There are a couple of ways to protect a system. You can place it in a concrete block and unplug it – figuratively, of course – or you can safeguard it as best you can and watch it very closely for changes. Private Core vCage takes the latter approach – a little complicated under the covers, but in practical use it is simplicity itself.
The idea is that you use a trusted computing environment, test it consistently (attestation) and ensure that the environment hasn’t changed. Encrypt everything – data at rest, in motion and in use – and depend on attestation to let you know if things start to go awry. Now, let’s look under the hood a bit.
AT A GLANCE
Price $495 per month for up to 20 servers for vCage Manager.
What it does Secures servers with software-based attestation, full-memory encryption and operating system hardening, providing a foundation for trusted computing.
What we liked Flexibility and the solid knowledge that the trusted system really can be trusted.
What we didn’t like Nothing. Once we wrapped our heads around what the product was doing and how it was doing it, we could recommend it unflinchingly.
There are two pieces to vCage: the manager and the optional host. The system works with Open Stack. The manager does the attestation while the host runs virtual machine images. These are special images that run using PrivateCores secure hypervisor. The host is packaged as a stateless live image. You boot the server from it and then perform attestation with the manager. If something – malware, rootkits, bootkits, for example – attempts to modify the kernel, attestation will fail and the server will be taken offline for repair.
There are a lot of benefits to this approach. First, the server becomes a trusted environment and the trust can be verified and maintained. Second, the process of determining that a threat has impacted the host is based in a trusted machine that, itself, is secure. Third, the system is based on the open source Linux KVM (kernel virtual machine) hypervisor and Open Stack. Everything – data in use, motion or at rest – is encrypted. Finally, it really does not matter if an attack is a zero-day or well-known. When it attempts to change the server OS, attestation detects it.
When all you have is the Manager, any changes to the server’s OS will be noted in the attestation, the server comes offline pending remediation and then can be returned to service after it passes attestation from the original clean baseline.
Returning to the host for a moment, the hypervisor, as I said above, is based on the Linux open source KVM. So that means that any virtual machine that is supported by that KVM is usable on the host. But there are some hardware considerations that make this even stronger. For example, it uses Intel TXT (Trusted Execution Technology) to validate the host. It also supports Intel Xeon last-level cache and the Intel advanced encryption standard. Of course, Intel virtualization technology is necessary, but that is present in pretty much all of the current generation of Intel-based machines.
There is a lot to like about this product. It is clean to use and provides a lot of information in its reporting, which aids diagnosis of failed attestations a lot – and can be shown to be active and effective, an important reporting requirement for regulatory compliance. Pricing is attractive and the lifecycle cost turns out to be very reasonable since it is straightforward to administer and deploy. Basically, we found nothing here not to like. It takes a bit of thinking about to get the full picture of what it does and how it does it, but make the investment in time to do that and you’ll be well-rewarded in the end.