The rise of virtualization has changed almost everything about IT. With hosts being replaced by ESXi and the network by NSX with vSphere to rule them all, a lot of administrative power has been concentrated in the hypervisor but approaches to security have remained relatively stagnant until now.
With HyTrust CloudControl we help harden and protect one of the top targets of hackers – the hypervisor and we help protect your infrastructure even when good credentials have fallen into the wrong hands as has been the case with a number of recent breaches including Home Depot, Target and others.
Virtual infrastructure administrators typically have very broad privileges with few native controls or restrictions – creating the opportunity for chaos in the event of a compromised account or “fat finger” administrative error. CloudControl protects in a number of different ways.
We support Two Factor Authentication including RSA SecurID, CA ArcotID, Smartcards/PKI and work with Active Directory, RADIUS and TACACS+. We also provide root password vaulting, tightly securing root access.
We also enable powerful, fine-grained policy-based authorization, including both role-based and asset-based access control. We help contain risk with secondary approval workflows – implementing the “two man rule” ensuring that high impact actions receive the appropriate review and approval. Integration with Active Directory ensures efficient role definitions.
HyTrust CloudControl not only helps keep administrators in the appropriate “swim lanes,” but it also helps monitor and track activity, providing complete, comprehensive audit trails with extensive reports as well as integration with SIEM packages including McAfee ePolicy Orchestrator, VMware LogInsight, Symantec Control Compliance Suite, RSA envision, HP ArcSight and Splunk. We record and alert on essential events including attempted/denied operations, IP addresses and details of VM configuration changes.
CloudControl includes templates for hypervisor hardening and also provides continual hypervisor configuration monitoring in line with best practices as detailed by the VMware hardening guide and compliance requirements such as HIPAA, PCI-DSS and others. We automate policy definition, enforcement and remediation while also enabling BoundaryControl, a HyTrust feature implemented in conjunction with Intel using TXT technology which prevents workloads from running on anything but authorized hardware.
Together, these features and capabilities help reduce risk and enable you to migrate more of your infrastructure to the cloud with being held back by security, regulatory or operational concerns.