D ATA S H E E T HyTrust CloudControl 4.1 Security breaches are happening with increasing frequency, and savvy attackers are repeatedly targeting administrative credentials to expand their reach and remain undetected. In virtualized environments, administrators typically have very broad privileges with minimal monitoring, and are therefore an ideal target. HyTrust CloudControl™ is a virtual appliance that addresses these critical security and compliance requirements for virtualized infrastructure. The Challenge Virtualization and software-defined networking provide operational and financial benefits by consolidating servers, networking, and storage Fine-Grained Authorization Audit-Quality Logging into a concentrated software layer. It has delivered dramatic increases in capacity utilization, IT administration efficiency, HyTrust CloudControl and agility. However, the administrators of these environments have unprecedented power and span of control: a privileged user with administrative access to the virtual infrastructure — or someone who gains their credentials — can easily exfiltrate sensitive Strong Authentication Infrastructure Integrity data in bulk, as well as disrupt the operations of mission critical applications with a few clicks. Virtualization management tools lack the The Solution authentication, continuous monitoring, auditing, HyTrust CloudControl™ software lets enterprises and accountability for this administrative virtualize even mission critical applications and activity. This lack of visibility and control of deploy multitenant private clouds while reducing virtual infrastructure makes meeting compliance risk of breaches or accidental misconfiguration. mandates such as PCI impossible. More importantly, companies that don’t secure these CloudControl doesn’t require administrators to accounts are vulnerable to the type of data breaches change their workflow or management tools, and theft that can go undetected for months. but simply adds the critical security controls and visibility necessary to achieve security and compliance in virtualized infrastructure and private clouds. Cloud Under Control hytrust.com 650.681.8100 D ATA S H E E T Forensic-Quality Logs How It Works HyTrust CloudControl is deployed as a transparent proxy on the management plane between administrators and vSphere, or KVM hosts. • Compiles complete audit trails required for compliance and fast incident response • Records and alerts on essential audit data including attempted/denied operations, source IP addresses, and details of VM reconfigurations • Provides comprehensive reports and integrates with SIEM solutions including McAfee ePolicy Orchestrator, VMware LogInsight, Symantec Control Compliance Suite, RSA envision, HP ArcSight, and Splunk VMware vSphere Hypervisor Configuration Hardening • Provides templates for and continually monitors hypervisor configuration to ensure compliance with security best practices (VMware hardening guide) and compliance requirements (e.g., Management Clients PCI, HIPAA) HyTrust CloudControl is deployed as a transparent proxy on the management plane between administrators and the ESXi or KVM hosts. Key Capabilities Strong Authentication • Supports two-factor authentication to ensure administrators are who they say they are and prevent identity spoofing • Integrates with Active Directory, RSA SecurID, CA ArcotID, RADIUS, and Smartcards/PKI • Provides root password vaulting to tightly secure ESXi server root access. Policy-Based Authorization • Limits or prevents harm to critical workloads by enforcing enterprise-defined policies • Applies both role-based and asset-based access control rules to achieve separation of duties and resource isolation, with no changes to user workflows • Provides secondary approval workflow to ensure additional control and visibility for sensitive operations • Automates configuration policy definition, enforcement, and remediation •Supports HyTrust Boundary Controls in conjunction with Intel TXT (ensuring hardware-based root of trust) and policy-based controls that prevent workloads from running outside a defined boundary, such as a datacenter or country border The Benefits • Reduce risk of data breach through twofactor authentication, continuous monitoring and policy-based control of privileged administrator accounts • Simplify audits and ensure compliance through configuration hardening and thorough logging and reporting of admin actions or attempted actions • Supports secure multi-tenancy and drives uptime in next-gen datacenters and private clouds • Mitigate risks of extended data center downtime • Contain and prevent damage due to privileged account misuse To learn more about HyTrust, visit hytrust.com/products/why-hytrust. HyTrust, the HyTrust logo, and Virtualization Under Control are trademarks or registered trademarks of HYTRUST, Inc. or its subsidiaries in the United States and other jurisdictions. All other company and productnames mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies. © 2013-2014 HyTrust, Inc. All rights reserved. Part Number: DS-007-001 Cloud Under Control hytrust.com 650.681.8100