At some as-yet-to-be-determined time in the future, Catbird has promised to release the OpenStack-version of its security policy automation and enforcement solution (Catbird 6.0). The company said it is the first to deliver security policy automation for private and hybrid cloud environments, enabling security policy to move across on-and-off-premise infrastructure on all three leading cloud platforms, which is not a bad claim for a product yet to ship. It supports VMware ESX, and will add support for Microsoft Hyper-V and leading SDN frameworks including VMware NSX and OpenStack advanced networks services.
The increased complexity of cloud environments and the ensuing security concerns present huge challenges to enterprise IT skills and capabilities, while carriers and service providers require secure and compliant private and hybrid cloud infrastructure, said Catbird CEO Edmundo Costa in a prepared statement. “Automated security policies that can be verified and enforced are quickly becoming a necessity across the board. With Catbird 6.0 for OpenStack, we are continuing to deliver on the promise of a platform-agnostic security policy and control delivery solution.”
According to reformed software engineer and product manager Daniel Kusnetzky, Kusnetzky Group LLC, “Catbird has developed very powerful technology and customers I’ve spoken with typically rave about what Catbird has done for them. Since there are so many other security suppliers saying similar things, one of Catbird’s bigger challenges is creating awareness and interest in the mind of IT executives in the face of all of the marketing done by bigger competitors.”
Holland Barry, Director for Solutions Architecture, Catbird, recently spoke with IT Trends & Analysis about securing the brave, new software-defined world. It’s still very early days, with everybody taking what he calls “baby steps”. “There’s a lot of tire kicking… and lot of confusion right now.”
The market projections for things like Software Defined Networking and Network Functions Virtualization vary widely, but more than $1 trillion will be spent on networking hardware and software over the next 5 years. SDN and NFV are expected to capture an ever-increasing share of that pie.
However, while software-defined-everything is gathering momentum, so are concerns about securing SDE. According to a new report from Infonetics Research, SDN and NFV will bring about a shift in data center security investments. Security was also at the top of the list of concerns (72%) in a recent survey from Enterprise Strategy Group.
Back in April Catbird announced it was featured as a vendor of “Innovative Approaches to SDN Security” in Frost and Sullivan’s The Network Security Implications of Software Defined Networks. The report described the company as an example of “vendors already bringing innovative security solutions to the market. These solutions can leverage some or all of the potential of SDN.”
Kusnetzky said Catbird believes that security systems should:
-Assure isolation of one virtual machine from another through the use of a virtual LAN (VLAN) or through Virtual Firewall policies and through the entire lifecycle of a VM. It shouldn’t be possible to spin up a new VM without the appropriate policies being validated. Changes should be verified and VMs having unauthorized changes should not be allowed to even start up
-Security should be automated to assure that IT administrators know what is running, where it is running, who or what started it and IT should be notified if something unusual is going one. -Furthermore, if the organization desires this, unauthorized activities should not be allowed to run.
-All necessary information for an audit should be collected and maintained automatically.
Barry said there’s no real agreement on what SDN/NFV is going to look like. “People are still trying to piece together what’s going to be a reliable reference architecture.” He doesn’t think there will be just one.
The Fiddly Bits (& Bytes)
-Ensures security policy support throughout virtual machine lifecycle – Policy-based security automation via Catbird TrustZones, delivered at run-time and dynamically adapted throughout the lifecycle of all VMs, includes all seven network controls in the SANS Top 20 framework.
-Verifies, enforces and mitigates network security policies – Catbird’s focus on automated security policy addresses the need for real-time control validation and measurement against leading standards such as PCI DSS and HIPAA, COBIT and FISMA Rev4, while ensuring machine-speed mitigation options to continuously enforce network controls.
-Provides cross-platform support – Catbird 6.0 provides security and compliance capabilities for VMware ESX, with forthcoming support for Microsoft Hyper-V and leading SDN frameworks including VMware NSX and OpenStack advanced networks services through Neutron, on- and off-premise.