Virtualization Technology News and Information
Configuresoft Expands Security and Compliance Coverage to Include CIS VMware ESX 3.x Server Benchmark
Configuresoft, the world's leading enterprise server configuration management company, today announced at the RSA Conference in San Francisco that it has enhanced its continuous compliance and security capabilities for VMware environments with support for the Center for Internet Security (CIS) VMware ESX Server Benchmark. Support for this Benchmark enables IT Operations to easily measure compliance with best practices for hardening virtual environments from a broad consensus of industry experts.

Last year, at a birds-of-a-feather session at RSA, CIS and Configuresoft developed a benchmark working group and with input from more than 200 virtualization and security experts from the commercial market, federal organizations, manufacturers and the software industry created the industrys first virtual machine security benchmark. CIS benchmarks and guidelines are unique in the industry in that they are created via broad consensus. This benchmark extends and enhances the hardening guidelines offered by the manufacturers by consolidating the expert opinion of the worlds leading security professionals. CIS benchmarks and guidelines can be downloaded from

Configuresofts Enterprise Configuration Manager (ECM) for Virtualization extends the IT organizations ability to visualize and manage virtual environments providing end-to-end, at-a-glance visibility across VMware environments. With Configuresofts Enterprise Configuration Manager (ECM) for Virtualization and the CIS ESX Server Benchmark template, IT organizations can automatically measure and manage compliance across the VMware environment including hardening guidelines for installation, network security settings, logging, file permissions, user accounts and many other issues resulting from the rapid adoption of virtualization in todays datacenter.

Virtualization offers IT departments opportunities to reduce cost and increase agility; however, if this is done without implementing best practices for security and compliance, the resultant security incidents will increase costs and reduce agility, said Neil MacDonald, vice president and Gartner fellow. Existing tools and technologies may not work correctly in a virtualized environment, leading to limited visibility and a false sense of security. Organizations must ensure their established security and management processes embrace the virtual world.

Configuresofts Center for Policy and Compliance (CP&C) has led the industry in forming opinion and bringing together published security and compliance information to build a rich library of compliance toolkits that are available for download by Configuresoft customers from These CP&C Compliance Toolkits include:

Configuresofts Configuration Intelligence for Virtualization addresses the increased complexities virtualization presents by centralizing and automating the monitoring, managing and auditing of physical (host) and virtual (guest) assets across an organizations infrastructure. Further it delivers unparalleled visibility, security and control, enabling IT organizations to meet the demands of virtualized environments.

With the increased challenges of managing the security and compliance of virtualized environments now clearly recognized, the industry is looking for more automated methods to ensure that technical controls are in place and virtual machine environments are in compliance both with internal configuration standards, best practices and external regulations, said Dave Shackleford, director, Center for Policy & Compliance for Configuresoft and co-chair of the CIS ESX Server Benchmark. With the extension of the CP&C compliance templates for the CIS ESX Server Benchmark, VMware Hardening Guidelines and Configuresofts continued commitment to provide the most up-to-date guidance, you can do just that.

Published Tuesday, April 08, 2008 6:17 PM by David Marshall
Filed under:
VMware Security Compliance Tools « Virtualization Adapted - (Author's Link) - April 28, 2009 12:41 PM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2008>