vSecurity Architecture Overview
Simplified approach to virtual security
Catbird vSecurity consists of two architectural elements:
- The Catbird Control Center
- A mesh of sensors implemented as virtual machines appliances (VMAs), configured in a classic hub and spoke architecture where the Control Center is the central process hub.
Figure 1: vSecurity is deployed in a hub and spoke architecture. The Catbird Control Center is the hub connected to a mesh of vSecurity Virtual Machine Appliances (VMAs) (Link to below). Both are deployed as virtual machines. The Control Center runs the management components while the VMA executes the technical controls, known as Control Components
The Catbird Control Center
The Control Center acts as the Policy Definition Point, providing expert visualization, workflow and reporting built on top of three management components:
- Catbird TrustZones® logical zones providing automatic detection, inventory and grouping of all VMs
- Policy-based security defining how Catbird’s multi-function network security controls are applied to TrustZones
- vCompliance® enforces compliance in virtualized infrastructure by monitoring and capturing security events and measuring them in real-time against the leading compliance frameworks, such as PCI and HIPAA.
The Catbird Virtual Machine Appliances
The VMA sensors are the policy enforcement points tasked by the Control Center to monitor and enforce security.
VMAs are Linux virtual machines executing the technical controls including firewall management, Network Access Control (NAC), Intrusion Detection and Protection (IDS/IPS), Net Flow and vulnerability / configuration monitoring–as well as executing numerous other security tasks via hypervisor interfaces.
The second architectural element is the collection of VMAs. A VMA is not deployed on individual virtual machines but only on the virtual network itself – one per virtual switch. The Control Center distributes security tasks to this mesh of VMAs. By distributing the security load across the VMA mesh, vSecurity can scale across multiple physical locations, and multiple virtual hosts, while executing hypervisor functions available only locally. In this way, Catbird vSecurity’s model of Software-Defined Security can leverage cloud-scale economics.
- The VMA sensors are the policy enforcement points tasked by the Control Center to monitor and enforce security.
- VMAs are Linux virtual machines executing the technical controls including firewall management, Network Access Control (NAC), Intrusion Detection and Protection (IDS/IPS), Net Flow and vulnerability/configuration monitoring – as well as executing numerous other security tasks via hypervisor interfaces.
