SummaryThis is a security automation product for use in a VMware environment. It's designed to manage security in a virtual environment by addressing the issue of concentration of risk inherent in the software-defined data centre. The idea of concentration of risk is an interesting one that, perhaps, is not quite as obvious as it should be. In a physical data centre there are many - sometimes a profusion of - physical servers. There may be multiple administrators dedicated to specific systems and, generally, everything is spread out so that a catastrophic failure or compromise is less likely since data and servers are somewhat decentralised.
Compare that with a virtual data centre, which is much smaller physically, and administrators may have unfettered (and unmonitored) access across the entire system. That is where the notion of concentration of risk comes in. That which is easy to access is easy to compromise. Add the possibility for a public cloud where your data is, essentially, outside your direct control, and you have a compact target for attack. So a solution to that challenge needs to be built from the ground up to address both the environment and the threats. That is exactly what HyTrust CloudControl does.
CloudControl supports strong authentication, role-based access control, rule of four eyes (two-person) enforcement, policy enforcement, root password vaulting and infrastructure hardening. It can integrate with Intel's TXT system as well. Also, CloudControl is an excellent security administration tool from the perspectives of compliance and analysis. The menus and drill-downs are lucid and practical, and the tight integration with VMware and Active Directory adds to the product's versatility and power.
Prices are US-based, thus indicative only.
At a glance
Price Enterprise pricing starts at £38,312 for a single data center site with 20 ESXi CPU sockets; a free community edition for up to three hosts is also available.
What it does Cloud security automation mitigates the concentration of risk caused by virtualization.
What we liked Protection of the management infrastructure internally.