HyTrust enforces two-person approval for VMware security
Following up on customer feedback from U.S. intelligence agencies, VMware security systems provider HyTrust has updated its virtual security appliance so actions taken by administrators can be delayed until external approval for that action is granted.
Such precautions are increasingly necessary because today’s virtual environments pose “a concentration of risk,” said Eric Chiu, president and cofounder of HyTrust.
“Servers, networking, storage used to be separate physical systems and they all had their separate configurations and experts to manage them. That has all been collapsed to a single software layer, with a single management console where any administrator can access any resource,” Chiu said. “Ultimately, that creates security and compliance issues.”
HyTrust announced the update to its flagship HyTrust Appliance at VMware’s VMworld conference, being held this week in San Francisco. At this conference, VMware will detail its roadmap for the software defined data center (SDDC) architecture, in which servers, networking and storage can be virtualized and run in a coordinated fashion.
The HyTrust Appliance monitors and controls the employee use of virtual machines (VMs) that run on VMware’s ESX and ESXi hypervisors, as well as oversees administrative use of the VMware vSphere management console. It monitors every administrative action taken on a VM, based on the roles that are assigned to each user. The appliance can block inappropriate actions, and log all user actions.
The software can be valuable in preventing the theft of a VM that contains confidential information, the willful destruction of an entire virtual data center, or the misconfiguring of a VM tenant.
The new version of the virtual appliance includes the ability to block any administrative action until approval from an outside party is granted.
One customer, a U.S. intelligence agency, had requested this feature, Chiu said. It mimics the procedures the U.S. Air Force called the two person concept, in which two managers would be required to complete an action (in the Air Force’s case, to launch a nuclear strike).
With the HyTrust software, certain actions, such as deleting a VM, can be put on hold until it is approved by a second party, such as a manager or higher-ranking administrator.
HyTrust offered a limited version of this capability in prior versions, but this release offers a full range of capabilities around the process, Chiu said. It now meets the U.S. National Security Agency’s requirements for implementing secondary approval. New features include a timer that could be put in place on any action, so a person can only execute an approved action within a certain period of time, such as a nightly maintenance window, Chiu said.
Monitor for monitoring
HyTrust Appliance 3.5 also includes a new monitoring mode, which allows an administrator to log how VMs are used before applying policies to their use. The appliance logs all activity, without enforcing any rules. The monitor-only mode can be useful for allowing an administrator to observe routine behavior, which would provide a baseline for building a set of rules to enforce proper use.
The new software can also send out email alerts whenever some unwanted activity takes place.”You can specify any kind of alert you care about,” Chiu said. For instance, an administrator can set up an alert for whenever anyone deletes more than 10 VMs.
Typically, administrators rely on SIEM (Security Information Event Management) systems for getting such system alerts, but that software tends not to work well for virtualized environments, Chiu said.
“Trying to configure a SIEM to report on what is happening in a virtual environment is difficult. Our customers told us ‘We want that to come from you’,” Chiu said.
Drawing from a new security hardening guide for vSphere released by VMware, HyTrust Appliance now has three times as many server configuration security checks and remediation operations than it had before. It can also now work with Intel’s Intel Trusted Execution Technology (Intel TXT), so “you can determine whether your hardware platform is trusted, before you move your workload into that environment,” Chiu said.
HyTrust Appliance 3.5 is now available. The HyTrust Appliance Enterprise Edition costs US$1,050 per CPU socket for each ESX or EXSi host, as well per $30,000 per appliance. The company also offers a downloadable community edition for no cost, which manages up to three hosts.