HyTrust CloudControl Capabilities

Better Protection for the Virtual Family Jewels​​

Hypervisor Hardening, Authentication, Policy Control and More

​​The rise of virtualization has changed almost everything about IT. With hosts being replaced by ESXi and the network by NSX with vSphere to rule them all, a lot of administrative power has been concentrated in the hypervisor but approaches to security have remained relatively stagnant until now.

With HyTrust CloudControl we help harden and protect one of the top targets of hackers – the hypervisor and we help protect your infrastructure even when good credentials have fallen into the wrong hands as has been the case with a number of recent breaches including Home Depot, Target and others.

Virtual infrastructure administrators typically have very broad privileges with few native controls or restrictions – creating the opportunity for chaos in the event of a compromised account or “fat finger” administrative error. CloudControl protects in a number of different ways.

Authentication

We support Two Factor Authentication including RSA SecurID, CA ArcotID, Smartcards/PKI and work with Active Directory, RADIUS and TACACS+. We also provide root password vaulting, tightly securing root access.

Authorization

We also enable powerful, fine-grained policy-based authorization, including both role-based and asset-based access control. We help contain risk with secondary approval workflows – implementing the “two man rule” ensuring that high impact actions receive the appropriate review and approval. Integration with Active Directory ensures efficient role definitions.

Forensic Quality Logs

HyTrust CloudControl not only helps keep administrators in the appropriate “swim lanes,” but it also helps monitor and track activity, providing complete, comprehensive audit trails with extensive reports as well as integration with SIEM packages including McAfee ePolicy Orchestrator, VMware LogInsight, Symantec Control Compliance Suite, RSA envision, HP ArcSight and Splunk. We record and alert on essential events including attempted/denied operations, IP addresses and details of VM configuration changes.

Hypervisor Hardening

CloudControl includes templates for hypervisor hardening and also provides continual hypervisor configuration monitoring in line with best practices as detailed by the VMware hardening guide and compliance requirements such as HIPAA, PCI-DSS and others. We automate policy definition, enforcement and remediation while also enabling BoundaryControl, a HyTrust feature implemented in conjunction with Intel using TXT technology which prevents workloads from running on anything but authorized hardware.

Together, these features and capabilities help reduce risk and enable you to migrate more of your infrastructure to the cloud with being held back by security, regulatory or operational concerns.​

​​

 
 

Video

Why Do I Need HyTrust?

Virtualization changes everything - including security....

Watch Video
 
 

Video

What is HyTrust CloudControl?

Virtualization concentrates power, and risk, in the...

Watch Video
 
 

Data Sheets

HyTrust CloudControl Data Sheet

HyTrust CloudControl provides automated protection...

Download
 
 

Case Studies

Financial Case Study – EBRD

Major European Development Bank Turns to HyTrust to...

Download
 
 

Case Studies

UC Berkeley Case Study

HyTrust Enables University of California, Berkeley,...

Download
 
 

White Papers

Closing the Virtualization Gap

Detaching workloads from their physical hosts and managing...

Download