Catbird vSecurity

• Catbird vSecurity
• Why Virtualization Security
• Capabilities
• Features
• Architecture
• 
  Please send me
  more information!
  
  
  Download a demo
  of Catbird vSecurity
  
  

Catbird vCompliance: Make your virtual data center more compliant than your physical

Maintaining Corporate and Regulatory Compliance with Virtual Infrastructure

Virtualization technology poses a challenge for IT organizations seeking to maintain security and regulatory compliance. Many of the standard practices for monitoring, complying and enforcing corporate policies or industry regulations are challenged when migrating physical environments to virtual ones. Government agencies, financial institutions, healthcare and other regulated organizations are increasingly being tasked with addressing compliance issues up-front when mapping out their virtualization deployment strategies. By identifying and addressing compliance challenges early on, deployment plans can continue unabated and on-schedule and the new virtualized data centers can be even more secure than the traditional ones they are replacing.

Catbird understands the issues. vCompliance is one-stop shopping for compliance in the virtualized data center.

What Changed in Compliance When Moving From Physical to Virtual?

Virtualization brings changes across four dimensions of the data center:

1. The role of the system administrator
2. The new hypervisor layer
3. Virtual networking
4. The conversion of physical devices to virtual machines

Virtualization brings a loss of separation of duties, a key component in most best-practice configuration and deployment recommendations. As a consequence, virtual center administrators have all the “keys to the kingdom” Where in the physical world there were multiple people with multiple roles forming an inherent &ldcheck and balance” on the deployment of new machines in the data center, virtual center administrators now simply click a button.

Virtualization brings a loss of secondary or backup controls, essentially a loss of the “belt and suspenders” approach common in regulated data centers. Most security vulnerabilities happen not from malicious hackers but from inadvertent human error. Standard practice on physical networks mandate automated tools (often built into system software) to monitor for such error. Virtualization platforms are missing this essential compliance requirement. In fact, network controls to prevent unauthorized or anonymous access do not exist. Dual controls to prevent abuse of privilege do not exist. Automation to ensure secure life-cycle and strict change controls do not exist. Insecure or unauthorized hypervisor configuration negates secondary controls. Together, these omissions could lead to very exploitable weaknesses.

Visibility. You can’t protect what you can’t detect. The virtual network infrastructure is invisible to information security devices on the physical network. VMs that are out of compliance will not be detected by such tools. Existing technical controls for validation, audit and compliance fail to monitor the virtual infrastructure. Questionable inter-VM traffic will not be blocked. This is a gap that leads most virtualized data centers to run afoul of full compliance. Flattened networks increase the scope required for audits and in-scope machines may migrate to any host through vmotion events.

Catbird—uniquely in the industry—focuses on reducing total risk and compliance complexity across all four of these change dimensions, and through the full lifecycle of virtualization adoption.

Common Regulations are affected by virtualization. Many controls are impacted by virtualization, some positively some negatively. Understanding what was impacted is a key step in mitigating and improving compliance stance.

Catbird vCompliance is comprehensive: it monitors and audits more controls required by the leading regulatory standards organizations and supports the widest array of common security frameworks. vCompliance includes default policies for SOX, HIPAA, DIACAP and PCI; each policy is built upon Catbird controls which map to the appropriate compliance framework.

Catbird vCompliance

For more information and detail on specific regulations and the changes virtualization brings to the specification, please log into to Catbird’s Compliance Resource Center. There you will find detailed analyses of the major compliance frameworks, including COBIT and DIACAP, and how they are impacted by virtualization. The Compliance Resource Center also breaks down the most popular 3rd party industry regulations, including SOX, HIPAA and PCI and illustrates what controls are positively impacted by virtualization.