Take Me to Cloud Security
Follow us on Twitter  Follow us on Facebook

Catbird vSecurity

Share this page:


Catbird vCompliance

Register here for access to detailed compliance analysis.
Returning users sign in.

Catbird’s Compliance Resource Center analyzes the major compliance frameworks, including COBIT and DIACAP, and how they are impacted by virtualization. The Compliance Resource Center also breaks down the most popular 3rd party industry regulations, including SOX, HIPAA and PCI and illustrates what controls are positively impacted by virtualization.

Compliance is one of the most critical responsibilities of any data center manager. With the breadth of systems and technologies it touches, maintaining compliance is no small task, even in the most traditional of environments. And with the high cost of audits, it is not an area that can be ignored without consequence. When virtualization transforms the data center infrastructure, the task becomes even more complicated.

To date, there has been no single authoritative resource to guide IT security and operations professionals on compliance for virtualized and cloud data centers. Nor are there tools to measure compliance, even where an established standard exists.

Welcome Catbird vCompliance

Heat Map Image

Catbird vCompliance is the only fully comprehensive compliance monitoring and enforcement service for both virtual and cloud environments. Catbird vCompliance monitors and audits more controls required by the leading regulatory standards organizations and the most common security frameworks. Catbird vCompliance also uniquely provides multiple automated enforcement options. Compliance violations are detected, monitored and remediated automatically, controlled via a single web-based management interface. vCompliance is integrated with vSphere’s management console, seamlessly incorporated into theVMware management workflow.

Catbird—uniquely in the industry—focuses on reducing total risk and compliance complexity across all four industry-standard change dimensions, and through the full lifecycle of virtualization adoption.

Catbird’s vCompliance provides three views into the virtual infrastructure:

Compliance Dashboard

Security Tab Image

Aggregating and managing compliance intelligence through the virtualized and cloud-based data center is Catbird’s compliance dashboard in its Command Center.

Catbird delivers the compliance information IT management needs to understand and adapt to the impact of virtualization and assure compliance with SOX, HIPAA, GLBA, DIACAP and PCI.

No other product on the market can impact as many controls as Catbird.

  • Catbird covers all 36 affected SOX controls, competitors can address only 11
  • Catbird covers all 37 affected HIPAA controls, competitors address less than 17
  • Catbird covers all 34 affected DIACAP controls, competitors address less than 11
  • Out-of-the-box support for compliance via a pre-defined security policies that can be easily customized
  • Default policies are automatically mapped and dynamically scored to the appropriate compliance framework (COBIT, DIACAP and PCI)
  • Near real-time compliance and risk metrics

Security Dashboard

Security professionals understand that the impact and force of virtualization is running head-on into the technical controls that underlay all compliance standards. Catbird has implemented the controls necessary to assure that COBIT, DIACAP and PCI control frameworks can be monitored and enforced. Catbird is the only vendor that has implemented all seven technical controls: Auditing, inventory management, change management, access control, vulnerability management and incident response. Using patent-pending correlation technology, vSecurity integrates:

  • Virtual network visibility, monitoring and flow analysis
  • Virtual machine tracking, analysis and quarantine
  • Policy monitoring and enforcement (Catbird TrustZones™) across the entire data center
  • Network access control (NAC) with automatic virtual machine quarantine
  • 24x7 vulnerability monitoring
  • IDS/IPS with zero-day threat intelligence
  • Network segmentation
  • Web-based management portal

Operations Dashboard

As virtualization transforms the data center, IT operations are increasingly questioned about security and compliance. Catbird integrates security and compliance into the operational workflow to ensure fast and efficient management and security response. The Catbird Operations Dashboard has been designed to integrate with ESX 3.X and vSphere4 management consoles retaining similar user interfaces and provide the essential tools needed to bridge the gap between security and operations in the virtualized data center.

Operations Tab Image
  • Virtual Infrastructure Discovery and Mapping Administrators get a physical view of their virtual infrastructure including virtual machine port groups across the cluster, independent of physical host or network segment. A TrustZones overlay is provided to show the compliance controls that are in effect across the cluster.
  • Revision Control and Configuration monitoring: VMShield® VMshield® provides virtual machine tracking and in-depth monitoring of suspect activity. TrustZones® preserves security and compliance policies across virtual hosts, clusters and vendor platforms.
  • Application Services Discovery & Monitoring VMShield® also provides detailed VM state, configuration, application and services to enable visibility and policy enforcement. VMShield relies on vulnerability management, network access control and IDS information correlated with hypervisor APIs to provide the industry’s most comprehensive controls.
  • Virtual network operations: TrustZones® Defined as a logical group of assets that share a common security-policy envelope, TrustZones provide visibility, monitoring, and enforcement across a Port Group or a network space. TrustZones can span multiple Port Groups within a switch, VLANs, multiple switches, multiple hosts, and even multiple clusters and will maintain the envelope through vMotion events. Policy attributes include:
    • Periodic vulnerability assessment and continuous vulnerability management reports
    • Continuous monitoring and configuration validation of TrustZones
    • Primary device access control for TrustZone networks
    • Change audit, configuration management and compliance enforcement