Saturday, March 15, 2008

Review: Catbird Pocket V-Agent

Security is a never-ending to-do list.

On one hand, it's an ongoing source of revenue. On the other hand, it's a complex mishmash of various products.

Even after protecting the network, data needs to be encrypted, endpoints have to be secured, and compliance policies have to be enforced. With increased interest in sever consolidation, for both the cost-savings as well as space, and desktop virtualization to support multiple platforms, a new item is added to the checklist: virtual networks.

Test Center performed network security assessments on the virtual network using Catbird's Pocket V-Agent. A silver USB stick with a full-blown virtual appliance, the Pocket V-Agent offers rogue-device monitoring, intrusion detection and prevention, and vulnerability monitoring.

Catbird, Scotts Valley, Calif., offers a comprehensive Web Security and Network Access Control solution for the main network. The Catbird V-Agent is a VMware-based appliance that protects virtual machines -- hence the letter "V" -- instead. The Pocket V-Agent can instantly turn a PC into a full-blown comprehensive security agent. Along with monitoring the virtual machines on the host, V-Agent (pocket and otherwise) also monitors the physical network components attached to the host.

It's easy to think that virtual machines -- and the host machine on which they reside -- do not need any special protection from malicious attacks. After all, virtualization is about creating machines in a protected space to begin with, isn't it? In reality, a hacker who manages to gain access to the host PC can discover the virtual network and compromise the virtual machines in essentially the same way as a physical one.

With the Pocket V-Agent, solution providers can perform virtual network security assessments on the fly by plugging the USB drive into any PC. Once the appliance has been installed and booted, the PC can monitor networks and protect data.

The Pocket V-Agent shows up as Pocket ACE when plugged in to the device. It automatically tries to install VMware Player first in order to start the appliance. If the system already has VMware Server installed (as this one did), the installation would fail. Once uninstalled, the Player installed and appliance had no trouble starting.

Security monitoring and configuration are performed using a Web browser to access the Web portal. Pocket V-Agent provides a snapshot of real-time data to illustrate potential areas for security breaches.

Guest operating systems can be checked for vulnerability to a network attack, user misconfiguration, or a compromised hypervisor.

The USB drive gives a single admin the power to conduct remote security evaluations at multiple sites. Anyone in front of one of the machines onsite can mount the USB drive. The V-Agent is launched automatically within VMware Player. The agent is designed to be stateless, allowing access to the network data even after the machines have been shut down, restarted, or restored. All the collected data is stored in a Web-accessible portal. The portal has several configuration options, such as turning on quarantine, turning on the IPS capability, or applying policy compliance and validation rules.

There are many ways solution providers can use the Pocket V-Agent. They can bundle the V-Agent with various virtualization solutions, such as application and processing virtualization. It can also be used to measure security and compliance audit. Or VARs can add it to their personal toolbox to use on unknown systems when working on the client site.

Unlike assessment tools that require external appliances and extra software, the USB-based Pocket V-Agent converts the typical PC host into a security analysis tool.

A combination of one-time purchase and service fees, the product is available through the channel. Partners can pick and choose individual components from Catbird's array of products to create the right bundle and to set an appropriate price point instead of creating one-size-fits-all offerings.

Catbird's Software-as-a-Service option means there is no initial investment for partners. Catbird also allows partners to deliver their own branded security-as-a-service solution.

While there are a handful of security appliances that offer host PCs some protection, solution providers would find Catbird V-Agent a more cost-effective management and security agent for the midmarket and SMB.

Form :