Catbird Networks Director of Product Management, Malcolm Reike, talks about how virtualization changes the security game with Network World Editor in Chief John Dix.
Outline the security toolset you folks offer.
We provide a multifunctional, network-based security control suite that overlays on the virtual infrastructure and gives you the ability to manage policy for firewall, IDS and IPS and do vulnerability scanning and configuration scanning with the Security Content Automation Protocol. We also have Layer 2 network membership monitoring that allows you to look at what physical things are directly connected to your virtual infrastructure. So that allows you to figure out what that set of things are you can't necessarily block with a firewall.
And then we tie it all together by allowing you to select compliance frameworks like PCI and HIPAA, and as each policy is applied to an asset, as each control is put in place, we are continuously monitoring how those controls and those policies impact your compliance levels, and report in real time in the native compliance framework language. We say stuff like, "You are now 2.5 out of 3 compliant with PCI 1.2."
So we report our current security configuration, our current policies, and our current controls in the language of the compliance framework, which allows the operator to very easily communicate with a GRC team to communicate how they are contributing to compliance.
How many customers do you have?
We've got about 30 customers deployed right now.
Who do you compete with?
A lot of people are doing multifunction and a lot of people are doing software-defined security or security for the software-defined data center. Others do kind of event-based compliance measurement monitoring GRC-type stuff. But in terms of multifunctional security solutions, nobody has the body of controls we do, and does compliance the way we do, and nobody who does compliance has the number of controls we have. So we're kind of filling a niche at this point. Our biggest competitor is customers wanting to secure their virtual environments the old way, or to implement virtualized security controls that aren't unified in a single interface.
You didn't name VMware as a competitor, so I presume they are a partner?
We have been an alliance partner of theirs for quite some time. They're implementing a methodology for vendors to deploy their security as services, which is similar to our approach. But from our perspective this is good because we'll be able to report on controls we have and, through emerging technologies on the NSX side, also extend our real-time continuous compliance monitoring to controls we don't directly orchestrate with. So for every control that integrates with VMware's integration framework, we will have the capability to extend our orchestration. So we're very excited about those developments.
Sign up for MIS Asia eNewsletters.