So it’s Tuesday, and keeping in our theme of “Compliance: things that keep me up at night”, I am happy to highlight a great company that sadly not a lot of people outside us die-hard virtualization security fans know about, Catbird Networks. When it comes to compliance, Catbird is a pretty good place to start, and makes it really quite easy to get an ongoing idea of where your environment stands as it relates to compliance requirements. This is important, because the earlier you can start to see how your environment is shaping up in meeting compliance requirements, the easier it is down the road to ensure that as new systems are deployed, they don’t negatively affect your compliance posture.
The flagship solution from Catbird, vSecurity, is an all-in-one solution that addresses the specific needs of compliance and security in virtual environments. How is works (in its simplest explanation) is by scanning your entire virtual environment and polling information about security controls such as IDS/IPS, firewalls, NAC, vulnerability management etc, and mapping them against compliance standards such as PCI, NIST, FISMA, DIACAP (there are lots of others too). From there, it gives you dashboards and reports that outlines how you match up against these standards and outlines where there is work that needs to be done.
But aside from reports, it does a lot of other really cool things through Catbird’s relationship with Vmware. Catbird was the first vendor to announce OEM VMware vShield App technology and integrate its native security as a control in vSecurity’s orchestration engine. It leverages the vmSafe APIs to provide a wide range of controls that were built specific to the needs of virtual environments. This means that you can implement vSecurity and it can provide automated protection for virtual machines, networks and the hypervisor management network that wouldn’t be possible with traditional security tools. Instead of plagiarizing their marketing efforts, here is a concise and compelling reason as to why Catbird is such an important tool:
All major compliance standards are impacted by virtualization. Catbird vSecurity is one-stop monitoring, enforcement and reporting on virtual infrastructure against the major industry standards. Gaining approval from the auditor of the new virtualized data center is easier with Catbird.
Catbird vSecurity’s integrated coverage includes: Access Controls such as NAC and Firewall, Vulnerability Management, Incident Response (IDS/IPS), Configuration Management, Change Management, and Auditing. In addition, Catbird reduces complexity and lowers costs through the automation and consolidation benefits of Catbird TrustZones® (logical zoning) and vCompliance (continuous workflow and reporting), ground-breaking innovations that are at the core of vSecurity.
So relating it back to yesterday’s post about how the new PCI legislation was going to be a real shock for security folks with virtual environments, doesn’t it sound like all of a sudden there is a way to see exactly where you need to beef up security? Oh, and Catbird can help fix it through the use of virtualization security tools? Hmm…go on, you say.
If my excitement doesn’t convince you, Catbird Networks received Gartner’s Cool Vendor 2011 designation and is also one of the few security vendors to win not one, not 2, not 3, but FOUR consecutive VMworld Best-of-Show Finalist awards.
I absolutely recommend you check them out if you have any compliance requirements. I’m going to cover some more specific PCI compliance issues and advice over the next few days, but please take some time and check out Catbird Network’s website at http://www2.catbird.com/.