About

This blog is dedicated to the discussion of securing and proving compliance in virtual and private cloud infrastructure.  Nobody is more passionate about this topic than we are. We consider topics ranging from network, security, and compliance operations responsibilities to the implications of regulatory requirements in cloud environments to current events -- all with the goal of providing best practices for our readers to safely move to virtual and cloud infrastructure. We invite you to join in the dialogue. 

Receive Periodic Updates

Your email:

Follow Catbird

Catbird Virtualization Security & Compliance Blog

Current Articles | RSS Feed RSS Feed

Suffering from Shellshock?

  
  
  

Automate Your Security Response from the Catbird Seat.

In addition to the many security breaches that have rocked the retail and financial community in recent months, the latest threat comes in the form of a remotely exploitable vulnerability to the Bash shell (aka Shellshock, or Bashdoor).  Unlike some of the targeted attacks on specific companies, the Shellshock vulnerability is in the Bash shell.  For those not familiar with Bash shell, it is one of the most widely deployed utilities on *nix operating systems, such as Unix, Linux, MAC OS X, Red Hat and others, that are the platforms for countless web servers, routers, database servers, and even PCs and home computers.  This vulnerability allows an attacker to construct commands or execute arbitrary code against a vulnerable host and perform what is known as a "code injection attack".  Given that this vulnerability can be exploited with relative ease and with severe consequences, this vulnerability has been given a severity rating of 10 out of 10 by the security community. 

Jumping Into the SDDC Revolution

  
  
  

Data center architectures, both private and hybrid cloud, are rapidly evolving. With this evolution it’s become apparent that end-to-end virtualization is the way to go, and VMware, Cisco and OpenStack ecosystem vendors are leading the initiative. 

Results from Private Cloud Security Survey

  
  
  

In an industry that’s fast-paced and constantly evolving, the security of companies’ data communications ultimately rests squarely on the shoulders of IT professionals.  It’s probably a shock to no one that this stress could keep you up at night, and a recent study has proven it.

Four Questions to Ask Before Adopting NSX

  
  
  

When VMware released NSX it seemed like an obvious choice as a platform to move to. We all know how VMware ESX has transformed business. ESX freed IT departments from the one application on one server paradigm. In fact, server virtualization has proven so powerful that in a little over 10 years server virtualization has gone from effectively zero to today where an estimated 77% of data centers use some form of virtualization. VMware NSX promised to bring the same kind of benefits to the network that ESX brought to the server. 

Is Your Cloud HIPAA-Ready?

  
  
  

5 Critical Questions to Ask Your HIPAA Hoster

A lot of cloud hosting providers claim that they’re HIPAA compliant, but what do they actually provide?  Before you make a decision, here are some key questions to ask.

Software-defined Network Challenges

  
  
  

Five Key Considerations When Adopting SDN

As organizations plan to move to virtualized systems and software-defined networks (SDN), it is helpful to review the realistic challenges that they will face. To be able to take advantage of the benefits of a software-defined environment, architects should consider the following: 

Hacking Is Not that Hard

  
  
  

Three Risk Management Strategies

You know that data breaches and attacks are common, but did you know that hacking is actually very easy? According to a recent CSIS report, hacking is not that hard. For me, some of the most interesting data points in this report include:

Shifting Roles in the SDDC

  
  
  

Three Things You Can Do to Transition Effectively

Changes in data center architecture have also led to shifting roles within the organization. The software-defined data center and SDN present an opportunity for existing IT personnel to embrace change and expand their portfolio. For IT to function efficiently, System, Network, and Security teams should recognize that they have the opportunity to take on a larger scope, as the days of IT siloes are over.

Are Your Vendors Your Weakest Links?

  
  
  

The Target Breach Backlash

It’s a situation that strikes fear into the heart of every CIO and CISO—a breach caused by a vendor relationship. The Target debacle was apparently due to just that and affected millions of customers.  Will this incident create a deluge of headaches for Target’s vendors? Will other corporations follow suit? Most importantly, what can you do?

ACI Meets PCI, HIPAA, FISMA, SOX

  
  
  

Catbird Joins Cisco ACI Ecosystem

It’s fantastic news for Catbird and for you as well.  With Cisco Application Centric Infrastructure (ACI) adding Catbird to its expanding ecosystem, the next iteration of network security is within grasp. 

All Posts