Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

3/26/2010
02:04 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

HyTrust Launches HyTrust Appliance Version 2.0

New version adds Policy Federation, Full-Index Search, and Root Password Vault features

Mountain View, CA., March 25, 2010 — HyTrust, Inc., the leader in policy management and access control for virtualization infrastructure, announced today the general availability of HyTrust Appliance Version 2.0. Built specifically for enterprises that want to maximize their return on investment in virtualization, yet whose 'virtual footprint' remains limited due to a lack of visibility and control, the solution empowers them to virtualize with assurance that controls for access, compliance and accountability are firmly in place. The new version adds exciting new features, such as Policy Federation, Full-Index Search and Root Password Vault, in addition to enhancements that improve performance and the ability to massively scale while speeding deployment.

What's New At-A-Glance

Federated Deployment: A secure distributed system architecture allows for automated replication of policies and templates across multiple HyTrust Appliances as well as geographic boundaries. For larger enterprises with multiple datacenters and collocation facilities, it ensures consistency of controls across the entire infrastructure.

Root Password Vault: Locks down privileged host accounts and provides passwords for temporary use to enable time-limited privileged account access. Root accounts on hypervisors are extremely powerful and, as a consequence, can create a significant liability if they fall into the wrong hands. With the aid of Root Password Vault, all root account access is attributable to an individual and every action is logged, providing far greater visibility and accountability.

Virtual Infrastructure Search: Supports massive scale deployments with quick and easy accessibility of all virtual infrastructure objects, policies and logs.

Object Policy Labels: Creates a policy categorization structure similar to "Web 2.0 tagging" for virtual infrastructure objects, enabling better organization and tighter, more consistent controls. Enables access, network segment and zoning policies, allowing administrators to dictate which virtual machines are allowed to connect with which network segments or hosts via RuleSets and Constraints. (Ref. virtual infrastructure segmentation)

Remote API: An interface to remotely access and automate HyTrust Appliance administration. Enables the kind of scalability demanded by the largest enterprise virtualization deployments.

Router-Mode: A deployment option that forces all virtualization management traffic to flow through the HyTrust Appliance. The appliance acts as a router for the "protected" management subnet wherein, for example, ESX/ESXi hosts and vCenter Server would use HyTrust Appliance as the default gateway. This adds yet another flexible deployment option to the existing options, ensuring HyTrust Appliance will easily adapt to any enterprise architecture.

"Building on the excitement, early success and recognition that followed the market introduction of HyTrust and HyTrust Appliance in 2009, this major new release takes the solution to a new level," said Eric Chiu, president and CEO, HyTrust. "These latest advancements in best-of-breed control and policy management further empower customers to capitalize on virtualization, and in more meaningful ways such as with tier-one applications."

HyTrust recently announced that it closed Series B financing in the amount of $10.5 million, with new investors Granite Ventures and Cisco Systems participating in the round along with existing investors Trident Capital and Epic Ventures. The new funding will continue to drive development and innovation.

The Real Security Issue: Visibility and Control

Gartner research indicates that at the end of 2009, only 18 percent of enterprise data center workloads that could be virtualized had been virtualized; the number is expected to grow to more than 50 percent by the close of 2012. As more workloads are virtualized, as workloads of different trust levels are combined and as virtualized workloads become more mobile, the security issues associated with virtualization become more critical to address.

"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

"As we've said from the start, the security issues that need to be addressed," says Chiu, "have more to do with treating virtualization as a new platform and layer, and, as with any new platform, a new approach is needed to address it properly. The recent Gartner report corroborates the need for visibility and control, consistent policy management and enforcement, role-based access control and configuration management."

Single Purpose, Single Point of Control

HyTrust Appliance was built with a single purpose in mind: to enable more organizations to virtualize more critical workloads by giving customers a single point of control and visibility over their virtual infrastructure. The appliance provides the broadest range of fundamental, if not critical, capabilities for virtualization datacenters to be "operationally ready" including:

Virtual Infrastructure Policy Management: Enables the creation of enforceable constraints within virtual infrastructure that may be applied directly to virtual machines, virtual switches, hosts and other objects and map precisely to their operational requirements.

Unified Access Control: Enables highly granular access policies for consistent access control at the hypervisor-layer and a turnkey solution to ensure secure privileged account access.

Hypervisor Hardening: Ability to proactively monitor and remediate VMware vSphere hosts based on pre-built or custom assessment frameworks, such as PCI DSS, C.I.S. Benchmark, VMware Best Practices, all without manual effort or scripts.

Audit-quality Log Management: Provides granular, user-specific, virtual infrastructure access log records that can be used for regulatory compliance, troubleshooting, and forensic analysis.

Market Consensus

Industry analysts most knowledgeable about virtualization concur with the core issues and HyTrust's approach. And five hundred users of the HyTrust Community edition and numerous enterprise customers say HyTrust Appliance is essential in meeting their operational controls and compliance requirements.

"As a leading web-event registration provider and retailer, Active Outdoors provides hunting & fishing organizations with a cost-effective way to register and collect payments from millions of consumers," said Greg Collett, IT Security at Active. "In order to protect our customers and their financial information, it's imperative that our infrastructure be compliant with the Payment Card Industry Data Security Standard. As we begin to embrace virtualization, Active Outdoors recognizes the need for additional controls to secure the virtual infrastructure. Active Outdoors has chosen HyTrust Appliance to address these identified needs. HyTrust Appliance will enable us to enforce access control and segmentation across our virtual infrastructure. HyTrust will give us the ability to confidently virtualize our infrastructure--enjoying all the benefits of virtualization--without compromising the security of our customers or putting our compliance efforts at risk."

"More applications are being deployed on virtual infrastructure every day, including a growing number of Tier 1, business-critical workloads," said Dave Bartoletti, senior analyst & consultant, Taneja Group. "As a result, the virtual infrastructure now demands the equivalent security and compliance controls as exist for physical environments. HyTrust Appliance 2.0 delivers virtual infrastructure control and compliance by simplifying and automating all essential elements of platform security and is well positioned to become an essential part of virtualization reference architecture."

Bartoletti concludes: "If you want to virtualize more workloads, faster and with more confidence, we recommend adding the HyTrust solution to your virtual infrastructure management toolkit today."

Availability & Pricing

Three editions of HyTrust Appliance 2.0 are now generally available as follows:

HyTrust Appliance Community Edition, a free full-featured version of the product downloadable from the Web and supporting up to three hosts.

HyTrust Appliance Standard Edition, which supports an unlimited number of hosts, offers more flexible deployment options, and is licensed on a per-host basis on the number of CPUs at $500 per socket.

HyTrust Appliance Enterprise Edition, which supports an unlimited number of hosts, even more flexible deployment options, federation of multiple HyTrust Appliances, privileged account management via Root Password Vault, two-factor authentication, a remote API for additional management flexibility, and licensed per-host based on number of CPUs at $750 per socket.

About HyTrust (www.hytrust.com)

Virtualization Under Control.

HyTrust', headquartered in Mountain View, CA, is the leader in policy management and access control for virtual infrastructure. HyTrust empowers organizations to virtualize more—including servers that may be subject to compliance—by delivering enterprise-class controls for access, accountability, and visibility to their existing virtualization infrastructure. The Company is backed by top tier investors Granite Ventures, Cisco Systems, Trident Capital, and Epic Ventures; its partners include VMware; Symantec (Nasdaq: SYMC); Citrix (Nasdaq: CTXS); and RSA (NYSE: EMC).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security Compass,  1/13/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).