Catbird, a startup that specializes in security for virtualized environments, is among the vendors supporting VMware's new virtual networking platform, NSX.
The list of security-focused supporters already includes the better known Fortinet, McAfee and Trend Micro. But Catbird will focus on supplying security to the precise pain points of virtualized environments.
Virtualization has done more than consolidate servers in the data center. It's removed the server from the view of the network monitoring and protection system; operations inside a hypervisor might as well be occurring in a black hole, as far as the network security system knows. As a software layer sitting next to the operating system with access to the hardware, the hypervisor is a potentially dangerous attack surface. It's even hard to see what's going on with the applications inside the virtual machines. As a set of files, they're in a position to be easily disrupted or stolen.
In addition, the process of configuring virtual machines is a point of high vulnerability; ditto for virtual machine change management. Catbird is not the only vendor to address these points but it's one of the few dedicated specialists in the field.
VMware has created the vSafe API for security third parties and provided its own vShield security application to address many of these pain points. But VMware officials were happy to have Catbird join the party. Catbird support for NSX "brings new levels of agility, accuracy and scalability to security in the data center," said VMware's Hatem Naguib, VP of cloud networking and security, in the Aug. 26 announcement.
Catbird's website says it understands these problems and is positioning itself to address them. It accepts the virtualized environment as a given and works with its potential, as well as its drawbacks. Security now takes the form of software, not hardware devices like firewalls or network monitoring appliances. Software-defined security can be finer grained and more fluid, moving into the virtual machine where it's needed, or with the virtual machine if it's migrated somewhere else. Catbird in late July received $10 million in a second round of funding that brought its total to $12 million.
[ Want to learn more about security in the virtualized environment? See Virtualization Security, Where's The Innovation? ]
Catbird has been recognized for its vSecurity product's approach to the virtualized environment. It's been a Best of Show finalist at VMworld four times and made it onto the Top 50 list of virtualization vendors at CRN, one of InformationWeek's sister publications.
Instead of a device at the enterprise perimeter, Catbird's vSecurity concentrates on defining a set of logical assets as a TrustZone. Rules and policies govern access to and allowed conduct within the zone. Different virtual machines on the same host could occupy different zones -- although some best practices urge not mixing sensitive VMs with those of lower security thresholds.
"Software-defined networks need software-defined security," said Catbird CEO Edmundo Costa in Catbird's announcement of support for NSX.
Catbird's integration of vSecurity with the NSX platform will be provided sometime "later this year," the announcement said. Costa said using vSecurity with NSX will generate a virtual network environment that can more easily be audited and proven to be in compliance than some virtualized environments.
VMware needs network and security vendors to support the NSX platform for it to work as expected in VMware's touted software-defined data center. It got off to a strong start with the vendors who showed up at VMworld pledging support. But the addition of Catbird, which has its own reputation for innovating in the space, can't hurt.
Learn more about virtualization security by attending the Interop conference track on Cloud Computing and Virtualization in New York from Sept. 30 to Oct. 4.