HyTrust enforces two-person approval for VMware security

HyTrust updates its VMware security appliance for the VMware's software defined data center

Following up on customer feedback from U.S. intelligence agencies, VMware security systems provider HyTrust has updated its virtual security appliance so actions taken by administrators can be delayed until external approval for that action is granted.

Such precautions are increasingly necessary because today's virtual environments pose "a concentration of risk," said Eric Chiu, president and cofounder of HyTrust.

"Servers, networking, storage used to be separate physical systems and they all had their separate configurations and experts to manage them. That has all been collapsed to a single software layer, with a single management console where any administrator can access any resource," Chiu said. "Ultimately, that creates security and compliance issues."

HyTrust announced the update to its flagship HyTrust Appliance at VMware's VMworld conference, being held this week in San Francisco. At this conference, VMware will detail its roadmap for the software defined data center (SDDC) architecture, in which servers, networking and storage can be virtualized and run in a coordinated fashion.

The HyTrust Appliance monitors and controls the employee use of virtual machines (VMs) that run on VMware's ESX and ESXi hypervisors, as well as oversees administrative use of the VMware vSphere management console. It monitors every administrative action taken on a VM, based on the roles that are assigned to each user. The appliance can block inappropriate actions, and log all user actions.

The software can be valuable in preventing the theft of a VM that contains confidential information, the willful destruction of an entire virtual data center, or the misconfiguring of a VM tenant.

The new version of the virtual appliance includes the ability to block any administrative action until approval from an outside party is granted.

One customer, a U.S. intelligence agency, had requested this feature, Chiu said. It mimics the procedures the U.S. Air Force called the two person concept, in which two managers would be required to complete an action (in the Air Force's case, to launch a nuclear strike).

With the HyTrust software, certain actions, such as deleting a VM, can be put on hold until it is approved by a second party, such as a manager or higher-ranking administrator.

HyTrust offered a limited version of this capability in prior versions, but this release offers a full range of capabilities around the process, Chiu said. It now meets the U.S. National Security Agency's requirements for implementing secondary approval. New features include a timer that could be put in place on any action, so a person can only execute an approved action within a certain period of time, such as a nightly maintenance window, Chiu said.

HyTrust Appliance 3.5 also includes a new monitoring mode, which allows an administrator to log how VMs are used before applying policies to their use. The appliance logs all activity, without enforcing any rules. The monitor-only mode can be useful for allowing an administrator to observe routine behavior, which would provide a baseline for building a set of rules to enforce proper use.

The new software can also send out e-mail alerts whenever some unwanted activity takes place."You can specify any kind of alert you care about," Chiu said. For instance, an administrator can set up an alert for whenever anyone deletes more than 10 VMs.

Typically, administrators rely on SIEM (Security Information Event Management) systems for getting such system alerts, but that software tends not to work well for virtualized environments, Chiu said.

"Trying to configure a SIEM to report on what is happening in a virtual environment is difficult. Our customers told us 'We want that to come from you'," Chiu said.

Drawing from a new security hardening guide for vSphere released by VMware, HyTrust Appliance now has three times as many server configuration security checks and remediation operations than it had before. It can also now work with Intel's Intel Trusted Execution Technology (Intel TXT), so "you can determine whether your hardware platform is trusted, before you move your workload into that environment," Chiu said.

HyTrust Appliance 3.5 is now available. The HyTrust Appliance Enterprise Edition costs US$1,050 per CPU socket for each ESX or EXSi host, as well per $30,000 per appliance. The company also offers a downloadable community edition for no cost, which manages up to three hosts.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags firewallshytrustsecurity

More about IDGIntelNational Security AgencyTechnologyVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joab Jackson

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place