Answering the Challenges facing today’s CISO

“For large, cloud-based workload deployments, cloud security posture management
capabilities should be considered mandatory.”

Source: Gartner



Cloud Security Posture
Management Platform




Granular Microsegmentation

Virtualization-native network access policy engine allows you to instantly enforce and update network protection policy around your virtual network without affecting network topology.

Virtual machine datastore protection

Unique access control mechanism protects sensitive virtual machine data store from unauthorized access and downloading sensitive data to Admin’s endpoint.

Evasion resistant audit log

Prevent hacker from covering his tracks in private cloud management. Administrator activity logs are stored far behind their reach. It simplifies incident forensics and remediation.


  • Independent virtual infrastructure management access control
  • Protection against private cloud admin account compromise
  • Independent audit trail of private cloud admin’s actions


  • Segregation of duties between security and private cloud administrators
    • Security administrator can set security policy but have not access to the infrastructure
    • Private cloud admin can access only explicitly allowed objects
  • Private cloud admin access restrictions
    • VM console access
    • Datastore access
    • File download restriction
  • Predefined role templates
    • Virtual infrastructure administrator
    • VM administrator
    • vNetwork administrator
    • vDatastore administrator
    • VM user
    • Auditor
  • VM hardware configuration change confirmation
    • Change will not commit until security administrator approve it
  • Strong authentication
  • Separate audit log storage


  • Restricted access to virtual infrastructure management
  • Reduced risks of downtime due to damage to the virtual infrastructure
  • Reduced risks of financial losses due to information leaks related
  • Private cloud security hardening
  • Compliance requirements enforcement


  • Virtual machine security and access control
    • Snapshot restriction
    • Clone restriction
    • Storage data wiping
    • Device control
  • Hypervisor hardening
    • Host Lockdown mode enforcing
    • USB drive mount restriction
    • Host SSH restriction
    • VM log restriction
    • Host application whitelisting
    • Segregation between management and production networks
  • Security monitoring
    • Hypervisor, management server and vGate event correlation
    • Single pane of glass dachboard
  • Compliance templates
    • VMware vSphere 6.7 Security Configuration Guide
    • VMware vSphere 6.5 Security Configuration Guide
    • VMware vSphere 6.0 Security Hardening Guide
    • CIS security controls 6.5
    • PCI DSS 3.2
    • Custom templates
  • Reports
    • Configuration changes
    • Non-work hours access
    • Most active users
    • VM boot statistics
    • Security policy statistics
    • Account management
      • VMware
      • vGate
    • Compliance audit


  • Reduced risk of private cloud-related security incidents
  • Reduced resources to prove private cloud security compliance to auditors
Virtual network microsegmentation
  • Flexible network segmentation for virtual networks
  • Network security policy enforcement along with VM creation
  • Little performance impact


  • Centralized management
  • Layer 2 firewall
  • Deep hypervisor integration
    • Agentless for VM
    • Policy follows VM (in case of migration to another host)
    • VM could be objects for filtering rules
  • Managing through both GUI and API
  • Works with any vSwitch
    • Standard
    • Distributed
    • Third Party


  • Reduced risks of horizontal hacker propagation
  • Fast VM quarantine
  • DevSecOps implementation