Catbird Virtualization Security and Compliance Blog

VMware vCenter Vulnerabilities Expose your VMware Environment

Posted by Chris Tamblyn on Oct 6, 2015 12:23:00 PM

How to Detect and Protect your Organization Against Exploits

vmware_cloud_logo.jpgEnd of last week, VMware released patches for vCenter to address a vulnerability, which was reported by ethical hackers early this year. The vulnerability that was discovered allows intruders to gain system access to VMware hypervisors through an exploit of JMX/RMI.  With the release of the patches, we encourage all VMware customers to immediately apply the patch since weaponized versions of the exploit are available.

Read More

Topics: VMware

Suffering from Shellshock?

Posted by Sean Pitts on Oct 6, 2014 4:29:00 PM

Automate Your Security Response from the Catbird Seat.

In addition to the many security breaches that have rocked the retail and financial community in recent months, the latest threat comes in the form of a remotely exploitable vulnerability to the Bash shell (aka Shellshock, or Bashdoor).  Unlike some of the targeted attacks on specific companies, the Shellshock vulnerability is in the Bash shell.  For those not familiar with Bash shell, it is one of the most widely deployed utilities on *nix operating systems, such as Unix, Linux, MAC OS X, Red Hat and others, that are the platforms for countless web servers, routers, database servers, and even PCs and home computers.  This vulnerability allows an attacker to construct commands or execute arbitrary code against a vulnerable host and perform what is known as a "code injection attack".  Given that this vulnerability can be exploited with relative ease and with severe consequences, this vulnerability has been given a severity rating of 10 out of 10 by the security community. 

Read More

Topics: security, bash shell, vulnerability, NIST, shellshock attack, shellshock

Jumping Into the SDDC Revolution

Posted by Sri Sundaralingam on Sep 15, 2014 12:54:00 PM

Data center architectures, both private and hybrid cloud, are rapidly evolving. With this evolution it’s become apparent that end-to-end virtualization is the way to go, and VMware, Cisco and OpenStack ecosystem vendors are leading the initiative. 

Read More

Topics: policy enforcement, sddc, vmware nsx, security policy

Results from Private Cloud Security Survey

Posted by Sri Sundaralingam on Sep 11, 2014 3:15:00 PM

In an industry that’s fast-paced and constantly evolving, the security of companies’ data communications ultimately rests squarely on the shoulders of IT professionals.  It’s probably a shock to no one that this stress could keep you up at night, and a recent study has proven it.

Read More

Four Questions to Ask Before Adopting NSX

Posted by Randal Asay on Sep 3, 2014 12:35:00 PM

When VMware released NSX it seemed like an obvious choice as a platform to move to. We all know how VMware ESX has transformed business. ESX freed IT departments from the one application on one server paradigm. In fact, server virtualization has proven so powerful that in a little over 10 years server virtualization has gone from effectively zero to today where an estimated 77% of data centers use some form of virtualization. VMware NSX promised to bring the same kind of benefits to the network that ESX brought to the server. 

Read More

Topics: VMware, sddc, catbird, vmware nsx, security policy

Is Your Cloud HIPAA-Ready?

Posted by Bill Rohrs on Apr 3, 2014 2:59:00 PM

5 Critical Questions to Ask Your HIPAA Hoster

A lot of cloud hosting providers claim that they’re HIPAA compliant, but what do they actually provide?  Before you make a decision, here are some key questions to ask.

Read More

Topics: continuous monitoring, policy enforcement, HIPAA, cloud service providers, catbird

Software-defined Network Challenges

Posted by Randal Asay on Mar 20, 2014 5:04:00 PM

Five Key Considerations When Adopting SDN

As organizations plan to move to virtualized systems and software-defined networks (SDN), it is helpful to review the realistic challenges that they will face. To be able to take advantage of the benefits of a software-defined environment, architects should consider the following: 

Read More

Topics: Randal Asay, SDN, software-defined network

Hacking Is Not that Hard

Posted by Randal Asay on Mar 14, 2014 11:52:00 AM

Three Risk Management Strategies

You know that data breaches and attacks are common, but did you know that hacking is actually very easy? According to a recent CSIS report, hacking is not that hard. For me, some of the most interesting data points in this report include:

Read More

Topics: continuous monitoring, policy enforcement, catbird, Target breach

Shifting Roles in the SDDC

Posted by Randal Asay on Mar 13, 2014 9:29:00 AM

Three Things You Can Do to Transition Effectively

Changes in data center architecture have also led to shifting roles within the organization. The software-defined data center and SDN present an opportunity for existing IT personnel to embrace change and expand their portfolio. For IT to function efficiently, System, Network, and Security teams should recognize that they have the opportunity to take on a larger scope, as the days of IT siloes are over.

Read More

Are Your Vendors Your Weakest Links?

Posted by Randal Asay on Mar 7, 2014 11:50:00 AM

The Target Breach Backlash

It’s a situation that strikes fear into the heart of every CIO and CISO—a breach caused by a vendor relationship. The Target debacle was apparently due to just that and affected millions of customers.  Will this incident create a deluge of headaches for Target’s vendors? Will other corporations follow suit? Most importantly, what can you do?

Read More

Topics: Compliance, continuous monitoring, policy enforcement, PCI Security, catbird, Target breach


This blog is dedicated to the discussion of securing and proving compliance in virtual and private cloud infrastructure. Nobody is more passionate about this topic than we are. We consider topics ranging from network, security, and compliance operations responsibilities to the implications of regulatory requirements in cloud environments to current events -- all with the goal of providing best practices for our readers to safely move to virtual and cloud infrastructure. We invite you to join in the dialogue.

Receive Periodic Updates

Follow Catbird