Oddly named software-defined security business, Catbird, has released an OpenStack-friendly version of its security solution to enable businesses to move security policies across on- and off-premises infrastructures and across VMware ESX, NSX, and OpenStack.
Catbird claims their new OpenStack solution allows businesses to gain a consistency of automated policy deployment, and monitor and enforce policies across cloud platforms. Everyone wants the ability to move applications around from on-premise to the cloud and the tools are there to achieve this. However at present if you do move applications you need to set up policies separately on all of the platforms, a situation, which both adds additional work to the move and is open to mistakes.
With Catbird the security travels with the application. As Chris Tamblyn, SVP Business Development and Products of Catbird explains. “With Catbird for OpenStack, we can now help our customers address security requirements and associated risks of the OpenStack environment, by providing east-west visibility and protection regardless of the OpenStack deployment model such as private, managed, public or hybrid cloud instances. ”
Catbird’s solution for OpenStack is a 100 percent software solution built on a two-tier architecture. Catbird’s control centre runs as a guest, typically in the management space. A guest appliance is placed on each compute node (no guest OS footprint) and provides layer 2 data path integration at the vNIC level allowing Catbird to see all network traffic and correlate to the vNIC, VM, and Tenant without deploying appliances in the Tenant space (which would be visible and count against Tenant quota). Catbird has a fully developed northbound API set and also exports netflow and CEF for complete enterprise integration.
Tamblyn concludes. “Through Catbird for OpenStack, we can successfully move the security perimeter inward, protecting each micro-segment defined in OpenStack through fine-grained policies. In the context of DevOps it allows for putting policy wrappers around workloads at launch, making security an integral part of the process rather than an afterthought or a separate process.”