VMware released the vSphere 5 Security Hardening Guide on June 1, 2012. The guide provides customers with an exhaustive list of security guidelines and best practices, plus a set of scriptlets to help automate the application of the guidelines. The guide is in Excel format and provides details on vulnerabilities, controls, assessment procedures, and remediation steps to harden VMware vSphere (including ESXi, vCenter, vNetworks, and VM’s). The guide is available for download here. While customers with regulatory requirements (HIPAA, SOX, PCI, FISMA, etc.) will benefit most from this guide, all VMware customers should review the Security Hardening Guide to ensure they maintain as secure of a vSphere implementation as possible.
As exhaustive as the guide is, using it to provide continuous monitoring and remediation of a vSphere environment can be daunting. Fortunately, VMware offers a set of products to help automate scanning, alerting, patching, and remediation of virtual environments. For a quick and easy look at your environment’s security posture, VMware offers a free VMware Compliance Checker for vSphere and PCI DSS utility for providing an assessment of your environment against security, compliance, and audit best practices. If you have heavy GRC requirements, VMware vCenter Configuration Manager automates hardening, configuration, change and compliance reporting for all virtual and physical servers in an IT environment.
When paired with the VMware vShield products, VMware’s security offerings can help provide defense in depth for virtualized environments while extending security services to cover all components of a datacenter. vShield App provides virtual network segmentation, plus comprehensive logging of all virtual machine activity. For regulated industries (finance, healthcare, payment card) the vShield App with Data Security provides sensitive data discovery (credit card #’s, SSN, etc.) across all VM’s by leveraging the unique position of the vSphere hypervisor to gain insight into virtualized workloads. vShileld Edge provides firewall, NAT, DHCP, VPN, load balancing, and network flow monitoring within the virtualized cloud. Finally, vShield Endpoint leverages the hypervisors unique insight into potentially malicious activity without relying on in-guest agents for antivirus and anti-malware, effectively placing security services much closer to the actual elements you are trying to protect – CPU, Memory, Network and Storage.
Finally, VMware vCenter Protect provides a patch management tool for Microsoft, Adobe, Java and other software packages (Essentials bundle), and for mid-sized or regulated customers the Essentials Plus bundle adds Antivirus (based on GFI’s Sunbelt Software VIPRE Antivirus), Power Management, Configuration Management, and ITScripts capabilities to more efficiently manage endpoint configuration tasks.
With an array of cutting-edge products, Clearpath’s team can help customers quickly and easily deploy multiple layers of defense within their virtualized datacenter while helping to reduce the overhead associated with traditional security technologies. Contact us today if you have questions on how to implement or automate security in your VMware environment, and check out our free trials of all of these VMware products at http://clearpathsg.com/vmware-free-trials.