility into risk posture leveraging patented deep discovery as well as cloud account monitoring (i.e., AWS CloudTrail)
  • Accurate assessment of the risk posture via the largest set of frameworks
  • Remediation via DevOps automation

Cavirin’s solution provides this, uniquely offering organizations an ability to secure their hybrid cloud workloads and accounts. Its approach is not only suitable for large enterprises but is especially well-placed for smaller organizations that may not have large IT teams, are new to DevOps, or can’t integrate multiple security platforms. The company, therefore, permits a new class of customers to deploy best-in-class technology solving their business needs.

Cavirin’s Evolution and Growth


As Cavirin has evolved its product offerings and strategy, the company has addressed two major issues during 2017. The first was the development and release of its new platform. As background, in 2014 the company launched ARAP, its first virtual appliance for assessment and remediation. Based on experience with customers, an understanding of the changing market, and new technologies, Cavirin set out to develop a new platform while leveraging its key IP in deep discovery and target asset (workload) assessment. The latter half of 2016 and the majority of 2017 was spent developing this new platform, which became generally available in the 4th quarter of 2017. Hence, 2017 was a year of retooling not only Cavirin’s product offering but also it’s sales and marketing approach.

However, this matched with an evolution of the market where more customers were looking for a product that could meet their evolving hybrid cloud security needs. They needed a platform that could span on premise and cloud deployments, or even multiple public clouds and container deployments. Cavirin’s strategy is, therefore, a more horizontal approach the permits customers to save cost and deployment complexity via a single platform that balances risk and speed. This horizontal approach does, however, imply that the customer is accepting of ‘best of suite’ vs ‘best in class,’

Future Prospects

Cavirin, in working with its customers and analysts, has identified two critical issues in moving workloads to the cloud. The first is addressing the hybrid infrastructure, breaking down silos, and the second is providing visibility into both the servers as well as the cloud accounts. Going forward, the firm intends to build upon its strengths in these two areas by offering better remediation guidance, more comprehensive cloud security posture coverage across multiple public cloud providers, and delivery of its CISO Dashboard and CyberPosture score. These two combined will offer the CISO a single, at-a-glance view across their hybrid infrastructure that delivers actionable intelligence.

Magnificent Reviews from the Clients

One of the major customer of Cavirin is Pacific Dental Service (PDS), one of the country’s leading dental support organizations, providing supported autonomy to more than 630 dental practices. As a support services provider in the healthcare space, PDS is subject to HIPAA and other regulations.

“Cavirin offers the only solution for compliance reporting on a variety of security standards. Most other vendors offer vulnerability and patch management and compliance to a single standard such as PCI or SANS 20,” Says Nemi George, Sr Director Info Security & IT Governance at Pacific Dental Services.

For organizations like PDS and others, Cavirin’s platform is ideal for highly regulated industries where compliance is critical, like healthcare and finance.

Below are additional references, which illustrate the success of Cavirin:

“We are deploying the Cavirin platform to help ensure compliance with government regulations, given our organization’s focus. In addition, Cavirin’s open architecture and container support permit us to easily integrate its capabilities with our DevOps environment.”

- Ernesto Ruy Sanchez, DevOps Manager, Human Longevity, Inc

“Our deployments across AWS and GCP are a good match for the hybrid cloud capabilities of the Cavirin platform. Their support for frameworks and regulations including ISO and SOC2 will help us maintain continuous compliance across our cloud deployments.”

- Peter Bierfeldt, Chief Information Security Officer, Reltio

“Cavirin’s support for Azure will permit us to address both aspects of cloud security – the security posture of the cloud itself, as well as the individual workloads. Their vision of a CISO dashboard extending across the hybrid infrastructure is where we see the market going, and will help us deliver a more comprehensive and competitive service.”

 - Ray Espinoza, VP and Chief Information Security Officer, Atmosera

Meet the Virtuoso

Dr. Rao Papolu, CEO, and Chairman: Dr. Rao has been serving as Cavirin’s Chairman of the Board of Directors and he became Chief Executive Officer of Cavirin Systems, Inc. in March 2016. Dr. Rao led the acquisition of Cavirin in 2012 and guided its evolution from a network change and configuration technology that originated from Bell Labs and transformed into a leading security and compliance solution today.

Dr. Rao proactively drives Cavirin’s vision, strategy, and operations as the cybersecurity landscape evolve with broadening threat landscape, dark data security risks, IoT, AI security, and predictive analytics to ensure Cavirin’s continued innovation and product development. Prior to Cavirin, in 2005, Dr. Rao launched SRA OSS, Inc. with a flagship product called Open Vision into a leading and widely adopted Open Source middleware application stack.

Dr. Rao was formerly on the Board of Proxim Wireless and currently on the Board of Directors of SRA, Inc., a publicly-traded company, as the only non-Japanese executive member in SRA’s 50-year history. As a Country Manager for Engineering Mechanics Research Corporation Japan Limited, a PLM company, he accelerated business and managed 750 customers through various partners and also as the General Manager for MoldFlow Japan he was instrumental for helping the company to IPO subsequently acquired by Autodesk.

In addition, he worked for Lehman Brothers and JP Morgan for the Structured Derivative Technology trading desk in Tokyo, Japan. Dr. Rao received his Doctorate degree from Indian Institute of Technology (IIT), Madras. He has published 25 technical papers in various international journals and was a visiting scientist at the University of Michigan (Ann Arbor) and the Institute of Space and Astronautical Science, Japan.

“We are driven by our mission to help hybrid organizations of all sizes leverage the cost savings and agility of the cloud without increasing operational risk or reducing their security posture.”