Dark Reading

A new security startup launched today with an appliance that helps fill a gap that thus far has dogged the widespread adoption and implementation of virtualization -- the need for an automated, unified way to manage and secure the virtual infrastructure and ensure compliance.

Mountain View, Calif.-based HyTrust announced that on April 30 it will begin shipping the HyTrust Appliance, an all-in-one box that serves as a central point of control for the virtualization infrastructure. HyTrust, which has secured $5.5 million in Series A funding led by Trident Capital and Epic Ventures, came out of stealth mode today with some high-powered virtualization technology partners -- VMWare, Symantec, Cisco, and Citrix -- as well.

One of virtualization's big trade-offs is that the convenience and flexibility of streamlining apps and servers often leads to a loss of control and visibility into the environment, as well as the inability to ensure regulatory compliance. That has held back many organizations from going full-bore with virtualization.

"'Security' tools in virtualized environments are becoming less about pure security functions, like firewalls and IDP [intrusion detection and prevention], and much more focused on increasing the management and visibility of virtualization, and keeping pace with the velocity of change, configuration control, and compliance," says Christofer Hoff, an independent analyst and blogger. "HyTrust does so in a very elegant manner. Their approach is based on the old adage [that] you cannot manage that which you cannot see."

What's different about HyTrust's virtualization management and control approach is that it sits both physically and logically between the network and proxies all configuration requests -- in real-time, Hoff says. The closest thing thus far has been something like Catbird Networks' V-Security system, he says, which is more of a detection approach. "Catbird uses their [virtual] agent and a VM to tie into VMware's virtual center, and then when a change occurs, it can either alert or remediate -- like HyTrust's -- but theirs is really a reactive/detective approach since it is not inline."

HyTrust's automated system also maps any requests to specific user roles by integrating with Microsoft's Active Directory system. And any logging can then be mapped back directly to a single user, Hoff says.

To date, many organizations have been struggling to manually manage their change control in virtual environments, says Eric Chiu, CEO of HyTrust. "They just can't keep up [using that approach]," he says. "This [technology] is a central point of control over a virtual infrastructure on part with a physical" network, including automation and integration with directory services.

Chiu says the company has about a dozen beta customers, including Stanford Hospital and Clinics, which had been holding back on virtualizing any systems that contained patient record information due to HIPAA worries. "After testing [our appliance], they believe they have the ability to have a more secure virtual infrastructure than in their physical infrastructure," Chiu says.

But the main risk with HyTrust's centralized approach is that it can also present a single point of failure, too, Hoff says.

Meanwhile, VMWare has provided HyTrust with its source code for integration purposes, and HyTrust will work with Citrix to support its XEN environment. (It currently supports only VMware VI 3.0x, ESX 3.0x or higher, and ESXi). Cisco and HyTrust will work together on integrating HyTrust's technology with its new UTS servers, and Symantec's Alteris group plans to "ultimately" include support for HyTrust in its products, Chiu says.

The enterprise version of the HyTrust Appliance is priced at $7,500 for the physical appliance and $3,000 for a virtual application license. An ESC host-protection license is $1,000 for a two-CPU host. HyTrust also plans to offer a free virtual appliance, HyTrust Appliance: Community Edition, later this month for small companies to automate virtualization. It supports up to three ESX hosts.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.