Comprehensive security orchestration
Catbird vSecurity provides a comprehensive set of network-based security controls, working together to ensure broad protection of virtualized infrastructure. Combining these technical controls with an innovative and automated configuration methodology based on logical zoning, vSecurity safeguards virtual and cloud based data centers by integrating and analyzing data from multiple sources. Eliminating single-purpose security devices and aggregating disparate data means more reliable and informed security intelligence and action.
In addition, Catbird’s vCompliance solution overlays the network security controls with real-time compliance measurement, one of the key practical benefits of our multi-control approach. More controls directly translates to more compliance with a given standard framework.
All of Catbird VSecurity is built on a fully software-based architecture.
Logical zoning is achieved through TrustZones.™
vSecurity automatically detects and assigns all VMs into logical policy groups, called TrustZones™. Detection is ongoing and continuous, to ensure that security is maintained regardless of any changes to the VM population. TrustZones are independent of network topology and can span multiple logical or physical data centers.
The following are the steps performed by the TrustZones mechanism:
- Inventory VMs are detected via four independent functions (NAC, Net Flow, Hypervisor events and Port Mapping) and correlated to the Hypervisor VM ID – the only unique identifier for network control in a virtual or cloud system.
- Synchronization During change events, controls are dynamically updated for changes in TrustZone membership. For example, manual/automated motion, or vNIC configurations are automatically detected, triggering policy updates for all affected TrustZones. Firewall rules are synchronized across multiple physical and virtual data centers including secondary sites (in this way, for example, Catbird will federate VMware vCNS App.)
- Visualization Operator response is supported through both TrustZone and VM-based visualization and workflow of alerts, events, segmentation, zone membership and control status.
Logical Zoning with Catbird TrustZones unlocks the power of software defined security. With logical zoning, the virtualization security architect can develop security deployment models based on the “logical” properties of their information processing systems, such as application stack, compliance requirements, and data classification level instead of difficult to manage “physical” properties like Internet Protocol (IP) Address.
The Control Center utilizes Policy to define how the technical control components are orchestrated at both TrustZone-level and individual VM-level.
- Policy templates Monitoring and enforcement options are defined for each TrustZone via predefined templates and are configurable. These templates can be based on standard compliance frameworks, such as PCI, or configured in compliance with an organization’s own corporate policies.
- Network security controls Security monitoring and enforcement actions are automatically pushed to VMAs. Connections to VMAs are managed to assure successful execution of security tasks via a FIPS-validated encrypted channel.
- Orchestration Policies and events are correlated to the VM hypervisor ID. Due to the dynamic nature of virtual and cloud systems, IP and MAC can no longer be relied upon for consistent application of network controls in a virtual context. Catbird ensures unique ID’s are associated with virtualized assets for reliable tracking and monitoring.
The policies that configure the Control Components such as firewall or Intrusion Prevention System (IPS) are configured on the logical TrustZones. When information assets or virtual machines (VMs) are added to the TrustZones, either manually or via automated methods, all of the technical controls are configured according to those policies for those assets. This completely automates the configuration of multiple Control Components.
The Control Center delivers a rich UI for visualization of compliance posture by compliance category. Assets, and their associated compliance policies, are grouped by both TrustZone and individual VMs. vCompliance delivers asset workflow for rapid mitigation.
- Security events are captured by TrustZone and individual VMs across all controls. SYSLOG CEF integration is supported for export to Security Information Management Systems.
- Events are correlated into seven compliance categories: Auditing, Inventory Management, Access Controls, Configuration Management, Change Management, Incident Response and Vulnerability Management.
- Compliance posture is mapped and measured against leading compliance frameworks such as PCI, HIPAA, FISMA and COBIT. Alerts are generated when policy is violated.
- Expert visualization is provided via rich graphics, tables, and reports.
- Mitigation workflow is provided to correct control configurations and restore compliance.
All the security Control Components are VM-aware and automatically configured, enabling the vSecurity Control Center to correlate the applied policies to the most popular compliance frameworks including: PCI, HIPAA, FISMA, COBIT and DIACAP. This closed loop approach validates the compliance requirements, providing demonstrable compliance that is mapped to specific sections of the compliance framework. Automated control configuration with Catbird TrustZones greatly reduces the time, effort, and costs required to demonstrate compliance during an audit. Catbird vSecurity offers the broadest set of automated compliance measurements in the industry.
TrustZones, Policy and vCompliance depend on the technical controls for monitoring and enforcement. The technical controls reside within each VMA and consist of the following:
Control Component: Firewall Management
vSecurity integrates with VMware® vCloud Networking and Security App firewall (vCNS™) giving the security architect the power of the native VMware firewall in an easy to use and automated configuration methodology.
Control Component: Net Flow
Visualizing network topology is a powerful tool used by security architects to configure network based security controls. With an innovative network flow visualization display, vSecurity provides the best possible view into network activity giving the security architect the capacity to easily configure access controls, manage vulnerabilities,or respond to security incidents.
Control Component: Network Access Control (NAC)
Catbird vSecurity not only provides a superior combination of network based security controls on the virtual switch fabric, but helps to protect physical infrastructure as well. The virtual switches in the hypervisor can be connected to physical switches that interconnect physical devices that may be on the same layer 2 network as the virtualized asset. With Catbird’s Network Access Control (NAC), the security architect knows at all times what is directly connected at layer 2 on the physical switches, optionally giving them the power to implement logical zoning inclusive of these directly connected assets.
Control Component: Vulnerability Scanning
vSecurity includes a network based vulnerability scanner for vulnerability management. Understanding the network-accessible vulnerabilities in virtualized infrastructure is the first step to tightening security posture and implementing a vulnerability management program for compliance. vSecurity enables the security architect to view detected vulnerabilities from the same tool that configures the firewall and Intrusion Prevention System, for a holistic view of the enterprise security posture.
Control Component: Intrusion Prevention System (IPS)
Positioned on the virtual switch fabric, vSecurity is in the optimal position to provide deep packet inspection for its Intrusion Prevention System. Monitoring all traffic traversing the virtual switch, vSecurity can detect hostile traffic entering the virtual data center, and more importantly, all hostile traffic between virtual machines themselves. By virtualizing the Intrusion Prevention System, vSecurity’s software defined security approach provides the most scalable solution for Intrusion Detection and Prevention available.
Control Component: Virtual Infrastructure Monitoring (VIM)
vSecurity is fully integrated with the virtual infrastructure. The Catbird Virtual Infrastructure Monitor is the security operator’s eye into the virtual infrastructure, providing a real time view of relevant network security virtual machine and vSwitch configurations. When a policy has been violated, the vSecurity Virtual Infrastructure Monitor can perform response actions, including disconnecting a virtual machine from the network or powering off the virtual machine. The Virtual Infrastructure Monitor restores the principle of separation of duties in virtual infrastructure by providing the security operator real-time monitoring of the virtual infrastructure administrator’s activities as they relate to network security.