Catbird tightens security of virtual machines

Network World - Catbird is upgrading its virtual security software platform to better track virtual machines as they replicate themselves and to make sure the proper security policies follow them wherever they go.

The product, VMShield 2.0, includes V-Tracker, technology that uses more attributes to define virtual machines, making it more likely that VMs will be tracked accurately when they create other versions of themselves.

VMShield then makes sure that the proper policies are applied to all instances of the virtual machine. The policy checks not only pertain to attributes of the virtual machine but also to the physical machine it migrates to.

So, for instance, if a policy states that a virtual machine should not be allowed on a physical machine with two network interface cards, VMShield could block that migration.

The software also takes into account the network segment where a virtual machine is deployed and adjusts for the policies in that segment. So if a virtual machine is deployed in a secure zone that contains credit card data, policies that apply to the zone can be added to the policy for the virtual machine. The aggregate policy might respond more severely to a VM policy breach than it would if it were deployed in a less secure zone, for example.

This aggregation of policies creates a policy envelope that is applied to each virtual machine. This function is performed by Virtual Infrastructure Security Engine (VISE), a software engine that correlates VMware attributes and network security events to better protect data.

V-Tracker creates a unique identifier for each virtual machine that includes a signature that can identify a copy of a virtual machine, whether it was created via live migration or altered slightly then cloned.

Altor Networks also creates signatures to track virtual machines, using VMware virtual machine properties listed within vCenter, VMware's central management server. Catbird says it uses factors beyond that to identify virtual machines.

Other vendors specializing in virtual security include Stonesoft and Third Brigade, says Ted Ritter, an analyst with Nemertes Research. He says the problems these companies address are real, but fewer than 10% of businesses using virtual machines have deployed virtualization-specific security. They rely on traditional security gear they already own and configure their networks to secure virtual machines as best they can, he says.

The risk of insecure virtual machines is significant, he says, because 78% of businesses Nemertes has polled say they have customer-facing virtual machines already deployed.

To discover potential contact with botnet command-and-control sites, VMShield performs intelligent packet filtering of traffic in and out of virtual machines, and can automatically quarantine virtual machines that violate policies.

VMShield 2.0 uses application programming interfaces with virtual machine hypervisors to be aware of individual VMs. It is compatible with VMware, Citrix Xenserver and Microsoft Hyper-V.