Stop Lateral Attacks Between VMs
Hillstone CloudHive provides micro-segmentation to secure each virtual machine (VM) in the cloud. It provides comprehensive visibility of East-West traffic and provides complete protection to stop lateral attacks between VMs. In addition, the CloudHive security service can scale easily to meet demand without business interruption.
Hillstone CloudHive is comprised of three types of virtual modules that work together as a single appliance to provide complete security to each virtual machine.
- Virtual Security Orchestration Module (vSOM), integrated and connected with Cloud Management Platforms (CMPs), manages the CloudHive service lifecycle.
- Virtual Security Control Module (vSCM) is the control panel, supporting policy configuration and distribution, as well as managing the lifecycle of the vSSM.
- Virtual Security Service Module (vSSM) is deployed on each physical server to implement micro-segmentation and provide L2-L7 security services.
- Virtual Data Service Module (vDSM) is an optional log forwarding module which forwards CloudHive logs to external syslog servers. It supports massive log forwarding via multi-module load balancing deployment.
Achieve Unparalleled Live Traffic Visibility
All virtual machines’ access points can be monitored to provide visibility of traffic, applications and threats related to this VM, which is the cornerstone for enabling East-West traffic control and protection. VM topology, traffic insight, application identification, as well as comprehensive log features allow Cloud Service Providers (CSPs) to meet compliance and security audit requirements.
Reduce Attack Surface to Nearly Zero
Each CloudHive Virtual Security Service Module (vSSM) is deployed on a physical server, enabling micro-segmentation for inter-VM communication. East-West traffic is secured with L2-L7 security services, including firewall features such as policy control and session limits, advanced security features such as Intrusion Prevention System (IPS) and Attack Defense (AD), as well as fine-grained application control. Real-time mitigation also blocks, impedes or quarantines active attacks.
Effortlessly Scale Security through Active Orchestration
On-demand security services can be applied to any and all new workloads and VMs through the scalability of vSSM. The deployment of vSCM enables unified security policy configuration for each VM. CloudHive supports vMotion to ensure security services persist in the event the VM moves, existing VM flows will not be interrupted by vMotion.
Improve Efficiency while Reducing Costs
CloudHive Layer 2 deployment does not impact existing network topology. It minimizes deployment and configuration overhead, without business impact or network interruption. In addition, the ease of management advantage of a single appliance reduces operational errors and improves overall efficiency. Total cost of ownership is also reduced as CloudHive security services do not need any upgrade or expansion of the current cloud management platforms.