Answering the Challenges facing today’s CISO

“For large, cloud-based workload deployments, cloud security posture management
capabilities should be considered mandatory.”

Source: Gartner

PRIVATE CLOUD

vGate

Cloud Security Posture
Management Platform

OUR HOLISTIC APPROACH TO PRIVATE CLOUD SECURITY

vGate_text

KEY FEATURES

Granular Microsegmentation

Virtualization-native network access policy engine allows you to instantly enforce and update network protection policy around your virtual network without affecting network topology.

Virtual machine datastore protection

Unique access control mechanism protects sensitive virtual machine data store from unauthorized access and downloading sensitive data to Admin’s endpoint.

Evasion resistant audit log

Prevent hacker from covering his tracks in private cloud management. Administrator activity logs are stored far behind their reach. It simplifies incident forensics and remediation.

USE CASES

Private cloud admin activity control

Independent virtual infrastructure management access control
Protection against private cloud admin account compromise
Independent audit trail of private cloud admin’s actions

Approach

  • Segregation of duties between security and private cloud administrators
    • Security administrator can set security policy but have not access to the infrastructure
    • Private cloud admin can access only explicitly allowed objects
  • Private cloud admin access restrictions
    • VM console access
    • Datastore access
    • File download restriction
  • Predefined role templates
    • Virtual infrastructure administrator
    • VM administrator
    • vNetwork administrator
    • vDatastore administrator
    • VM user
    • Auditor
  • VM hardware configuration change confirmation
    • Change will not commit until security administrator approve it
  • Strong authentication
  • Separate audit log storage

Results

  • Restricted access to virtual infrastructure management
  • Reduced risks of downtime due to damage to the virtual infrastructure
  • Reduced risks of financial losses due to information leaks related

Security posture management

Private cloud security hardening
Compliance requirements enforcement

Approach

  • Virtual machine security and access control
    • Snapshot restriction
    • Clone restriction
    • Storage data wiping
    • Device control
  • Hypervisor hardening
    • Host Lockdown mode enforcing
    • USB drive mount restriction
    • Host SSH restriction
    • VM log restriction
    • Host application whitelisting
    • Segregation between management and production networks
  • Security monitoring
    • Hypervisor, management server and vGate event correlation
    • Single pane of glass dachboard
  • Compliance templates
    • VMware vSphere 6.7 Security Configuration Guide
    • VMware vSphere 6.5 Security Configuration Guide
    • VMware vSphere 6.0 Security Hardening Guide
    • CIS security controls 6.5
    • PCI DSS 3.2
    • Custom templates
  • Reports
    • Configuration changes
    • Non-work hours access
    • Most active users
    • VM boot statistics
    • Security policy statistics
    • Account management
      • VMware
      • vGate
    • Compliance audit

Results

  • Reduced risk of private cloud-related security incidents
  • Reduced resources to prove private cloud security compliance to auditors

Virtual network microsegmentation

Flexible network segmentation for virtual networks
Network security policy enforcement along with VM creation
Little performance impact

Approach

  • Centralized management
  • Layer 2 firewall
  • Deep hypervisor integration
    • Agentless for VM
    • Policy follows VM (in case of migration to another host)
    • VM could be objects for filtering rules
  • Managing through both GUI and API
  • Works with any vSwitch
    • Standard
    • Distributed
    • Third Party

Results

  • Reduced risks of horizontal hacker propagation
  • Fast VM quarantine
  • DevSecOps implementation