Catbird 6.0: Private Cloud Security



Similar documents
A Look at the New Converged Data Center

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

Catbird vsecurity : Security and Compliance For The Virtualized Data Center

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Virtualization Essentials

Netzwerkvirtualisierung? Aber mit Sicherheit!

Network Access Control in Virtual Environments. Technical Note

CA Virtual Assurance for Infrastructure Managers

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Tufin Orchestration Suite

Operations Management for Virtual and Cloud Infrastructures: A Best Practices Guide

VMware vcloud Networking and Security Overview

How Network Virtualization can improve your Data Center Security

Software-Defined Storage: What it Means for the IT Practitioner WHITE PAPER

VMware vcloud Air Security TECHNICAL WHITE PAPER

Study Shows Businesses Experience Significant Operational and Business Benefits from VMware vrealize Operations

How To Protect Your Cloud From Attack

VMware vsphere 4. Pricing, Packaging and Licensing Overview W H I T E P A P E R

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

White Paper The Dynamic Nature of Virtualization Security

Cloud and Data Center Security

Product Description. Product Overview

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Microsegmentation Using NSX Distributed Firewall: Getting Started

W H I T E P A P E R A u t o m a t i n g D a t a c e n t e r M a nagement: Consolidating Physical and Virtualized Infrastructures

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Network Performance + Security Monitoring

CA Automation Suite for Data Centers

Overcoming Security Challenges to Virtualize Internet-facing Applications

WHITE PAPER. VMware vsphere 4 Pricing, Packaging and Licensing Overview

VMware Integrated Partner Solutions for Networking and Security

What s New in VMware Site Recovery Manager 6.1

Software Defined Environments

Extreme Networks Security Analytics G2 Risk Manager

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

How to Achieve Operational Assurance in Your Private Cloud

Citrix desktop virtualization and Microsoft System Center 2012: better together

VMware vcloud Networking and Security

1518 Best Practices in Virtualization & Cloud Security with Symantec

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments

Why Choose VMware vsphere for Desktop Virtualization? WHITE PAPER

How Does Virtualization Change Your Approach to Enterprise Security and Compliance?

Safeguarding the cloud with IBM Dynamic Cloud Security

Use Case Brief NETWORK SECURITY

How To Protect Your Network From Attack From A Network Security Threat

IBM Security QRadar Risk Manager

White Paper. SAP NetWeaver Landscape Virtualization Management on VCE Vblock System 300 Family

VMware Horizon 7. End-User Computing Today. Horizon 7: Delivering Desktops and Applications as a Service

Virtual Machine Manager Domains

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

IBM Security QRadar Risk Manager

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

SDN Security for VMware Data Center Environments

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

Cisco Network Services Manager 5.0

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

How To Manage Security On A Networked Computer System

CyberArk Privileged Threat Analytics. Solution Brief

A new era of PaaS. ericsson White paper Uen February 2015

HP Fortify Software Security Center

SOLUTIONS. Secure Infrastructure as a Service for Production Workloads

How To Protect A Data Center From A Hacker Attack

Implementing Software- Defined Security with CloudPassage Halo

Windows Embedded Security and Surveillance Solutions

ALTERNATIVES FOR SECURING VIRTUAL NETWORKS

How To Buy Nitro Security

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Ubuntu OpenStack on VMware vsphere: A reference architecture for deploying OpenStack while limiting changes to existing infrastructure

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Service Orchestration: The Key to the Evolution of the Virtual Data Center

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Cisco Intercloud Fabric for Business

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

Virtual Compliance In The VMware Automated Data Center

EMC SMARTS SERVER MANAGER

A Guide to Disaster Recovery in the Cloud. Simple, Affordable Protection for Your Applications and Data

Master Hybrid Cloud Management with VMware vrealize Suite. Increase Business Agility, Efficiency, and Choice While Keeping IT in Control

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

Virtualization and Cloud: Orchestration, Automation, and Security Gaps

Transcription:

WHITE PAPER Catbird 6.0: Private Cloud Security and agile infrastructure that is exposing weaknesses in legacy perimeter-based network controls and leaving applications vulnerable to advanced threats. Virtual networks now comprise the majority of all networking in data centers 1 At the same time, highly automated cloud systems have given us the opportunity to rethink how we can use the business initiatives. Until recently, security within the data center was applied in one location the perimeter. While still a valid place to protect against external threats, the ideology of perimeter security leaves security policy and compliance within private clouds largely static, a dusty three-ring binder in a world of big data. Organizations 2 the data center infrastructure and mobile devices routinely bypass the perimeter. Catbird traditional perimeter protections to detect and enforce the policies put in place to address these threats. Catbird 6.0 is designed from the ground up to address the security and compliance challenges of the private cloud, enabling an automated approach to protecting assets that is aligned with IT priorities. TRUST. Safely enable sensitive and mission-critical workload migration to private clouds by extending perimeter-based VLAN isolation with additional controls while enabling virtual situational awareness with all SANS Top 20 network controls; deploy and maintain security policies through the entire VM lifecycle, adapting dynamically to change events. VERIFY. controls against hardening requirements and best practices. Unburden scarce IT personnel from manual audit processes by automating event capture and mapping to standards such ENFORCE. Mitigate attacks by reducing the threat footprint and applying targeted security and insider threats. dramatically improving incident response times and reducing audit costs.

Empowering you with the ability to dynamically create security policies, on demand and in real-time, our enterprise security platform applies those virtualized policies to individual or groups of VMs, actively monitoring and enforcing them from inception to retirement. A unique feature of our product is the use of security policy containers called Catbird TrustZones tainers can be used to extend your current perimeter isolation, incorporate new virtual controls operating inside the virtual switch fabric, while validating your security posture and expediting your audit process. TRUST: sensitive data using Catbird TrustZones. TrustZones security policy utilizes existing VLAN isolation and can policies from inception to retirement, assuring control through the entire VM lifecycle independent of all change events. VERIFY: Continuous monitoring against leading standards. Trust, but verify is a cardinal rule, especially for report an ROI of less than a year by reducing preparation for assessments, ensuring evidence of control, controlling audit scope creep, and eliminating costly audit disruptions. ENFORCE: Automated mitigation at machine-speed. Events that violate TrustZones policy result in automated alerts. Alerts may also trigger optional automated mitigation to enforce policy and maintain or power down VMs. Essentially, we observe and present to you a detailed view of your virtual infrastructure, 100% perfect inventory of all VMs and how they are interconnected. Having a complete context of your network activity, helps ensure trust in your private cloud, improves your security posture, accelerates incident response and reduces your audit and compliance burden. PAGE 2

WHITE PAPER The policy decisions that you choose to execute are highly dependent on the context of your infrastructure. objects complete with orchestrated network controls. Catbird is uniquely positioned in the logical switching see assets announcing themselves and see what the hypervisor is reporting. Running right alongside work- topology, adds another contextual element that allows for more accurate policy assignment. A rich set of Mandiant s 2 between and within TrustZones in the private cloud. Catbird PAGE 3

Across the data center you can verify and enforce VLAN isolation. The most common mechanism for isolating converged infrastructure is thru logical isolation with VLANs. Given the risks associated and security standards are calling attention to the need to verify, validate and mitigate. This requires change events and network controls. Any violations can be mitigated through session management, Access to total visibility of your private cloud network with a perfect inventory of all VMs and automatic ment. With powerful security protection in place, IT and business groups can make more informed decisions, deploy new applications quickly and closely manage their policies. - hindering your business. Today, risk reduction in the private cloud can safely enable any workload to share - Assure the appropriate policy is applied to all VMs through automatic TrustZone membership based on common naming conventions. Select a standard compliance class for each TrustZone for automated measurement for events that violate policy.

WHITE PAPER TrustZones ensure that your VMs are fully isolated throughout their lifecycles, detecting and mitigating against rogue VMs, continuously monitoring to verify controls, and delivering enforcement via optional mitigation to protect your business from threats. Use cases include: as assuring that all access to vcenter console occurs through the HypervisorShield TrustZone Using TrustZones to assure consistent security policy is applied to all tiers within a given application, i.e. UI, application and database back end. of the management and provisioning system. - rules are enabled based on results from the most recent vulnerability scans. Security policy violations will VM Perfect Inventory and Lifecycle Control. Assure full controls of all VMs, continuously apply appropriate policy, regardless of change events, to all VMs from inception to retirement. Real time event and alert visualization supports operator response to change control management and mitigation. Additional Control for VLAN (Layer2) Isolation. Assure the integrity of your VLAN isolation VLAN Isolation Policy: Any attempt to violate VLAN isolation would be detected and blocked as Catbird PAGE

Verify Controls. Continuously monitor and diagnose security and hypervisor events against the TrustZone security policy. Security Threat Visibility: Real-time Compliance Posture. Catbird utilizes security and hypervisor events to measure and map the control state of each TrustZone and individual VM against the leading control frameworks such as Machine-speed mitigation for Compliance Enforcement. PAGE 6

WHITE PAPER Your Catbird deployment is managed via the Catbird Control Center, a web management console and central compliance are provided by the Control Center, giving you an enterprise-wide view of all TrustZones and VMs across your infrastructure. The Control Center provides a party management and provisioning tools. The Control Center is responsible for Virtual updates. Polic y Enforcement Point s: Catbird VMAs VMAs are Catbird s policy enforcement point and are deployed on the virtual network itself one per virtual switch or hypervisor. The VMA is a Linux-based hardened appliance with no listeners enabled. By operating inside the virtual infrastructure, VMAs secure from within, leveraging contextual information available through Reporting and Logging Logging. Reporting. Supported Platforms: Catbird will also now extend support for both VMware hypervisors, and Cisco and VMware VMware NSX and Cisco Application Centric Infrastructure Footnotes 1 Rob Randell and Malcolm Rieke, 2 https://www.mandiant.com/resources/mandiant-reports/ 3 SANS Top 20 Critical Controls, http://www.sans.org/critical-security-controls Catbird PAGE 7

www.catbird.com Catbird 1800 Green Hills Road Suite 113 Scotts Valley CA 95066 USA Tel 866.682.0080 Copyright 2014 Catbird Networks, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Catbird products are covered by one or more patents. Catbird and vsecurity are registered trademarks of Catbird Networks, Inc. in the U.S. and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information