SecureESX – Audit VMware vSphere with Full Drift Analysis

Audit vSphere against the VMware Security Configuration Guide and DISA STIG with full security and system level configuration drift reporting across multiple runs. Find out if anything what has changed between multiple audit runs.

Description

Use SecureESX to audit vSphere against the VMware Security Configuration Guide and DISA STIG with full security and system level configuration drift reporting across multiple runs. Find out if anything what has changed between multiple audit runs.

SecureESX was first mentioned in conjunction with the Security Operations Center using VMware vRealize Log Insight (SOC). Several dashboards within the SOC pertain to SecureESX. You can watch the 2017 VMworld session SER1361BU on YouTube to see SecureESX results in action:

Pricing is per object. An object is defined as either a VM, ESXi host, or Virtual Switch. A subscription service is required to keep the scanner updated with new data as it becomes available.

  • $7,000 per 500 objects in one vCenter server or $14 an object  including basic support for installation and configuration of the tool.
  • $5,000 per year for subscription and support

Example pricing: The system has 4 vCenters with 20 hosts, 1,000 VMs, and only 4 dvSwitches. Each host also has 1 VSS. This is 20 + 1,000 + 4 + 20 (1 VSS per host), or 1,044 objects. In this case, you would need a license for 1,500 objects plus subscription and support. If you asked for a license for only 1,000 objects, you would have no room for growth and you would miss scanning 44 objects.

Usage is designed to be run every thirty minutes or so (but no more often than every five minutes) on a continual basis. SecureESX then feeds VMware vRealize Log Insight or any other syslog-based log analytics tool with usable data.

Install is via a shell script designed for minimal-install Red Hat–based systems, such as Red Hat Enterprise Linux, CentOS, and Fedora. The shell script installs all the required packages as well as the VMware Perl SDK package. To install the Perl SDK, the script will ask for your My VMware credentials, which it does not store; it will then download the package and install it.

Runtime is also via a shell script that does everything needed. If you specified a Log Insight server, the Security Operations Center for VMware vRealize Log Insight, developed by Texiwill, will show the SecureESX results.