Configuresoft, the world's leading enterprise server configuration management company, today announced at the RSA Conference in San Francisco that it has enhanced its continuous compliance and security capabilities for VMware environments with support for the Center for Internet Security (CIS) VMware ESX Server Benchmark. Support for this Benchmark enables IT Operations to easily measure compliance with best practices for hardening virtual environments from a broad consensus of industry experts.
Last year, at a birds-of-a-feather session at RSA, CIS and Configuresoft developed a benchmark working group and with input from more than 200 virtualization and security experts from the commercial market, federal organizations, manufacturers and the software industry created the industry’s first virtual machine security benchmark. CIS benchmarks and guidelines are unique in the industry in that they are created via broad consensus. This benchmark extends and enhances the hardening guidelines offered by the manufacturers by consolidating the expert opinion of the world’s leading security professionals. CIS benchmarks and guidelines can be downloaded from cisecurity.org
Configuresoft’s Enterprise Configuration Manager (ECM) for Virtualization extends the IT organizations ability to visualize and manage virtual environments providing end-to-end, at-a-glance visibility across VMware environments. With Configuresoft’s Enterprise Configuration Manager (ECM) for Virtualization and the CIS ESX Server Benchmark template, IT organizations can automatically measure and manage compliance across the VMware environment including hardening guidelines for installation, network security settings, logging, file permissions, user accounts and many other issues resulting from the rapid adoption of virtualization in today’s datacenter.
“Virtualization offers IT departments opportunities to reduce cost and increase agility; however, if this is done without implementing best practices for security and compliance, the resultant security incidents will increase costs and reduce agility,” said Neil MacDonald, vice president and Gartner fellow. “Existing tools and technologies may not work correctly in a virtualized environment, leading to limited visibility and a false sense of security. Organizations must ensure their established security and management processes embrace the virtual world.”
Configuresoft’s Center for Policy and Compliance (CP&C) has led the industry in forming opinion and bringing together published security and compliance information to build a rich library of compliance toolkits that are available for download by Configuresoft customers from www.configuresoft.com. These CP&C Compliance Toolkits include:
Configuresoft’s Configuration Intelligence for Virtualization addresses the increased complexities virtualization presents by centralizing and automating the monitoring, managing and auditing of physical (host) and virtual (guest) assets across an organization’s infrastructure. Further it delivers unparalleled visibility, security and control, enabling IT organizations to meet the demands of virtualized environments.
“With the increased challenges of managing the security and compliance of virtualized environments now clearly recognized, the industry is looking for more automated methods to ensure that technical controls are in place and virtual machine environments are in compliance both with internal configuration standards, best practices and external regulations,” said Dave Shackleford, director, Center for Policy & Compliance for Configuresoft and co-chair of the CIS ESX Server Benchmark. “With the extension of the CP&C compliance templates for the CIS ESX Server Benchmark, VMware Hardening Guidelines and Configuresoft’s continued commitment to provide the most up-to-date guidance, you can do just that.”