•  PRODUCTS & SERVICES 
  • Catbird V-Security
    • Catbird V-Security Overview
    • Virtual Security Assessment
    • TrustZones
    • HypervisorShield
    • VMShield
    • Virtual Machine Policy Compliance
    • Virtual Server Sprawl Manager
    • Catbird Compliance
  • Certification/Training (CVSP)
  • Website Security
    • Catbird Pharming Shield
    • Vulnerability Monitoring
    • Website Defacement Monitoring
    • Website Hijacking
    • Web Performance Monitoring
    • DNS Server Monitoring
  • Network Access Control
    • Rogue LAN Monitoring
    • IPS/IDS
    • Network Vulnerability Monitoring
    • Rogue WiFi Monitoring
    • Policy and Trusted Scan
  • Catbird Agents
    • Catbird V-Agent Overview
    • Catbird V-Agent
    • Catbird Pocket V-agent
  • Catbird Compliance
    • HIPAA Compliance
  • Compliance Enforcer
•  PARTNERS 
  • Partner Benefits
  • Become a Partner
  • Partner FAQ
  • Partner Application
  • Partner Login
•  NEWS & EVENTS 
  • Press Releases
  • Events
  • Catbird Blog
  • Security News
  • Videos and Podcasts
•  RESOURCE CENTER 
  • Customer Overview
  • Customer Case Studies
  • White Papers
  • Analysts Reports

Maintaining Corporate and Regulatory Compliance with Virtual Infrastructure

Virtualization technology poses a challenge for IT organizations seeking to maintain security and regulatory compliance. Many of the standard practices for monitoring, complying and enforcing corporate policies or industry regulations are inadvertently ignored, or even lost, when migrating from physical environments to virtual ones. Government agencies, financial institutions, healthcare and other regulated organizations are increasingly being tasked with addressing compliance issues up-front when mapping out their virtualization deployment strategies. By identifying and addressing compliance challenges early on, deployment plans can continue unabated and on-schedule.

What Changed in Compliance When Moving From Physical to Virtual?

• Loss of Separation of Duties, a key component in most best-practice configuration and deployment recommendations. As a consequence, virtual center administrators have all the “keys to the kingdom” Where in the physical world there were multiple people with multiple roles forming an inherent “check and balance” on the deployment of new machines in the data center, virtual center administrators now simply click a button.
• Loss of secondary or backup controls, essentially a loss of the “belt and suspenders” approach common in regulated data centers. Most security vulnerabilities happen not from malicious hackers but from inadvertent human error. Standard practice on physical networks mandate automated tools (often built into system software) to monitor for such error. Virtualization platforms are missing this essential compliance requirement. In fact, network controls to prevent unauthorized or anonymous access do not exist. Dual controls to prevent abuse of privilege do not exist. Automation to ensure secure life-cycle and strict change controls do not exist. Insecure or unauthorized hypervisor configuration negates secondary controls. Together, these omissions could lead to very exploitable weaknesses.
• Visibility. You can’t protect what you can’t detect. The virtual network infrastructure is invisible to information security devices on the physical network. VMs that are out of compliance will not be detected by such tools. Existing technical controls for validation, audit and compliance fail to monitor the virtual infrastructure. Questionable inter-VM traffic will not be blocked. This is an enormous gap that leads most virtualized data centers to run afoul of full compliance.

Common SOX/HIPPA/FISMA Compliance Requirements

• Data protection: Implement controls to prevent anonymous or unauthorized access. Enforce data integrity, and confidentiality enforced thru separation of duties and change controls. Data protection must exist within networks and systems that store, process or transmit sensitive data.
• Controls: Validate technical controls and enforce secure life-cycle and change controls.
• Management:Manage compliance thru automated reporting, alerting and enforcement. Implement validation of primary and secondary controls through dual controls and adherence to strict separation of duties to prevent abuse of privilege.

Compliance Recommendations

Gap Analysis Define and measure the security and compliance gaps created by virtualization. Catbird’s VSA gives IT administrators a thorough analysis of gaps in security and compliance between physical and virtual.

Information Security Implement a strategy to reduce risk and assure security compliance thru comprehensive virtual security appliances designed to monitor and protect the virtual infrastructure.

Catbird’s V-Security provides complete visibility, monitoring and enforcement of the virtual infrastructure, restoring best-practices security and compliance to the data center and allowing virtualization plans to continue on track.

Learn More About

Catbird HypervisorShield

Catbird VirtualMachineShield

Catbird Policy and Compliance Monitoring

Catbird V-Agent Up Close

Resources

Request a Free Trial and Evaluator’s Guide

Request Catbird’s V-Agent White Paper

Download the Catbird V-Security™ Datasheet

Download the Catbird V-Agent™ V-Agent Case Study.

 

Analyst's Report

See what the 451 Group has to say about the Catbird V-Agent™