Catbird Suite Serves Private, Public Clouds

Catbird fills virtualization gaps, particularly in security and compliance.

• By Jane Clabby
• 10/29/2010

One of the common criticisms of virtualized cloud environments is lack of visibility into the cloud which creates questions about security and compliance. Products designed to manage physical infrastructure are ineffective in virtualized environments. Virtualizing creates "gaps" that can't be filled with traditional security products. For example, physical security is incapable of showing what is going on between virtual machines (VMs). When physical security is used in virtual environments, hypervisor privileges trump security, creating another potential gap. And VM mobility makes layer 2 and layer 3 (physical) security infeasible.

Security products developed for virtualized environments are just starting to gain credibility with enterprise customers, and it is rare to see a single security/compliance offering that can span physical, virtual and cloud environments. However, that scenario is changing. This is particularly evident in small-to-mid-sized businesses, where public clouds are an attractive option because they offer enterprise-class services on a pay-as-you go basis without having to make an up-front investment in software. As businesses look to implement both private clouds as well as take advantage of public cloud offerings, management, security and compliance will top the list of IT management concerns.

Catbird Product Suite
With the wealth of experience gained from it managed security service provider customer base, Catbird has developed a Software as a service (SaaS) business model and a suite of software security and compliance offerings that deliver comprehensive security for both physical and virtual infrastructures. Today, Catbird leverages their strength in virtualized environments to provide a product suite that can span private and public cloud environments.

vSecurity includes vulnerability monitoring, IDS/IPS, TrustZones and NAC and basic compliance support. vSecurity supports VMware and Xen (Hyper-V is a potential future direction). This is available through the Catbird Essentials Edition (starting at $1,295 a socket).

Catbird vCompliance (see Fig. 1) delivers regulatory-based security and compliance monitoring and reporting for clients who are subject to audits such as government, financial services, retail and healthcare. vCompliance is included in the Catbird Enterprise Edition (starting at $1,995 a socket).

Figure 1. Catbird vCompliance. (Click image to view larger version.)

vSecurity Cloud Edition includes support for a multi-tenant management portal and a service-oriented architecture that provides security and compliance monitoring, management and reporting across physical, virtual, private and public clouds from a single dashboard. It can be purchased on-line from Amazon to run in Amazon's EC2 cloud. Pricing ranges from $100 to $500 per month. vSecurity Cloud Edition will be offered through partnerships.

Catbird's vSecurity Cloud Edition is available as an application service in Amazon's EC2. This means that public cloud providers have a way to demonstrate compliance with HIPAA, SOX, PCI etc. and are operating securely, eliminating one of the primary barriers to adopting public clouds.

How Does it Work?
Catbird's architecture is perfect for virtualized environments -- it uses a stateless virtual machine appliance (VMA) placed on the virtual network at key points inside the virtualization infrastructure. It is like a tiny sensor (a "catbird") converted to a virtual machine and dropped on the network. The VMAs collect event data from all points through a virtual infrastructure monitor, then the data is correlated in the Catbird Control Center. The VMA is the eyes and ears of the virtual network, relaying information aggregated from many points to the Control Center. The control center analyzes the data, looking for anomalous events or data that violates security or compliance policies. If data is found to be against policy or non-compliant, the virtual machine will immediately be quarantined. Management is through the Web-based Control Center (see Fig. 2).

Figure 2. Catbird Control Center. (Click image to view larger version.)

The Catbird Control Center has a built-in concept of multi-tenancy with Role Based Access Controls (RBAC). Service providers deploy the Control Center on a publicly accessible IP address. Service customers deploy the VMA's into their Virtual Infrastructure (VI) and register them to the publicly accessible Control Center (this concept is built into the product). If customers have VI to protect and monitor for compliance, VMAs can be controlled and configured from the Control Center.

One potential issue that customers should be aware of is that the VMAs communicate with the Control Center with Secure Socket Layer (SSL) on TCP port 443 (standard for encrypted web traffic). This would need to be configured on the service customer's firewall to be permitted outbound from the VMA to the Control Center. This is only a problem for highly secure environments and can be easily overcome by a simple configuration of the egress firewall to permit these connections outbound.

Key Features
Vulnerability Monitoring -- Catbird's Intelligent Vulnerability Monitor (IVM) runs a scan that assesses services running on open ports. It can be configured to run periodically or scan continuously and will report events based on three criticality levels. Pre-configured policies will dictate the behavior of the scan. After the scan, the Virtual Infrastructure Monitor (VIM) correlates the data that has been collected. The credentials monitor checks security related policies, reports status, and identifies anomalies.

TrustZones -- TrustZones "firewalling" dictates connection points by creating logical zones within a policy-based security templates framework (without the overhead of a firewall). TrustZones create a topology view showing a graphical format of how the system is currently configured. This model makes it easy to identify areas of concern, and can be configured to prevent communication between two virtualized servers. TrustZones share common policies and can be applied, for example, to segment departments, prevent certain machines from connecting to a public cloud environment, support compliance policies or to quarantine an unauthorized machine.

IDS/IPS -- Catbird's intrusion detection/prevention looks at all network traffic acting as a traffic sniffer and also doing a deep packet inspection (using Snort open source software). Catbird is sniffing between virtual machines and everything those virtual machines are connecting to. The administrator can see who is connecting to what, make an evaluation based on rules and policies, and then identify potential vulnerabilities.

Network Access Control (NAC) -- Catbird NAC is a Layer 2 control which is very important in virtualized environments. If the virtualized environment has a connection to a physical switch, access needs to be monitored at the physical level. NAC monitors everything that comes in on Layer 2 and, based on policy, can commit or deny (in which case that system can be automatically quarantined.

Compliance -- Catbird's vCompliance provides a look at the current state of controls abstracted through the compliance criteria. vCompliance includes default policies for Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Department of Defense Information Assurance Certification & Accreditation Process (DIACAP) and Payment Card Industry (PCI). Each policy is based on Catbird controls which are mapped to the appropriate compliance framework. This is important particularly for public cloud providers who need to demonstrate to potential clients that they are operating securely and verify that the appropriate controls are in place.

Going Forward
Catbird is well-placed when it comes to security for next-generation data centers. It has a comprehensive set of security and compliance offerings for both physical and virtual infrastructures, making the company a good choice for enterprises looking to adopt a hybrid cloud infrastructure. Cloud service providers and also benefit from Catbird's comprehensive documented security and compliance solutions. The Catbird suite does require a certain level of security expertise to take advantage of all the features, but given Catbird's strategy of selling through channel partners, those skills should be readily available.