SpyLogix for VMware

What does SpyLogix do?

SpyLogix for VMware is designed to continuously monitor important VMware security control points.

What security data is collected and why is it needed?

Administrative RBAC settings are first discovered, and then monitored continuously for changes.

What is VM sprawl?

As virtualized infrastructures grow, the simplicity of spawning new virtual machines (VMs) makes security management more difficult with time. Managing VM administrative access rights and daily activities (tasks) can become challenging. In fact, the industry has coined a phrase “VM sprawl” to characterize generally these new management challenges. VM sprawl complicates virtual machine security administrative rights and activity tracking.

Why does VM sprawl complicate administrative RBAC security?

SpyLogix for VMware will discover and monitor administrative role based access control (RBAC) settings across multiple supported identity and access management stores controlling access to the VMware virtualized enterprise.

For example, for a moderately secured VMware environment with only 10 users/groups assigned to 10 roles associated with just 100 permissions (actually there is more) would result in 10 x 10 x 100 = 10,000 possible combinations for securing administrator, administrative and system access rights to the virtualized infrastructure. And including the additional complexity that RBAC can be stored in vSphere/vCenter and the hypervisor, with hypervisor settings taking precedence, 10,000 becomes millions of possibilities for access rights. One small error (or purposeful change) can result in configuration errors and data exposure risks.

What is unique about SpyLogix task collection?

Many organizations start with hypervisor only virtualization. These tasks (a.k.a. administrative and system events) are not persistently stored! SpyLogix for VMware integrates natively with the hypervisor to record an manage these ephemeral tasks.

For vSphere/vCenter environments tasks are persistently recorded. SpyLogix for VMware takes a baseline (to record tasks prior to installation) and monitors for all new tasks over a network connection (agent-less) using native VMware interfaces. In this way external physical log data, which may be tampered with, is not needed for SpyLogix monitoring of VMware.

Governance, risk control and compliance initiatives within VMware infrastructures have evolved to depend on continuous recording of activities (tasks) being performed by administrators and the VMware system components. In some entry VMware virtualized infrastructures task activity is not persistently recorded. For robust virtualized enterprises using vCenter tasks are persistently recorded. SpyLogix for VMware will discover and monitor both persistent and non-persistent administrative and system activity (tasks or events) data.

SpyLogix for VMware enhances virtualized server infrastructures security using its unique capabilities for continuous security intelligence and real-time data actualization. A baseline of current administrative role based access control (RBAC) settings, defined as privileges required for invoking an operation or viewing a property, and tasks (activity) are recorded. VMware is continuously monitored for administrative RBAC changes, which may be added to persistently stored baseline data or previous changes, and new task activity.

Resources

SpyLogix Module for VMware Data Sheet – Provides a detailed look at the benefits, key capabilities and features for the SpyLogix Module for VMware

Demo

Please complete the below registration form and a IdentityLogix representative will contact your soon to schedule a SpyLogix Demo.