Catbird Monitoring VMs In Amazon EC2

Oct 30, 2009 (05:10 AM EDT)

Read the Original Article at

Catbird, a specialist in supplying virtual machine security, will be the source of a new Amazon cloud application that supplies security surveillance to virtual machines running in EC2.

The fact that a security system is monitoring virtual machines and is ready to enforce SOX, PCI and HIPAA policies brings cloud workloads into compliance with those regulations, said Michael Berman, Catbird CTO. If he's correct, then a major barrier to offloading IT workloads from the enterprise data center to the cloud may have found a solution.

In addition to Catbird, many security companies are working on surveillance systems for monitoring virtual machines running in cloud computing environments, including Trend Micro and McAfee. VMware has published a VMsafe API through which such companies may connect their monitoring and policy systems to the virtual machine.

A version of Catbird's vSecurity Cloud Edition is available as an application in Amazon's EC2-approved catalog of application services; thus far it is the only security service available in EC2. By tapping the Catbird application, a customer can provision an EC2 server with Catbird to monitor the operation of virtual servers running his or her workload. Doing so satisfies one of the primary requirements of SOX, PCI and HIPAA regulations, even though the workload has left the user's premises and is being executed in the cloud.

"You can't be PCI compliant without vulnerability monitoring," Berman said. That's made it hard to conceive of some workloads moving out of the data center to be executed in a public cloud, where the data owner doesn't control the security provisions of the servers.

But the Catbird service, which amounts to the customer commissioning another Amazon Machine Image virtual server and paying Amazon's hourly charges as well as the Catbird subscription, can sit next to the running virtual machines, monitoring their network traffic and analyzing it for trouble.

In addition to PCI, HIPAA, and SOX, the service can monitor for DIACAP compliance, COBIT, or Control Objectives for Information and related Technologies, a best practices framework for IT operations set up by the IT Governance Institute; and FISMA, the Federal Information Security Management Act of 2002, compliance.

"We do port scanning," said Berman, referring to the checking of server ports to see whether they are closed in the Amazon setting rather than open and subject to an intruder. "Is a port open when it shouldn't be? That's a vulnerability" that's not allowed under various regulations, he noted. The security monitor performs many other vulnerability detection functions, such as blocking cross-site scripting attempts.

The vSecurity Cloud Edition checks which version of an application has been installed in a virtual machine. Has it been correctly patched? It checks the signatures on incoming traffic to see whether any is coming from know attack sites. Is the user visiting the site making use of an unpatched version of Microsoft's Internet Explorer browser? Such a system isn't allowed on the same network as the VM and will be kicked off, said Berman.

The EC2 server running Catbird vSecurity Cloud sits outside the actual virtual machines it is monitoring, not inside next to the hypervisor. Nevertheless, as an Amazon-offered application, it's already inside the Amazon firewall and perimeter filters and monitoring the network traffic to and from the hypervisor tells it what the virtual machines are dealing with.

In addition to monitoring virtual machine network traffic, vSecurity Cloud Edition can supply auditing, inventory management, configuration management, change management, access control and incident response.

Use of the Catbird application on EC2 for basic discovery and vulnerability monitoring is $100 a month for five IP addresses (or virtual machines), in addition to Amazon's charges; $150 for 10; and $350 for 32.

Add on services are available, such as network access control for an inventory of virtual machines, a real time VM catalogue and protection against virtual machine sprawl, where virtual machines are lost from view but still running on the network, available to an intruder. Basic protections plus NAC-based enforcement is priced at $150 a month for 5; $200 for $10 and $400 for up to 32 VMs. Adding a firewall allows logical grouping of virtual machines for applying sets of policies to them. That service results in pricing of $200 a month for 5; $250 for 10 and $500 a month for up to 32.

In addition, Catbird announced Wednesday the immediate availability of vSecurity Cloud Edition as a product that can be implemented by Internet service providers. There are a few variations between the ISP product and Amazon Catbird application but they are highly similar, said Tamar Newberger, Catbird VP of marketing. Early implementers include, a private label cloud hosting service, and Halo FC, a hybrid cloud enabling software company.

InformationWeek and Dr. Dobb's have published an in-depth report on how Web application development is moving to online platforms. Download the report here (registration required).