Organizations around the globe have adopted server virtualization. According to Gartner, virtualization has surpassed 70 percent of all x86 server workloads. Based on the proven benefits of virtualization at the server level, organizations have started to also virtualize their networks. Gartner predicts that by the end of 2016, more than 10,000 enterprises worldwide will have deployed Software-defined Networks (SDN), a tenfold increase from end-of-year 2014.
As virtualization adoption expands to include the network layer, organizations still need to enforce the same security, compliance, and governance policies that they do in traditional compute and network environments. This creates a challenge for the traditional perimeter model. Network Function Virtualization (NFV) and SDN introduce the separation of the data plane from the control plane. Perimeter controls also sit outside the virtual fabric, which prevents them from visualizing and securing traffic between virtual machines (the so-called east-west traffic). With security threats on the rise and attack techniques becoming more and more sophisticated, securing your virtual infrastructure from within has become a requirement.
Catbird® is a pioneer and leader in software-defined security for virtual infrastructure. Catbird’s software suite of products was designed from the ground up to provide visibility into and protection of private clouds and virtual Data Centers, and is available for both VMware and OpenStack. Catbird software enables organizations to:
- Provide better insight into all VM activity throughout their virtual Data Center or private cloud.
- Plan a move to micro-segmentation or Software-Defined Networking (SDN) in a structured and methodical way.
- Automate security policy enforcement within their virtual fabric.
- Lower operational costs associated with compliance reporting.
Catbird Insight – Discover, Visualize, Analyze
Catbird Insight automatically and continuously discovers all assets in your virtual fabric, allows the grouping of these assets into logical Catbird TrustZones® and visualizes asset relationships and the east-west traffic flows between them for improved analytics.
Deploying Catbird Insight provides you with the following instant benefits:
- Real Time Inventory: You know exactly – in real time – all the assets that exist within your virtual fabric. A business unit within your organization just deployed a new VM? You’ll know about it instantly.
- Logical Grouping: You can group assets into logical segments – which we call Catbird TrustZones - allowing you to structure your virtual fabric to support the needs of the business. You can group assets anyway you want – by application, by application tier, by business unit, by compliance framework, etc.
- Visualization: You can visualize the traffic flows between Catbird TrustZones. This detailed, real-time view of how traffic is flowing in and out of your logical groups is generated based on NetFlow traffic.
- Analytics: You can slice and dice all information gathered by Catbird Insight. A powerful analytics capability allows you to look for misconfigurations, anomalies, and opportunities to tighten security policies.
Catbird Secure – Enforce, Monitor, Comply
Catbird Secure enables automated enforcement of flexible security policies across Catbird TrustZones. The platform detects and alerts on potential security incidents, initiates corrective enforcement actions and provides instant compliance reporting for major standards and mandates.
Deploying Catbird Secure provides you with the following instant benefits:
- Tiered Security Policies: You can define the appropriate multi-functional security policy for each Catbird TrustZone. Each policy steers technical controls such as a firewall rule-set, Network Access Control (NAC), Intrusion Detection and Protection (IDS/IPS), NetFlow and vulnerability/configuration monitoring, and can execute numerous other security tasks via hypervisor interfaces.
- Default Configurations: You are in control. Worried that a new VM might sneak in and bypass your security policy? Don’t … you can define rules to assign security policies based on asset metadata so it automatically gets the right security policy. Any asset not assigned to a Catbird TrustZone is covered by a default security policy you define.
- Flexible Alerting: You can select and define alerts allowing early detection of potential security incidents. A high-risk IDS alert triggered? A new asset was discovered? You’ll know about it right away. And through a simple configuration you can point these alerts to your SIEM or ticketing system for further follow-up.
- Compliance Reporting: You will be prepared with the required information when the next audit comes along. With a simple click of a button, various compliance reports (e.g. PCI, HIPAA, FISMA) are generated allowing you to demonstrate which controls you have in place and prove they are being enforced.
(1) Gartner Group, “Magic Quadrant for x86 Server Virtualization Infrastructure”, July 2014
(2) Gartner Group, “Predicting SDN Adoption”, Andrew Lerner, December 2014