VMware Brings In-House Benchmarking Tool to Workloads
Benchmarks are a valuable resource that help security practitioners implement and manage their cybersecurity defenses and data. One such benchmarking tool is The Center for Internet Security (CIS). They’ve published CIS Benchmarks, the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia. Organizations implement CIS Benchmark guidelines to limit configuration-based security vulnerabilities in their digital assets.
While the benchmark sets are excellent guidelines developed by consensus amongst industry experts, they need to be curated to an organization’s desired configuration sets and then have compliance be measured against organizational assets including hosts, virtual machines, workloads, and appliances.
Introducing CIS Benchmarks for VMware Carbon Black Workload
We are excited to announce the general availability of CIS Benchmarks for VMware Carbon Black Workload. Accessible to all Carbon Black Workload customers with Windows operating systems, this feature will help enterprises measure and report compliance of organizational workload assets against industry standard benchmarks published by CIS.
Our aim is to help organizations meet their security compliance against CIS benchmarks, evaluate the “hardening status” of the compute infrastructure in on-prem vSphere environments from the Carbon Black Cloud console and provide an effortless way to evaluate CIS compliance, view/report/notify on non-compliance issues and have a path for remediating any known issues.
Bringing an in-house benchmarking tool into Carbon Black Workload means more flexibility for customers. They can measure compliance against curated benchmarks and recommendations that matter to their organization, and investigate any type of workload asset, including non-compliant ones.
Figure 1: Review asset compliance against a Windows Server
This tool will allow users to:
- Create Curated Configuration Sets – Utilize the latest benchmark set for the Windows server platform and curate one or more configuration sets that can be used to evaluate assets within your organization.
- Evaluate Compute Assets Against Curated Configuration Sets – Evaluate CIS Benchmark compliance for the operating systems running on on-prem and virtual machines using the Carbon Black Cloud console. Trigger a CIS scan or view automated scan results in the CIS dashboard.
Provide Level 1 curated CIS checks for the following software: Windows Server 2019, 2016, 2012R2, 2012
- Evaluate On-prem Virtual Machines Against CIS Benchmarks – Evaluate CIS Benchmark compliance for the operating systems running on on-prem virtual machines using the Carbon Black plugin in the vSphere client. Trigger a CIS scan or view the automated scan results in the CIS dashboard.
Provide Level 1 curated CIS configuration set checks for the operating systems listed above. - View CIS Benchmark Compliance Metrics – See a dashboard view of the total number of CIS compliance checks evaluated and the total number of assets in compliance/non-compliance.
- Investigate Non-Compliant and Not Assessed Assets
Assets that are not compliant or those that were not assessed can be investigated and reported on.
Figure 2: View compliance against recommendations from a Windows Server
Please note that this feature is currently only available to those Carbon Black Workload customers running Windows operating systems. Linux support will be available later this year.
Learn More
To learn more about VMware Carbon Black Workload, check out our technical release notes and visit our TechZone page to learn more about getting started with VMware Carbon Black Workload.