Catbird, a software vendor that offers security policy automation and enforcement solutions for virtual machines, started shipping its first product Tuesday to intelligently protect OpenStack-powered clouds.
The Scotts Valley, Calif.-based company previously offered logic-based security only for networks powered by VMware. This week’s upgrade of the company’s flagship Catbird 6.0 release came in response to feedback from customers, especially large Internet service and telecommunications providers, who built their private clouds with OpenStack running atop the KVM hypervisor, Catbird CEO Edmundo Costa told CRN.
“They encouraged us to support the OpenStack-KVM platform so they can have the same security policy there that they have with VMware,” Costa said.
Catbird 6.0 will now support the Havana distribution of OpenStack through the Neutron networking layer that’s part of the popular open source cloud orchestration platform.
Catbird is currently working to build a channel and is actively trying to recruit resellers, according to company officials.
Catbird’s security solution works on the premise that physical appliances sitting on the perimeters of data centers have become outdated because they are “not very intelligent nor aware of what’s going on in the network,” Costa said.
A lot has changed in the last six years as just about every data center in the world has moved to a virtualized infrastructure, he said.
“The cloud became agile, highly automated, but security got left behind. Infrastructure security like firewalls and intrusion detection systems are largely being operated the way they were 10 years ago,” Costa told CRN.
More than 90 percent of new Catbird customers, businesses of every size, use the same firewall today as they did six years ago when they were still running physical, non-virtualized, infrastructure, Costa told CRN. But advanced persistent threats, such as viruses and Trojan horses, can easily penetrate those porous perimeters.
For that reason, Costa envisions over the next five years a major shift from physical to virtual security systems that are as automated, agile and aware as other parts of the data center stack.
That shift will deliver lower costs, more effective security and significant agility.
“Security right now is very rigid, it’s tied to physical network topology rather than logical constructs, which is how cloud data centers operate,” Costa said.
Catbird’s approach to security covers all seven network controls listed in the SANS Institute Top 20 Critical Security Controls and involves several stages.
The first is discovering everything running inside the cloud data center. That’s achieved through the use of the hypervisor APIs -- the same mechanism used for cloud automation is employed for security, Costa said.
Next, Catbird implements a zoning structure based on logical constructs that asses virtual machines on their security level, not on where they are or how they’re connected to the network.
“Those things don’t matter anymore. What really matters is how you want to secure it,” Costa said.
Catbird then verifies the controls are working the way they are expected to.
“Ensuring security controls are dynamic and can adapt to changes is essential. Changes are high-frequency occurrences,” Costa said, noting the verification process has traditionally been done with an entirely separate product.
Finally, Catbird implements automated machine-speed enforcement that can mitigate problems by interrupting network traffic, disconnecting the virtual network interface card and even powering down the machine if necessary.
“Things happen so fast. If you wait for a human being to intervene and it’s something serious, it’s too late,” Costa said.
PUBLISHED JULY 22, 2014