HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps



Similar documents
H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Drawbacks to Traditional Approaches When Securing Cloud Environments

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud

Can You be HIPAA/HITECH Compliant in the Cloud?

How to Achieve Operational Assurance in Your Private Cloud

Protect Root Abuse privilege on Hypervisor (Cloud Security)

CloudControl Support for PCI DSS 3.0

The Comprehensive Guide to PCI Security Standards Compliance

VMware Integrated Partner Solutions for Networking and Security

CorreLog Alignment to PCI Security Standards Compliance

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

PICO Compliance Audit - A Quick Guide to Virtualization

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

PREVENTING DATA LOSS THROUGH PRIVILEGED ACCESS CHANNELS

Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

Virtualization Security Checklist

The Top 8 Questions to ask about Virtualization in a PCI Environment

Trusted Geolocation in The Cloud Technical Demonstration

FairWarning Mapping to PCI DSS 3.0, Requirement 10

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Compliance and Industry Regulations

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

PCI Compliance for Cloud Applications

RSA Security Solutions for Virtualization

Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology

Enforcive / Enterprise Security

Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP

Virtual Compliance In The VMware Automated Data Center

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

<COMPANY> PR11 - Log Review Procedure. Document Reference Date 30th September 2014 Document Status. Final Version 3.

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

FISMA / NIST REVISION 3 COMPLIANCE

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009

CSP & PCI DSS Compliance on HP NonStop systems

How to Define SIEM Strategy, Management and Success in the Enterprise

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

SonicWALL PCI 1.1 Implementation Guide

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

How To Protect Virtualized Data From Security Threats

High End Information Security Services

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

How To Buy Nitro Security

White Paper. PCI Guidance: Microsoft Windows Logging

Security Compliance in a Virtual World

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Secret Server Splunk Integration Guide

Achieving PCI Compliance for: Privileged Password Management & Remote Vendor Access

Securely Outsourcing to the Cloud: Five Key Questions to Ask

March

How RSA has helped EMC to secure its Virtual Infrastructure

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

Virtualization Impact on Compliance and Audit

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

74% 96 Action Items. Compliance

Did you know your security solution can help with PCI compliance too?

SECURELINK.COM COMPLIANCE AND INDUSTRY REGULATIONS

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Best Practices for PCI DSS V3.0 Network Security Compliance

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

Teleran PCI Customer Case Study

IBM Security Privileged Identity Manager helps prevent insider threats

NIST Accelerator Automated Real-Time Controls to Protect Against Cyberattacks & Insider Threats

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials

HP Server Automation Standard

Privileged Identity Management for the HP Ecosystem

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

TRIPWIRE NERC SOLUTION SUITE

HyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1.

Secret Server Qualys Integration Guide

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

CA ControlMinder for Virtual Environments May 2012

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Compliance Guide: PCI DSS

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Transcription:

WHITE PAPER HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

Summary Summary Compliance with PCI, HIPAA, FISMA, EU, and other regulations is as critical in virtualized and private cloud environments as it is in the traditional data center. The VMware platform provides some of the log data required to show compliance, but there are large logging gaps such as no unique user ID for every administrative operation and no records of denied operations that can only be filled with a purpose-built solution. HyTrust delivers the missing log data while securing virtual infrastructure access. Enterprises can now increase profitability by securely virtualizing workloads that must stay compliant.

Why HyTrust Virtualization Under Control HyTrust has become the de facto standard for access control and policy enforcement in VMware environments. By filling gaps in virtual infrastructure security and compliance, HyTrust gives enterprises the assurance they need to virtualize their mission critical applications and reap the associated financial benefits. HyTrust Appliance enforces role-based and asset-based policies covering VMware privileged users, resources, and management interfaces. The HyTrust approach to virtualizing Tier 1 workloads securely also includes comprehensive, audit-quality logging; stronger authentication for the VMware platform; and protections for virtual infrastructure integrity. 1

Your Challenge Your Challenge Many enterprises have virtualized, or want to virtualize, workloads subject to compliance requirements. Their goal is to extend the operational benefits and cost savings they ve received from virtualizing lower tier workloads. However, IT organizations that worked hard to make their data centers compliant are increasingly concerned about the potential for costly audit failures or compliance violations in their virtual environments. In addition, they often need to meet IT governance requirements, including passing internal audits, to get the security affirmation needed to virtualize Tier 1 workloads with compliance requirements. At the same time, enterprises are realizing that virtualization platform on its own has security and regulatory compliance limitations that can make virtualizing sensitive workloads a high risk proposition. Some enterprises have already failed a security audit because of an unmet requirement related to virtualization. Many compliance challenges in the virtual environment involve authentication and access control, which are primary requirements of most information security regulations. For instance, PCI DSS v2.0 has a section titled Implement Strong Access Control Measures with requirements categories Restrict access to cardholder data by business need to know (#7) and Assign a unique ID to each person with computer access (#8). The Health Insurance Portability and Accountability Act (HIPAA) includes requirements categories such as Information Access Management and Access Control. The National Institute of Standards and Technology (NIST) guidelines for the Federal Information Security Management Act (FISMA) includes control families Access Control and Identification and Authentication. These compliance categories usually have specific requirements for tracking administrative identity and activity. The PCI standard provides a representative list: Requirement for a documented approval by authorized parties specifying required privileges. Assign all users a unique ID before allowing them to access system components. Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user. Implement automated audit trails for all system components to reconstruct: All actions taken by any individual with root or administrative privileges Access to all audit trails Use of identification and authentication mechanisms Initialization of the audit logs Creation and deletion of system-level objects These requirements can only be fulfilled by compiling comprehensive, readily accessible logs of all activity by each administrative or privileged user of the virtual infrastructure. The logs must cover all use of the platform, including access through different management interfaces. The log data needed to prove compliance includes: Unique ID of the privileged user associated with every attempted operation Source IP address of each attempt Identities and before-and-after states of reconfigured resources such as virtual network adapters Records of denied or failed operations 2

Our Solutions Our Solution HyTrust Appliance records all the VMware privileged user log data needed to achieve compliance in the virtual environment. It creates an audit trail with the essential details of every successful and failed operation - conducted through any vsphere administrative interface - and associates a unique user ID with every record. HyTrust Appliance automatically compiles the logs from vcenter and all vsphere hosts in a uniform, easily accessible format. It then forwards the data to a central repository via syslog or to HP ArcSight, Splunk applications, RSA envision, or McAfee epolicy Orchestrator (epo) based on native integration with those SIEM and log management solutions. HyTrust logs a unique user ID for every permitted and denied operation, and records other essential information that auditors require to certify compliance In addition to providing a unique user ID for every event, HyTrust supplements the log data available from the virtualization platform with other information needed for compliance, including: Source IP addresses of operation attempts Hypervisor configuration changes Identities of reconfigured resources, including virtual machines, networks, and datastores Previous resource state New resource state Labels of virtual assets (e.g., Production or DMZ) Privileges required to conduct an operation Operation denials and failures, with additional details such as missing privileges 4

Your Challenge Enterprises are increasingly discovering that the vsphere platform does not give them this data. VMware privileged users typically share a root account, making it impossible to assign a unique user ID to every logged event. Furthermore, privileged users can completely bypass the platform s logging mechanisms in various ways, such as directly connecting to a host server via SSH. Relying on the platform s logging capabilities can also drain IT productivity. Logs compiled by the vcenter management application are in a different format than the logs on the hosts, and there is no mechanism for automatically compiling host logs in a central location. In addition, the platform lacks native integration with leading SIEM and log management applications such as HP ArcSight, Splunk, RSA envision, and McAfee epolicy Orchestrator (epo). This makes it difficult for the enterprise to gain a single view of security and compliance spanning the traditional data center, the virtual infrastructure, and private clouds. 3

Our Solutions When an enterprise uses HyTrust s unique Secondary Approval process to block a user s attempted operation until a designated party approves it, HyTrust Appliance logs the requestor and approver IDs, the date and time of the request whether the action was approved/denied, and the time window for executing an approved request. HyTrust s comprehensive log data also enables forensic analysis of possible security breaches in the virtual environment, promoting both privileged user accountability and a stronger overall security posture. This security benefit, along with primary HyTrust functions such as granular role- and asset-based access control, hypervisor configuration hardening, and support for two factor authentication, magnifies the compliance value HyTrust provides. HyTrust Appliance is pre-integrated with leading SIEM and log management solutions such as this Splunk dashboard By automating log processing and filling gaps in the virtualization platform s logs, HyTrust helps prevent costly audit failures and compliance violations while increasing virtualization operations productivity. For more information on how HyTrust enables greater virtualization of workloads that must stay compliant, visit www.hytrust.com/products/capabilities, email questions to sales@hytrust.com, or call HyTrust at [650-681-8100] for a free consultation. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information