April 07, 2017

DockerCon 2017 Q&A: Cavirin Will Demonstrate Leadership Role of Securing the Container Lifecycle

Written by

Are you attending DockerCon 2017 in Austin, TX?  If so, I invite you to add Cavirin to your MUST SEE list of vendors.

Cavirin provides continuous security assessment and remediation across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.  The company's solutions offer continuous visibility, are agentless and multi-tenant, and scale to the largest physical and virtual infrastructures.  They offer up-to-the-minute compliance assessments, supplying audit-ready evidence as measured by every major regulatory and security best practice framework including CIS, DISA, PCI and HIPAA.  With Cavirin, companies are empowered to make the right decisions faster and de-risk their cloud migrations.   

Read this exclusive pre-show interview with VMblog and Cavirin to learn what they have planned for DockerCon 2017.

cavirin logo 

VMblog:  How can people find you at this year's DockerCon 2017 event? And how many people from your company will be there?

Cavirin:  We're E4, a pod, and we'll have some of our lead architects and product managers attending.  Our VP of Engineering will also be available for meetings.

VMblog:  Do you have a theme for your booth?

Cavirin:  Continuous Security Assessment and Remediation for the Docker ecosystem.  For example, you are deploying containers within AWS, and you want to make sure that your OS is secure, that it has not drifted, to use the term, from a known secure baseline.  We watch out for this by continually looking for any changes, pointing them out, and offering remediation advice.  In the past, this has been available for bare-metal servers, and then virtualization, and now for containers. 

We've taken a leadership role in building these security benchmarks for containers, and also offer an image scanning capability to identify any vulnerabilities in images that are downloaded from a registry. Scanning the container images for security is critical before they hit production, since container based applications are often built by composing with other images downloaded from registries, some even untrusted, that can potentially have serious vulnerabilities. We have automated container security to the level of easy integration into application development process and CI/CD pipeline.

VMblog:  What message can an attendee take back with them to sell their boss on your technology?

Cavirin:  If they are implementing containers either on-premises or as part of a cloud deployment, they need to ensure that their workloads are secure.  And, if they bring in images from a registry, they need to ensure that these are not corrupted.  We support both of these scenarios, de-risking their deployments. They also take the message back that, security can now be added as as essential acceptance criteria for their container based applications, and begin practicing DevSecOps methodology in delivering solutions. They can also derive comfort that, our product to interface effectively with their container orchestration platform of their choice such as Kubernetes, and enable security orchestration end-to-end.

If you want to read more about our Docker solutions, go - https://www.cavirin.com/solutions/cavirin-for-docker.html

VMblog:  Why should a DockerCon attendee add you to their MUST SEE list?

Cavirin:  If a user is concerned about the security of their Docker deployment, they should visit us.  If they have no interest in security, they can skip us.  Do you know anyone not interested in security?  There are many different vendors exhibiting, but we're probably unique in where we live in the ecosystem and what we provide.

VMblog:  What do you like most about sponsoring DockerCon?

Cavirin:  We're taking a leadership role securing the container lifecycle, including OS hardening of containers as well as registry and Docker Hub image scanning.  We want to demonstrate this leadership, and DockerCon is the perfect venue.

VMblog:  Can you give VMblog readers a sneak peek as to what you will be showing off at your booth this year?

Cavirin:  We will be demoing our latest product that supports both OS hardening for containers, as well as implementing the CIS Docker security benchmark.  We'll also be demoing Docker image scanning.  Our solution is immediately deployable by customers. We will also be showing an API level usage our security platform that simplifies the integration of container security into the SDLC lifecycle and CI/CD pipeline.

VMblog:  If you would, please explain or give readers a few reasons why your product or service is considered unique? 

Cavirin:  We look at the lifecycle of securing the container deployment, but quickly discovering assets either on-premises or within the cloud, analyzing these against a set of benchmarks and regulations, pointing out failures, and recommending corrective action.  This can be continuous, critical in a Docker environment with short-lived workloads.  Moreover, the discovery and security management of the container clusters can be orchestrated through the API level integration with platforms such as Kubernetes which is the platform of choice for container management in enterprises. Over time, we're adding additional adaptive analytics capabilities that will permit the CISO to predict what will happen on the network, as opposed to just reacting.

VMblog:  How does your company and product fit within the Docker or container ecosystem?

Cavirin:  Unlike products that run within containers, and go through the standard certification process, we play an entirely different role.  It is more in the space of a virtual firewall or load balancer, since we in effect provide an infrastructure service to the enterprise.  We help them secure their container deployments, and if they are in a regulated vertical, we ensure that they remain PCI, HIPAA, or other forms of compliance. Our product will also be available as an image in the public Docker hub, where security minded engineers can pull and bring it up within their Docker ecosystems. The target resources that our product scans do not have to be necessarily container based, though the solution itself runs as a container.

VMblog:  What are you looking forward to most at this year's event?

Cavirin:  Rainey Street?  No... seriously.... Meeting decision-makers within the Docker community who will understand the importance of our offering and can also provide feedback for future improvement.

VMblog:  I think most people are looking forward to Rainey Street!  What would you say to prospective attendees who are thinking about attending DockerCon but aren't sure if it's worth it or not?

Cavirin:  Given container momentum, this is the premier event bringing together the total ecosystem.   We all know the network effect of the more people, the greater value.  Who knows what take-aways are waiting in the wings.

VMblog:  What can we do collectively as an ecosystem to strengthen the industry?

Cavirin:  Set a framework for vendors to peer with each other.   At times, it seems as if Docker itself is running low on bandwidth for partner management. 

VMblog:  What do you hope to come away with from exhibiting at DockerCon?

Cavirin:  We've set expected metrics for face-to-face meetings as well as actionable badge scans.  The proof will be in follow-up after the event, keeping above the noise of all the other vendors.   It will be interesting to see if the attendees have budget and decision authority, or if most are deep in the technology or there for certification.   The ROI will be important, since for next year we'd need to move to a full sponsorship.  This is a major jump for us and would need to be balanced against other events.

VMblog:  Attendees always enjoy a good trade show tchotchke.  Are you guys giving away anything useful or interesting this year?

Cavirin:  Yes, come by and get a USB battery bar.


Safe to say, if security is high on your list, make sure to get Cavirin added to your schedule and swing by their booth to learn more.  And don't forget to grab one of their USB battery bars afterward.  Your phone will thank you!

Last modified on April 07, 2017
David Marshall

David Marshall has been involved in the technology industry for over 19 years, and he's been working with virtualization software since 1999. He was able to become an industry expert in virtualization by becoming a pioneer in that field - one of the few people in the industry allowed to work with Alpha stage server virtualization software from industry leaders: VMware (ESX Server), Connectix and Microsoft (Virtual Server).

Through the years, he has invented, marketed and helped launch a number of successful virtualization software companies and products. David holds a BS degree in Finance, an Information Technology Certification, and a number of vendor certifications from Microsoft, CompTia and others. He's also co-authored two published books: "VMware ESX Essentials in the Virtual Data Center" and "Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center" and acted as technical editor for two popular Virtualization "For Dummies" books. With his remaining spare time, David founded and operates one of the oldest independent virtualization news blogs, VMblog.com. And co-founded CloudCow.com, a publication dedicated to Cloud Computing. Starting in 2009 and continuing all the way to 2016, David has been honored with the vExpert distinction by VMware for his virtualization evangelism.


Hewlett Packard Enterprise


Latest Videos