Simplified approach to virtual security
Catbird consists of two architectural elements:
- The Catbird Control Center
- Catbird VMAs - a mesh of sensors implemented as virtual machines appliances (VMAs), configured in a classic hub and spoke architecture where the Control Center is the central process hub
Figure 1: Catbird is deployed in a hub and spoke architecture. The Catbird Control Center is the hub connected to a mesh of Virtual Machine Appliances (VMAs). Both are deployed as virtual machines. The Control Center runs the management components while the VMA executes the technical controls, known as Control Components
Watch our 3-minute product overview video.
The Catbird Control Center
The Control Center acts as the Policy Definition Point, providing expert visualization, workflow and reporting built on top of three management components:
- Catbird TrustZones® logical zones providing automatic detection, inventory and grouping of all VMs
- Policy-based security defining how Catbird’s multi-function network security controls are applied to TrustZones
- Compliance enforces regulatory requirements in virtualized infrastructure by monitoring and capturing security events and measuring them in real-time against the leading compliance frameworks, such as PCI DSS, FISMA, and HIPAA.
The Catbird Virtual Machine Appliances
The second architectural element is the collection of VMAs. A VMA is not deployed on individual virtual machines but only on the virtual network itself – one per virtual switch. The Control Center distributes security tasks to this mesh of VMAs. By distributing the security load across the VMA mesh, Catbird can scale across multiple physical locations, and multiple virtual hosts, while executing hypervisor functions available only locally. In this way, Catbird’s model of Software-Defined Security can leverage cloud-scale economics.
- The VMA sensors are the policy enforcement points tasked by the Control Center to monitor and enforce security.
- VMAs are Linux virtual machines executing the technical controls including firewall management, Network Access Control (NAC), Intrusion Detection and Protection (IDS/IPS), Net Flow and vulnerability/configuration monitoring – as well as executing numerous other security tasks via hypervisor interfaces.