The problem this tool is addressing is twofold: lack of visibility in the cloud and inefficient security controls. To solves two challenges Catbird developed two products: Catbird Insight and Catbird Secure. Insight is the core product in that it does the discovery of virtual assets, groups those assets logically and allows visualization and analysis of traffic flows. This last is, in our opinion, one of its great strengths.
Within a virtual data center there are no physical entities, so the only thing that can be analyzed is the data. To analyze the data one needs to understand how the data are flowing. Knowing that, relationships between virtual devices can be determined and appropriate security applied. Once data flows and the virtual assets are understood, these assets can be grouped into trust zones - and that is the key to the entire Catbird approach.
There really is only one place to put the security software in the Catbird approach: on the hypervisor. Catbird is, therefore, somewhat limited in the platforms it can address due to the limitations of various types of hypervisors. It supports VMware and OpenStack. The software is deployed on the hypervisor and sits in a hub-and-spoke architecture. It can scale across multiple locations and multiple hosts. It is priced based on the number of hosts.
Each virtual network has a virtual appliance deployed and that talks to the individual virtual machines. There is nothing sitting on the VMs, so there is no additional loading due to the security tools.
Insight's big job is inventory. This is an automated task, and the tool constantly looks for assets that have been added or removed. Not willing to take a single view, to avoid errors Insight corroborates from multiple sources. It is interested in changes to VMs as well so that it can group them appropriately into the appropriate trust zones.
One of the important tools used by Insight is NetFlow data. NetFlow tracks data between devices and, ultimately, between trust zones. This approach adds a lot of granularity - such as ports and protocols - to the IP locations of the virtual devices. It also allows one of the clearest visual displays we've seen. While Catbird Secure uses, among other displays, the RADAR display - which we really like for its clarity - Insight uses a circular display that shows zones placed around a wheel and lines between the assets indicating traffic flowing between them.
What we found fascinating about this display - actually very good and simple to understand at-a-glance analytics - was that a baseline can be established and then deviations from the baseline detected and alerted on.
Insight has two core components: the Catbird Control Center and the Virtual Machine Appliances (vMA). The Control Center is, itself, a virtual machine and it steers the vMAs. The vMAs are deployed as virtual machines on each switch and are lightweight, not in-line deployments.
Secure has some nice features as well. For example, one can extend the notion of access control lists - ACLs - to zone access control lists - ZACLs. That lets admins manage the way trust zones communicate with each other. Everything that both of these tools does is driven by compliance requirements. All analysis done by Secure, for example, is based on regulatory and policy compliance.
Secure can manage vulnerabilities as well as IPS behavior and all of the relationships that impact that management task are set by Insight and the policies in Secure. Together, these two products are a formidable tool in securing the virtual data center and they take an entirely different approach than most other, similar products. Unlike Insight, Secure does not alert. Rather, it enforces its policies. Since those policies are built based on the relationships discovered, mapped and analyzed by Insight, the likelihood of a security function being compromised without the administrator knowing is pretty small indeed.
We found this product - as we have its sister product, Secure, in the past - a very nice tool with an innovative approach to managing security in a virtual data center. We also like that it can be deployed in many cloud environments without impacting the cloud community - while still protecting the organization deploying it.
Price seems high until one realizes that pricing is by the host up to 50 hosts. A 50-host data center is pretty good size and there are likely to be a very large number of virtual networks and virtual machines. So, since there are no restrictions on the number of VMs or networks, pricing actually is very reasonable.
At a glance
Product Catbird Insight
Price $25,000 up to 50 hosts.
What it does Automatically and continuously discovers all assets in the virtual infrastructure, allows the grouping of these assets into logical Catbird Trust Zones.
What we liked The ability to apply sophisticated analytics due to asset relationships and traffic flows discovered by Insight.