Verify platform integrity: The integrity of the entire infrastructure stack rests on the premise that the hypervisor is trusted and fully hardened. HyTrust Appliance provides verification of the hypervisor by assessing the hypervisor configuration against industry-standard configuration templates. Unique to HyTrust is the additional ability to verify the trust of the hardware layer via Intel TXT. Validate all change requests: From its unique vantage point, HyTrust Appliance inspects every virtual infrastructure change request, approving or denying it in accordance with your defined policies. These policies are fully customizable and flexible enough to handle any complex situation. Serve as the system of record: As the central authority over all change requests, HyTrust Appliance provides granular, user-specific log records that can be used for regulatory compliance, troubleshooting, and forensic analysis. It offers a deep visibility into the state of and changes to cloud infrastructure.
With the McAfee Cloud Security Platform, customers can identify, classify, and protect critical data while it moves between their enterprise and the cloud—all e-mail, Web, and authentication traffic. McAfee Cloud Security Platform has a modular, open platform that customers can build upon to extend their enterprise security policies into the cloud. McAfee Cloud Security Platform leverages our Global Threat Intelligence, which collects threat intelligence from more than 100 million nodes and across file, e-mail, and Web and network threat vectors. It then leverages McAfee Labs’ more than 350 researchers to correlate that data, identify new threats, and deliver protection back into the Cloud Security Platform in real time.
Hardware-based Layer 2 VLANs built on Cisco switching fabric: This allows for customer-controlled network configuration (see details in question 1). • Segmentation of public and private IP space (servers are assigned only private IPs when deployed) • NAT and VIP functions that expose only those private IP addresses you want exposed to the public Internet • Customizable ACL firewall rules that allow: - Load balancing and port translation across multiple virtual servers, with the ability to take servers in and out of service manually, programmatically, or based on monitoring probes - Layer 2 multicast support for clustering implementationsv Sophisticated role-based administrative controls: With unique user names and passwords for multiple administrators and role-based permissions that enable administrators to limit sub-administrators to managing only certain resources, such as servers, storage, or networks Continued on next page.
19 Intel IT Center Vendor Round Table | Cloud Security