I can see your point about virtualization making it easier (and perhaps less expensive) to provide certain security functions that SMBs would not otherwise be able to deploy. From that perspective, I agree. The problem, of course, is that security isn’t just about deploying an appliance or clicking a checkbox, and SMBs could be lulled into a false sense of security by deploying a new security appliance. If not configured correctly or monitored closely, no amount of security appliances will help.

But otherwise, you do make a good point. It will be interesting to see how VMsafe and related developments continue to impact this portion of the market.

If configured to enforce policies, network admission control/quarantining of vms is accomplished through arp poisoning , based on a range of available policy controls. This is similar to a physical IPS device that I have used in the past and like, from Mirage Networks. Default policies are written to map to the requirements of legislation such as FFIEC, FISMA, GLBA, HIPPA, or you can create your own policy specific to your organization. Under the hood, the v-agent uses custom modules written for Nessus and Snort.

My major concern with the Catbird product is more strategic than based on technical merits. How is this, and all the other virtualized security products going to shake out with the entrance of 3rd party virtual switches, VMsafe, etc. But overall, I think the product has a place in the SMB landscape.

I like the Catbird V-Agent product. I think the product, and the security-as-a-service model, have a place in the SMB market. I know Hoff has been ringing alarms about possible perils of virtualized security, and rightly so, but I think virtualized security has its place in an SMB market. For example, plenty of the small and medium sized businesses that are interested in virtualizing their server infrastructure have few if any security controls in place outside of a firewall. And these same clients usually aren’t taxing their ESX servers when completely virtualized. So if I can throw some Catbird V-Agents on each ESX server, and give them greater visibility into the security posture of their environment, without additional hardware or server room footprint, than why not? I argue that, if architected properly, a SMB client moving to an ESX environment deploying virtualized security is more secure, and has more awareness of the security posture or their infrastructure than they were previous to virtualizing. What do you guys think?

Yeah, sorry about the delay in getting this written. Other things kind of bumped this onto the back burner for a while! I also plan to briefly touch upon the VNF once it is released as well. I’ll try to be a bit more timely with that one!

Wade,

And what are your thoughts regarding Catbird’s solution?

Firstly, I’m glad you wrote this up…when I posted my blog on Altor back in April, I said that I was waiting on a technical review from you…I didn’t want anyone to think I was lying

You’ve hit the nail on the head in regards to the *current* state of many of the emerging VirtSec solutions. As I made mention below (with screenshots from many of these products) they are often cases more about visibility in segmented virtualized environments than they are “security” or enforcement tools:

http://rationalsecurity.typepad.com/blog/2008/06/visualization-t.html

This will change. Soon.

As you state, Altor is releasing their “other” product shortly — their firewall which is designed to provide the enforcement capability you highlight. I expect to comment on that as a followup to my initial posts shortly.

The reality is that the big boys are moving into this market — many will leverage (at least in VMware’s case) the VMsafe API and use the Virtualcenter integration paired with VMsafe and their mature distributed management security solutions to start squeezing these new players…

/Hoff