By Mary Jander January 18, 2008, 9:30 AM
Virtualization may be the future of IT, but for a growing number of customers with sizeable Internet-based assets, it's also a major security challenge -- one that a small but ambitious California startup aims to address.
Catbird Networks of Scotts Valley claims it's got over 400 customers for its technology, which monitors Web-based networks for intruders and malware. Founded and funded (for an undisclosed sum) in 2000 by famed NFS developer Ron Lachman, Catbird offers a variety of products based on Linux. These include a single-rack Network Access Control (NAC) unit, a USB stick for LAN monitoring, and a VMware virtual appliance.
Catbird sells these products as agents for its service, which is offered directly or through partners who rebrand it. Once installed, the hardware and/or software acts as an IDS/IPS (intrusion detection system/intrusion protection system), tracking a range of problems on IP LANs and Internet connections, including rogue log-ins, viruses, pharming attacks, hijacking, and more. Monitoring is refreshed every two minutes. Alerts are forwarded to email. A browser-accessible interface presents ongoing information from all agents, facilitates rules setting, and provides reports.
Catbird is heavily marketing V-Security, since the VMware agent offers easy installation to protect both physical and virtual machines. V-Security also monitors both within the LAN and outside a firewall, Catbird says. And because it operates as a guest in the hypervisor, it can safeguard virtual networks -- a key feature for firms concerned with emerging threats in this area.
The all-in-good-fun stunt was aimed at the very serious problems facing companies with substantial Web-based applications, particularly as virtualization is used to extend their capabilities. Among the emerging threats are bots, pharming schemes, wireless hacks, Website defacement, slurping, and theft of confidential data from banking and other forms of transactional sites.
One Catbird customer says he's been pleased with his service. Andrew Voorhies, technology operations manager at the Stanford Federal Credit Union (SFCU) in Palo Alto, Calif., has been using Catbird's NAC since April 2005 and recently added V-Security agents. While his group still uses a range of protection for the financial services network of over 70 Intel-based Windows servers, Catbird is key to their strategy.
"One really nice feature is a 'penalty box' for rogue LANs. If an unauthorized device is plugged into the network, it's automatically disabled from using the network resources," he says. "Whenever we add a new device, we purposely let Catbird pick it up."
Voorhies says he looked at a couple of products similar to Catbird's over the last few years, including ones from SecureWorks and RedSeal. But he says he liked the fact that with Catbird, he gets both "service bureau" and in-house agents combined -- and agents that are easy to implement.
Voorhies asked and got Catbird to implement a bigger section in its reporting interface for notes to be added. He says he wouldn't mind if Catbird expanded its capabilities to monitor internal server activity at some point in the future.
Catbird's closest competition in the virtualization security arena comes from Reflex Security, whose software also runs in virtualized environtments. Reflex, however, features an enterprise-level product line that includes high-speed switching hardware. Another player, BlueLane Technologies, offers patching updates to protect virtual networks, something Catbird doesn't do.
For now, Catbird seems bent on developing its solutions for an SMB audience. The firm, which still has under 100 employees, isn't divulging whether it's profitable. But given the growth of virtualization and the threats facing data center customers of all sizes, it's probably safe to assume there's a niche for startups like this one.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.