Catbird vSecurity HypervisorShield®
Defense-in-depth for virtualization's most critical component
The hypervisor is the main operating platform in a virtualized environment, running all of the guest machines and, by extension, their applications. It is at the core of the virtualized computing environment. If compromised, the entire virtualized data center is at risk. Catbird’s HypervisorShield® was designed from the ground up to comprehensively ensure the safety and security of this essential technology.
Catbird’s vSecurity® HypervisorShield enforces best-practice hypervisor security through:
- Logical isolation of the management network from all other network traffic.
- Logical zoning to explicitly authorize (white-list) approved devices and services that may connect to the management network
- Introducing network security inside the virtual host, delivering network and data protection through security orchestration of NAC, Firewall, Vulnerability Management, Incident Response (IDS/IPS), Zone Configuration, Change Management, and Auditing.
- Integrated compliance workflow and reporting against compliance standards such as FISMA, DIACAP, PCI, and HIPAA.
Figure 1: Hypervisor & Management Network Exposed.
Enforcement of security of the management network is essential.
While many enterprises follow policy most fail to monitor and enforce it.
Figure 2: HypervisorShield Policy Enforcement. Catbird vSecurity
can enforce controls to ensure that only authorized devices &
traffic can gain access to the management network.
Why Secure The Hypervisor?
Hypervisor protection is critical to the overall security and compliance posture of a virtualized data center:
- Enterprises are under increasing pressure to demonstrate compliance as they move to virtualized and cloud based environments. The hypervisor must adhere to these controls.
- Potential weaknesses abound in traditional, perimeter-based, physical security devices that were not designed to deal with securing the hypervisor.
- Enterprises are failing to enforce controls on hypervisor access; escalation of privileges represents the most attractive target for data center compromise.
How It Works
Catbird vSecurity is unique in taking a policy-based approach to securing all virtualized networks and assets across the data plane. Catbird HypervisorShield® is a pre-defined policy to automatically protect against inadvertent management error, access control and malicious attacks. It does so by defining and implementing a security policy specifically for the Hypervisor management network and other hypervisor management components. Example functions performed by the HypervisorShield® include:
- Using network security tools to validate that the hypervisor network is configured according to best practices as defined by security policy,
- Applying specific IDS/IPS rules to detect and enforce protocol and port level controls to block malicious network activity directed at the hypervisor from unauthorized virtual machines
- Logging activity pertaining to the hypervisor and providing audit trails independent of virtual host logs
- Utilizing Network Access Control (NAC) to monitor and quarantine unauthorized devices attempting to access the hypervisor management network, immediately blocking rogue users and virtual machines.