Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

4/6/2009
08:07 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Startup Promises Centralized Security, Control For Virtual Environments

New virtualization security firm HyTrust partners with VMWare, Citrix, Cisco, and Symantec

A new security startup launched today with an appliance that helps fill a gap that thus far has dogged the widespread adoption and implementation of virtualization -- the need for an automated, unified way to manage and secure the virtual infrastructure and ensure compliance.

Mountain View, Calif.-based HyTrust announced that on April 30 it will begin shipping the HyTrust Appliance, an all-in-one box that serves as a central point of control for the virtualization infrastructure. HyTrust, which has secured $5.5 million in Series A funding led by Trident Capital and Epic Ventures, came out of stealth mode today with some high-powered virtualization technology partners -- VMWare, Symantec, Cisco, and Citrix -- as well.

One of virtualization's big trade-offs is that the convenience and flexibility of streamlining apps and servers often leads to a loss of control and visibility into the environment, as well as the inability to ensure regulatory compliance. That has held back many organizations from going full-bore with virtualization.

"'Security' tools in virtualized environments are becoming less about pure security functions, like firewalls and IDP [intrusion detection and prevention], and much more focused on increasing the management and visibility of virtualization, and keeping pace with the velocity of change, configuration control, and compliance," says Christofer Hoff, an independent analyst and blogger. "HyTrust does so in a very elegant manner. Their approach is based on the old adage [that] you cannot manage that which you cannot see."

What's different about HyTrust's virtualization management and control approach is that it sits both physically and logically between the network and proxies all configuration requests -- in real-time, Hoff says. The closest thing thus far has been something like Catbird Networks' V-Security system, he says, which is more of a detection approach. "Catbird uses their [virtual] agent and a VM to tie into VMware's virtual center, and then when a change occurs, it can either alert or remediate -- like HyTrust's -- but theirs is really a reactive/detective approach since it is not inline."

HyTrust's automated system also maps any requests to specific user roles by integrating with Microsoft's Active Directory system. And any logging can then be mapped back directly to a single user, Hoff says.

To date, many organizations have been struggling to manually manage their change control in virtual environments, says Eric Chiu, CEO of HyTrust. "They just can't keep up [using that approach]," he says. "This [technology] is a central point of control over a virtual infrastructure on part with a physical" network, including automation and integration with directory services.

Chiu says the company has about a dozen beta customers, including Stanford Hospital and Clinics, which had been holding back on virtualizing any systems that contained patient record information due to HIPAA worries. "After testing [our appliance], they believe they have the ability to have a more secure virtual infrastructure than in their physical infrastructure," Chiu says.

But the main risk with HyTrust's centralized approach is that it can also present a single point of failure, too, Hoff says.

Meanwhile, VMWare has provided HyTrust with its source code for integration purposes, and HyTrust will work with Citrix to support its XEN environment. (It currently supports only VMware VI 3.0x, ESX 3.0x or higher, and ESXi). Cisco and HyTrust will work together on integrating HyTrust's technology with its new UTS servers, and Symantec's Alteris group plans to "ultimately" include support for HyTrust in its products, Chiu says.

The enterprise version of the HyTrust Appliance is priced at $7,500 for the physical appliance and $3,000 for a virtual application license. An ESC host-protection license is $1,000 for a two-CPU host. HyTrust also plans to offer a free virtual appliance, HyTrust Appliance: Community Edition, later this month for small companies to automate virtualization. It supports up to three ESX hosts.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.