SecureESX — Audit vSphere against Security Configuration Guide

It has been a long time coming: SecureESX is now available.  Do not be confused by the name, as SecureESX is not about securing ESX. That is a historical name. Instead, it is about auditing vSphere against the VMware vSphere Security Configuration Guide. It now has the added benefit of also auditing against the DISA STIG.

SecureESX was first mentioned in conjunction with the Security Operations Center using VMware vRealize Log Insight (SOC). Several dashboards within the SOC pertain to SecureESX. You can watch the 2017 VMworld session SER1361BU on YouTube to see SecureESX results in action:

Pricing is per object. An object is defined as either a VM, ESXi host, or Virtual Switch. A subscription service is required to keep the scanner updated with new data as it becomes available.

  • $7,000 per 500 objects in one vCenter server or $14 an object  including basic support for installation and configuration of the tool.
  • $5,000 per year for subscription and support

Example pricing: The system has 4 vCenters with 20 hosts, 1,000 VMs, and only 4 dvSwitches. Each host also has 1 VSS. This is 20 + 1,000 + 4 + 20 (1 VSS per host), or 1,044 objects. In this case, you would need a license for 1,500 objects plus subscription and support. If you asked for a license for only 1,000 objects, you would have no room for growth and you would miss scanning 44 objects.

Usage is designed to be run every thirty minutes or so (but no more often than every five minutes) on a continual basis. SecureESX then feeds VMware vRealize Log Insight or any other syslog-based log analytics tool with usable data.

Install is via a shell script designed for minimal-install Red Hat–based systems, such as Red Hat Enterprise Linux, CentOS, and Fedora. The shell script installs all the required packages as well as the VMware Perl SDK package. To install the Perl SDK, the script will ask for your My VMware credentials, which it does not store; it will then download the package and install it.

Runtime is also via a shell script that does everything needed. If you specified a Log Insight server, the Security Operations Center for VMware vRealize Log Insight, developed by Texiwill, will show the SecureESX results.

Ask a question, let us know your interest, or place an order by using this form:

 

Providing Consulting for all your Cloud, Security, and Virtualization Needs