Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:04 PM
Dark Reading
Dark Reading
Products and Releases

HyTrust Launches HyTrust Appliance Version 2.0

New version adds Policy Federation, Full-Index Search, and Root Password Vault features

Mountain View, CA., March 25, 2010 — HyTrust, Inc., the leader in policy management and access control for virtualization infrastructure, announced today the general availability of HyTrust Appliance Version 2.0. Built specifically for enterprises that want to maximize their return on investment in virtualization, yet whose 'virtual footprint' remains limited due to a lack of visibility and control, the solution empowers them to virtualize with assurance that controls for access, compliance and accountability are firmly in place. The new version adds exciting new features, such as Policy Federation, Full-Index Search and Root Password Vault, in addition to enhancements that improve performance and the ability to massively scale while speeding deployment.

What's New At-A-Glance

Federated Deployment: A secure distributed system architecture allows for automated replication of policies and templates across multiple HyTrust Appliances as well as geographic boundaries. For larger enterprises with multiple datacenters and collocation facilities, it ensures consistency of controls across the entire infrastructure.

Root Password Vault: Locks down privileged host accounts and provides passwords for temporary use to enable time-limited privileged account access. Root accounts on hypervisors are extremely powerful and, as a consequence, can create a significant liability if they fall into the wrong hands. With the aid of Root Password Vault, all root account access is attributable to an individual and every action is logged, providing far greater visibility and accountability.

Virtual Infrastructure Search: Supports massive scale deployments with quick and easy accessibility of all virtual infrastructure objects, policies and logs.

Object Policy Labels: Creates a policy categorization structure similar to "Web 2.0 tagging" for virtual infrastructure objects, enabling better organization and tighter, more consistent controls. Enables access, network segment and zoning policies, allowing administrators to dictate which virtual machines are allowed to connect with which network segments or hosts via RuleSets and Constraints. (Ref. virtual infrastructure segmentation)

Remote API: An interface to remotely access and automate HyTrust Appliance administration. Enables the kind of scalability demanded by the largest enterprise virtualization deployments.

Router-Mode: A deployment option that forces all virtualization management traffic to flow through the HyTrust Appliance. The appliance acts as a router for the "protected" management subnet wherein, for example, ESX/ESXi hosts and vCenter Server would use HyTrust Appliance as the default gateway. This adds yet another flexible deployment option to the existing options, ensuring HyTrust Appliance will easily adapt to any enterprise architecture.

"Building on the excitement, early success and recognition that followed the market introduction of HyTrust and HyTrust Appliance in 2009, this major new release takes the solution to a new level," said Eric Chiu, president and CEO, HyTrust. "These latest advancements in best-of-breed control and policy management further empower customers to capitalize on virtualization, and in more meaningful ways such as with tier-one applications."

HyTrust recently announced that it closed Series B financing in the amount of $10.5 million, with new investors Granite Ventures and Cisco Systems participating in the round along with existing investors Trident Capital and Epic Ventures. The new funding will continue to drive development and innovation.

The Real Security Issue: Visibility and Control

Gartner research indicates that at the end of 2009, only 18 percent of enterprise data center workloads that could be virtualized had been virtualized; the number is expected to grow to more than 50 percent by the close of 2012. As more workloads are virtualized, as workloads of different trust levels are combined and as virtualized workloads become more mobile, the security issues associated with virtualization become more critical to address.

"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

"As we've said from the start, the security issues that need to be addressed," says Chiu, "have more to do with treating virtualization as a new platform and layer, and, as with any new platform, a new approach is needed to address it properly. The recent Gartner report corroborates the need for visibility and control, consistent policy management and enforcement, role-based access control and configuration management."

Single Purpose, Single Point of Control

HyTrust Appliance was built with a single purpose in mind: to enable more organizations to virtualize more critical workloads by giving customers a single point of control and visibility over their virtual infrastructure. The appliance provides the broadest range of fundamental, if not critical, capabilities for virtualization datacenters to be "operationally ready" including:

Virtual Infrastructure Policy Management: Enables the creation of enforceable constraints within virtual infrastructure that may be applied directly to virtual machines, virtual switches, hosts and other objects and map precisely to their operational requirements.

Unified Access Control: Enables highly granular access policies for consistent access control at the hypervisor-layer and a turnkey solution to ensure secure privileged account access.

Hypervisor Hardening: Ability to proactively monitor and remediate VMware vSphere hosts based on pre-built or custom assessment frameworks, such as PCI DSS, C.I.S. Benchmark, VMware Best Practices, all without manual effort or scripts.

Audit-quality Log Management: Provides granular, user-specific, virtual infrastructure access log records that can be used for regulatory compliance, troubleshooting, and forensic analysis.

Market Consensus

Industry analysts most knowledgeable about virtualization concur with the core issues and HyTrust's approach. And five hundred users of the HyTrust Community edition and numerous enterprise customers say HyTrust Appliance is essential in meeting their operational controls and compliance requirements.

"As a leading web-event registration provider and retailer, Active Outdoors provides hunting & fishing organizations with a cost-effective way to register and collect payments from millions of consumers," said Greg Collett, IT Security at Active. "In order to protect our customers and their financial information, it's imperative that our infrastructure be compliant with the Payment Card Industry Data Security Standard. As we begin to embrace virtualization, Active Outdoors recognizes the need for additional controls to secure the virtual infrastructure. Active Outdoors has chosen HyTrust Appliance to address these identified needs. HyTrust Appliance will enable us to enforce access control and segmentation across our virtual infrastructure. HyTrust will give us the ability to confidently virtualize our infrastructure--enjoying all the benefits of virtualization--without compromising the security of our customers or putting our compliance efforts at risk."

"More applications are being deployed on virtual infrastructure every day, including a growing number of Tier 1, business-critical workloads," said Dave Bartoletti, senior analyst & consultant, Taneja Group. "As a result, the virtual infrastructure now demands the equivalent security and compliance controls as exist for physical environments. HyTrust Appliance 2.0 delivers virtual infrastructure control and compliance by simplifying and automating all essential elements of platform security and is well positioned to become an essential part of virtualization reference architecture."

Bartoletti concludes: "If you want to virtualize more workloads, faster and with more confidence, we recommend adding the HyTrust solution to your virtual infrastructure management toolkit today."

Availability & Pricing

Three editions of HyTrust Appliance 2.0 are now generally available as follows:

HyTrust Appliance Community Edition, a free full-featured version of the product downloadable from the Web and supporting up to three hosts.

HyTrust Appliance Standard Edition, which supports an unlimited number of hosts, offers more flexible deployment options, and is licensed on a per-host basis on the number of CPUs at $500 per socket.

HyTrust Appliance Enterprise Edition, which supports an unlimited number of hosts, even more flexible deployment options, federation of multiple HyTrust Appliances, privileged account management via Root Password Vault, two-factor authentication, a remote API for additional management flexibility, and licensed per-host based on number of CPUs at $750 per socket.

About HyTrust (www.hytrust.com)

Virtualization Under Control.

HyTrust', headquartered in Mountain View, CA, is the leader in policy management and access control for virtual infrastructure. HyTrust empowers organizations to virtualize more—including servers that may be subject to compliance—by delivering enterprise-class controls for access, accountability, and visibility to their existing virtualization infrastructure. The Company is backed by top tier investors Granite Ventures, Cisco Systems, Trident Capital, and Epic Ventures; its partners include VMware; Symantec (Nasdaq: SYMC); Citrix (Nasdaq: CTXS); and RSA (NYSE: EMC).

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-24
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.
PUBLISHED: 2021-06-24
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 1...
PUBLISHED: 2021-06-24
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
PUBLISHED: 2021-06-24
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
PUBLISHED: 2021-06-24
A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process.