Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

Catbird

Catbird To Enhance Virtualization Security Solution With VMware vShield Integration

by Leave a Comment

Catbird has announced plans to deliver VMware vShield controls into Catbird vSecurity through an embedded OEM partnership with VMware.

The integration will give Catbird vSecurity customers the ability to deploy the VMware vShield App as an integrated component of Catbird’s broad security and compliance solution for virtualized infrastructure.

Catbird’s vSecurity weaves multi-function security directly into the fabric of virtual and cloud infrastructure to provide comprehensive protection. Available controls include vulnerability management, IPS/IDS, network segmentation, policy enforcement, inventory, configuration and change management, as well as monitoring and enforcement in many other key operational, security and compliance areas.

Catbird Presents (Impressive) Advisory Board

by Leave a Comment

Catbird, provider of security and compliance solutions for virtual, cloud and physical networks, today announced that the company has constituted an Advisory Board and named the first five members.

The board includes industry experts, innovators and specialists in the fields of virtualization, cloud computing and security:

– Richard C. Schaeffer, Jr., a former Senior Executive with the National Security Agency (NSA)

– Pravin Kothari, Founder and CEO at CipherCloud, which uses revolutionary technology to provide cloud data protection solutions

– Shaw Chuang, former CTO and VP of Emerging Technologies at PGP Corporation, and, as a Director of Engineering for VMware, a key contributor to the ESX 3.2 release.

– David Bernstein, Managing Director of Cloud Strategy Partners and former VP and GM of Cloud Computing at Cisco

– Sunny Azadeh, President and CEO of Acctuall

Release: Catbird vCompliance, A Compliance Monitoring and Enforcement Service for Virtual and Cloud Environments

by 1 Comment

Catbird today announced the immediate availability of vCompliance, a comprehensive automated monitoring and enforcement solution that ensures security and regulatory compliance for virtualized and cloud-based data centers.

Based on Catbird’s vSecurity platform, vCompliance’s real-time continuous monitoring service instantly detects compliance violations and quarantines offending assets to ensure ongoing compliance with leading regulatory standards, such as DIACAP, SOX, HIPAA and PCI.

With the increasing presence of VMware virtualization in regulated industries such as financial services, government, retail and healthcare, comes the attendant need to ensure that these deployments meet or exceed existing compliance requirements. vCompliance is designed specifically for these environments. It unites an automated, 24×7, network monitoring service with information from the hypervisor, including a full vulnerability management solution and network access control. These critical services are mandated by regulatory specifications. Catbird vCompliance provides numerous controls required by the leading regulatory standards organizations and the most common security frameworks.

Catbird vCompliance can actually make virtualized assets more compliant than physical, providing yet another incentive for businesses to move to cloud-based and virtualized environments, in addition to the inherent cost savings and provisioning ease. Designed for deployment as a cloud-based service, vCompliance provides a comprehensive and integrated virtualized compliance product, including:

  • Continuous and automated audit and enforcement to meet the requirements of PCI, HIPAA, SOX, DIACAP, etc.
  • Policy driven automated controls for auditing, inventory management, configuration management, change management, access control, vulnerability management, and incident response
  • Vulnerability scanning from inside the virtual subnets, with 100% visibility of all virtual machines
  • Automated enforcement and quarantine of out of compliance assets
  • Detailed statistics on compliance status for each individual asset, zone, virtual host or physical host
  • Automated, customizable reports (per compliance specification, per asset or per zone) geared for the appropriate organizational audience (management, operations, etc.) that provide a quick overview or deep-dive to help resolve compliance issues, ease remediation and restore full compliance
  • Web-based management

Via Catbird’s integrated security control console, Catbird vCompliance provides a compliance view of virtual systems in the vSphere management application. This integration brings real-time visibility and management of virtual and cloud security to a single web-based management interface, accessible from anywhere. The drag-and-drop dashboard supports automated discovery and hyperlink drill-down for intuitive management and ease of use. The multi-tenant portal provides more flexible administration options to meet the needs of multi-departmental organizations and service providers.

Seamlessly incorporated into the VMware vSphere 4 and VMware vCenter management workflow, VMware administrators can instantly monitor system compliance against standard or customized policies defined by corporate security or governance. Continuous status updates are delivered to the VMware vCenter console by “Catbirds” – stateless, non-invasive appliances deployed on the virtual subnets which act as the eyes and ears of the virtual environment.

In the event of an attempted policy violation, designated personnel are instantly alerted via an array of mechanisms and the offending activity blocked — preventing a compromise of the integrity and compliance of the system. Detailed reporting, accessible directly from the console, provides automated event logs to ease troubleshooting and remediation.

vCompliance is specifically designed to enhance overall data center performance with a minimal footprint and a flexible, fully XML and Web-services based architecture that allows for seamless integration with 3rd party reporting tools, trouble-ticketing and other enterprise-class services in a heterogeneous environment. In addition, Catbird is integrated with McAfee’s ePolicy Orchestrator (ePO) management console, providing customers with a single administrative interface for both virtual and physical security, and both network and end-point security.

Catbird Debuts VMShield 2.0 With V-Tracker

by Leave a Comment

Catbird today announced the immediate availability of VMShield 2.0 with V-Tracker.

VMShield 2.0 leapfrogs legacy virtual firewall technology to enforce compliance and policy of both network and VM state, regardless of location or movement of VMs. With V-Tracker, VMShield 2.0 combines proven virtual machine tracking capabilities with in-depth monitoring of suspect activity on the network itself; preserves policies across hosts, clusters and vendor platforms; and automatically blocks out-of-policy or compromised VMs from breaching data center security.

VMShield 2.0 with V-Tracker is the latest innovation in Catbird’s comprehensive line of cross-platform, non-invasive security solutions for virtual and physical networks. Catbird’s encyclopedic Virtual Infrastructure Security Engine (VISE) correlates hundreds of machine attributes with access control, network segmentation, vulnerability and IDP security events for both virtual and physical machines, across multiple clusters and data centers, to deliver broad asset awareness and defense-in-depth.

Moreover, VMShield’s internal or external cloud-based platform with stateless monitoring enables unprecedented visibility and control to track virtual machines across clusters and detect and thwart potential security and policy violations before they escalate to a breach.

Catbird V-Tracker uniquely fingerprints each VM it tracks, even through virtual machine mobility. In combination with Catbird’s ground-breaking TrustZones policy enforcer, these machines stay monitored and protected via the Catbird Control Center, validating and enforcing policies for all VMs within a given TrustZone. Catbird’s automated quarantine mechanism instantly shuts down non-compliant virtual machines. The architecture is designed with maximum flexibility and portability to allow for cross-host and cross-platform coverage and ease of use.

VMShield 2.0 delivers a highly-correlated approach to virtualization security, a key capability for TrustZone enforcement and data protection. At its heart is the Catbird VISE, enabling intelligence and protection not possible with simple virtual firewall technology and which goes well beyond simple segmentation and ACLs.

VMShield 2.0 with V-Tracker utilizes hypervisor APIs to be VM aware and is also designed for compatibility with Citrix Xenserver and Microsoft Hyper-V.

Unlike conventional host-based solutions, stateful appliances and proprietary hardware solutions, VMShield 2.0 leverages Catbird’s fully SOA and cloud-based stateless architecture and is 100% plug-and-play, web-enabled, and architected to have minimal impact on the virtual environment itself. VMShield 2.0 is available as part of Catbird’s flagship V-Security 2.0. The company is a VMSafe partner.

A Round Table on Virtualization Security with Industry Experts

by 3 Comments

Virtualization security or ‘virtsec’ is one of the hottest topics in virtualization town. But do we need another abbreviation on our streets? Does virtualization require its own security approach and how would it be different from the physical world?

Different opinions fly around in the blogosphere and among vendors. Some security experts claim there is nothing new under the sun and the VirtSec people are just trying to sell products based on the Virtualization Hype. Some see a genuine need to secure new elements in the infrastructure, others claim that Virtualization allows new capabilities to raise security from the ground up and cynics claim it is just a way for the Virtualization industry to get a larger piece from the security budget.

So our editors Tarry and Kris set out to clarify the different opinions, together with the support of StackSafe, they organized a conference call with some of the most prominent bloggers, industry analyst and vendors in this emerging field.

On the call were Joe Pendry (Director of Marketing at StackSafe), Kris Buytaert (Principle at Consultant Inuits), Tarry Singh (Industry/Market Analyst Founder & CEO of Avastu), Andreas Antonopoulos (SVP & Founding Partner at Nemertes Research),Allwyn Sequeira (SVP & CTO at Blue Lane), Michael Berman (CTO at Catbird), Chris Hoff (Chief Security Architect – Systems & Technology Division and Blogger at Unisys) and Hezi Moore (President, Founder & CTO at Reflex Security)

During our initial chats with different security experts their question was simple: “what does virtsec mean?”. Depending on our proposed definition, opinions varied.

So obviously the first topic for discussion was the definition of VirtSec:

Allwyn Sequeira from Blue Lane kicked off the discussion by telling us that he defined Virt Sec as “Anything that is not host security or that’s not network-based security. If there’s a gap there, I believe that gap – in the context of virtualization – would fall under the realm of virtualization security. ” He continued to question who is in charge of Inter-VM communication security, or how features such as Virtual Machine Migration and Snapshottiting add a different complexity to todays infrastructure.

Andreas Antonopoulos of Nemertes Research takes a different approach and has two ways of looking at VirtSec “How do you secure a virtualized environment” and in his opinion a more interesting question is “How do you virtualize all of the security infrastructure in an organization” Andreas also wonders how to call the new evolutions “What do you call something that inspects memory inside of VM and inspects traffic and correlates the results? We don’t really have a definition for that today, because it was impossible, so we never considered it.” He expects virtualization to change the security landscape “Just like virtualization has blurred the line between physical server, virtual server, network and various other aspects of IT, I see blurring the lines within security very much and transforming the entire industry.”

Hezi Moore from Reflex Security wants to search for actual problems. He wants to know what changed since we started virtualizing our infrastructures. “A lot of the challenges that we faced before we virtualized; are still being faced after we virtualized. But a lot of them got really intensified, got much more in higher rate and much more serious.”

Michael Berman from Catbird thinks the biggest role of VirtSec still is Education, “..and the interesting thing I find is the one thing we all know that never changes is human nature.” He is afraid of virtualization changing the way systems are being deployed with no eye on security. Virtualization made it a lot easier to bypass the security officers and the auditors. The speed at which one can deploy a virtual instance and a bigger number of them has changed drastically regarding to a physical only environment, and security policies and procedures have still to catch up. “We can have an argument whether the vendors are responsible for security, whether the hypervisors about who attack servers. The big deal here is the human factor. “

Chris Hoff summarizes the different interpretations of VirtSec in three bullets:

  • One, there is security in virtualization, which is really talking about the underlying platforms, the hypervisors. The answer there is a basic level of trust in your vendors. The same we do with operating systems, and we all know how well that works out.
  • Number two is virtualized security, which is really ‘operationalization’, which is really how we actually go ahead and take policies and deploy them.
  • The third one is really gaining security through virtualization, which is another point.

Over the past decade different Virtualization threats have surfaced, some with more truth than others. About a decade ago when Sun introduced their E10K system, they were boasting they really had 100% isolation between guest and host OS. But malicious minds figured out how to abuse the management framework to go from one partition to another. Joana Rutkowska’s “Blue Pill” Vulnerability Theory turned out to more of a myth than actual danger. But what is the VirtSec industry really worried about?

It seems the market is not worried about these kind of exploits yet. They are more worried about the total lack of security awareness. Andreas Antonopoulos summarizes this quite well “I don’t see much point in really thinking too much about five steps ahead, worrying about VM Escape, worrying about hypervisor security, etc. when we’re running Windows on top of these systems and they’re sitting there naked”.

Allwyn from Blue Lane however thinks this is an issue…certainly with Cloud Computing becoming more popular, we suggest to seriously think about how to tackle deployment of Virtual Machines in environments we don’t fully control. The Virtual Service Providers will have to provide us with a secure way to manage our platforms, and enough guarantee that upon deployment of multiple services these can communicate in a secured and isolated fashion.

Other people think we first have to focus on the Human Factor, we still aren’t paying enough attention to security in the physical infrastructure, so we better focus on the easy to implement solutions that are available today, rather than to worry about, exploits that might or might not occur one day.

Michael Berman from Catbird thinks that Virtualization vendors are responsible to protect the security of their guest. A memory Breakout seems inevitable, but we need to focus on the basic problems before tackling the more esoteric issues…He is worried about scenarios where old NT setups, or other insecure platforms are being migrated from one part of the network to another, and what damages can occur from such events.

Part of the discussion was about standardization, and if standardization could help in the security arena. Chris Hoff reasons that today we see mostly server virtualization, but there is much more to come, client virtualization, network virtualization, etc. As he says: “I don’t think there will be one one ring zero to rule them all.”. There are more and more vendors joining the market, VMWare, Oracle, Citrix, Cisco, Qumranet and different others have different Virtualization platforms and some vendors have based their products on top of them.

In the security industry standardization has typically been looked at as a bad thing, the more identical platforms you have the easier it will be for an attacker, if he breaks one, he has similar access to the others. Building a multi-vendor or multi-technology security infrastructure is common practice.

Another important change is the shift of responsibilities, traditionally you had the Systems people and the network people, and with some luck an isolated security role. Today the Systems people are deploying virtual machines at a much higher rate , and because of Virtualization they take charge of part of the network, hence giving the Network people less control. And the security folks less visibility

Allwyn Sequeira from Blue Lane thinks the future will bring us streams of Virtualization Security, the organizations with legacy will go for good VLAN segmentation and some tricks left and right because the way they use Virtualization blocks them for doing otherwise. He thinks the real innovation will come from people who can start with an empty drawing board.

Andreas Antonopoulos from Nemertes Research summarized that we all agree that the Virtualization companies have a responsibility to secure their hypervisor. There is a lot of work to be done in taking responsibility so that we can implement at least basic security. The next step is to get security on to the management dashboard , because if the platform is secure, but the management layer is a wide open goal, we haven’t gained anything.

Most security experts we talked to still prefer to virtualize their current security infrastructure vover the products that focus on securing virtualization. There is a thin line between needing a product that secures a virtual platform and changing your architecture and best practices to a regular security product fits in a Virtualized environment.

But all parties seem to agree that lots of the need for VirtSec comes from changing scale, and no matter what tools you throw at it, it’s still a people problem

The whole VirtSec discussion has just started, it’s obvious that there will be a lot of work to be done and new evolutions will pop up left and right. I`m looking forward to that future So as Chriss Hoff said “Security is like bell bottoms, every 10-15 years or so it comes back in style”, this time with a Virtualization sauce.

Listen to the full audio of the conference call!

A Conversation About Virtualization Security, The Quotes

by 2 Comments

Last week, an interesting conference call took place with several industry leaders in the virtualization security (virtsec) area, initiated by Virtualization.com. The panel included:

  • Joe Pendry, Director of Marketing – StackSafe,
  • Kris Buytaert – Infrastructure Architect; Open Source Expert; Principle Consultant Inuits; Blogger & editor at Virtualization.xom,
  • Tarry Singh – Sr. Consultant, Blogger, Industry/Market Analyst; Founder & CEO of Avastu & editor at Virtualization.xom
  • Andreas Antonopoulos, SVP & Founding Partner – Nemertes Research
  • Allwyn Sequeira ,SVP & CTO – Blue Lane, Michael Berman, CTO – Catbird
  • Chris Hoff, Chief Security Architect – Systems & Technology Division and Blogger – Unisys
  • Hezi Moore, President, Founder & CTO – Reflex Security

We’ll publish the highlights from our conversations shortly, but as a teaser, here are some of the most interesting quotes:

“I don’t see much point in really thinking too much about five steps ahead, worrying about VM Escape, worrying about hypervisor security, etc. when we’re running Windows on top of these systems and they’re sitting there naked.”

“We’re dealing with virtualized storage, while nobody will ever raise their hand saying they’re a security expert when it comes to that.”

“More than 75 percent of the people we asked, how are you securing virtualized environments? Their answer was VLANs. That’s where we stand today.”

“This was a network guy and his email went: WTF, you need 30 VLANS on one server? That’s the first time he became aware of virtualization. That team wasn’t even working with him. And the first inkling he had when he got a request that was just so out of the norm he just didn’t know what was going on.”

“To me, security is like bell bottoms, every 10-15 years or so, it comes back into style.”

Watch Virtualization.com for more!