SpyLogix for VMware vSphere

SpyLogix for VMware vSphere is a data access module designed to continuously monitor vSphere security. All administrative RBAC security settings are first discovered, and then monitored continuously for changes. Administrative and system tasks (activity or events) are also continuously recorded. RBAC and task data are automatically accessed over a network using native vSphere APIs (without agents) from a central server running SpyLogix for VMware vSphere.

What does SpyLogix for VMware vSphere module do?

VMware vSphere security data is mapped into well-formed, standardized messages and communicated via a broker to any companion SpyLogix Platform (prerequisite) server for advanced processing.

What does SpyLogix Platform provide module do?

SpyLogix Platform consumes messages from one or more SpyLogix modules and enables an enterprise to efficiently leverage multi-sourced security data for business advantage.

SpyLogix Platform capabilities may be summarized as follows:

• messages may be received
  • Locally
  • Sent to remote support teams or
  • Routed to cloud security-as-a-service (SaaS) providers
• Data Management automatically process and smartly stores parsed data persistently.
• Data actualization leverages data to make it efficiently usable

See the SpyLogix Enterprise data sheet for more information on automated management, actualization, interactive console and more features included with prerequisite SpyLogix Platform software.

• Security Intelligence
  • Enhanced Visibility
  • Situational Awareness
  • Analysis, Visualization and Reporting
    
    • Administrative RBAC
    • Administrative Tasks
    • System Tasks
• Continuous Data Access
  • Native Data Access
  • No Reliance on Logs (by API)
  • SpyLogix Message Design
• Communication Services
  • Message Streaming
  • Message Broker
    • Multi-platform
    • Message Store/Forward
    • Message Mirroring
    • 1:Many Routing
  • Web Services (data in)
• Automatic Data Management
  • Intelligent Message Parser
  • Historical Data Storage
  • LINQ/Odata Enabled
• Real-Time Data Actualization
  • ActionLogix™
    • Policies
    • Alerts | Notifications
    • Event Synthesis
    • Message Forwarder
    • Extensibility Layer
  • Interactive Dashboard
    
    • Data Query and Filter
    • Data Analysis
    • Data Visualization
    • Reports
    • Data Export | Sharing
  • Report Scheduler
  • Web Services (data out)

What is VM sprawl?

As virtualized infrastructures grow, the simplicity of spawning new virtual machines (VMs) makes security management more difficult with time. Managing VM administrative access rights and daily activities (tasks) can become challenging. In fact, the industry has coined a phrase “VM sprawl” to characterize generally these new management challenges. VM sprawl complicates virtual machine security administrative rights and activity tracking.

Why does VM sprawl complicate administrative RBAC security?

SpyLogix for VMware vSphere will discover and monitor administrative role based access control (RBAC) settings across multiple supported identity and access management stores controlling access to the VMware virtualized enterprise.

For example, for a moderately secured vSphere environment with only 10 users/groups assigned to 10 roles associated with just 100 permissions (actually there is more) would result in 10 x 10 x 100 = 10,000 possible combinations for securing administrator, administrative and system access rights to the virtualized infrastructure. 10,000 becomes millions of access rights to monitor where one small error (or purposeful change) can result in VMware virtualized infrastructure configuration errors and data exposure risk.

What is unique about SpyLogix VMware vSphere task collection?

Many organizations start with hypervisor only virtualization. These tasks (a.k.a. administrative and system events) are not persistently stored! SpyLogix for VMware vSphere integrates natively with the ESX/ESXi hypervisor to persistently record and actively manage these ephemeral tasks for security service process improvement.

For vSphere/vCenter environments tasks are persistently recorded. SpyLogix for VMware vSphere discovers persistent tasks by performing an on-demand baseline, and then monitors all new tasks over a network connection (agent-less) using native VMware interfaces. In this way external physical log data is not needed for SpyLogix monitoring of VMware vSphere.

Governance, risk control and compliance initiatives within VMware infrastructures have evolved to depend on continuous recording of activities (tasks) being performed by administrators and the vSphere system components. In some entry VMware virtualized infrastructures task activity is not persistently recorded. For robust virtualized enterprises using vCenter tasks are persistently recorded. SpyLogix for VMware will discover and monitor both persistent and non-persistent administrative and system activity (tasks or events) data.

• Enhanced continuous information security process efficiencies
• Better enterprise information security management and control
• Improved “time-to-value” for securing business data assets
• Easier access to compliance reports
• Simplified enablement for “continuous management” IT GRC initiatives

 

Resources

SpyLogix Module for VMware Data Sheet – Provides a detailed look at the benefits, key capabilities and features for the SpyLogix Module for VMware

Virtualization Security Roundtable

Click Here for Podcast

Demo

Please complete the below registration form and a IdentityLogix representative will contact your soon to schedule a SpyLogix Demo.