Hardening the host

An out-of-the-box installation of any operating system is far too insecure to deploy in a production environment. OS hardening is a procedure by which one minimizes the current and future threat of exposure to compromise by locking down the configuration as much as possible and disabling unnecessary applications and services.

The challenge of hardening a single host, although a somewhat painstaking and manual process, is certainly achievable by most organizations. However, when multiplied across a large number of hosts, the task begins to consume a huge amount of resources and is often prone to errors. And while it might seem logical that hardening should only be required upon initial deployment, configurations often drift over time, which makes it harder to verify the exact known state of the systems in question.

HyTrust Appliance can assess VMware vSphere hosts to identify configuration errors using pre-built assessment frameworks, such as PCI DSS, C.I.S. Benchmark, VMware Best Practices, or even custom user-defined templates. The solution actively eliminates configuration problems quickly and easily via active remediation. It also allows proactive monitoring of hosts, eliminates configuration drift, and ensures ongoing compliance according to a defined standard, all without manual effort or scripts.