What is a data center? You are free to ponder that, but by all means you do not want your data center security to be defined by the infrastructure you pick. Today’s data centers consist of a hybrid multicloud infrastructure using baremetal, virtualized, and container-based workloads or anywhere in-between.
● Automate application policy to enable a zero trust model
● Minimize lateral movement through efficient application segmentation
● Identify anomalies faster using process behavior deviations
● Reduce the attack surface within the data center by quickly identifying common vulnerabilities and exposures
● Gain better workload protection for on-premises and public cloud data centers
As everything revolves around software today, applications running on your infrastructure are the crown jewels, these are dynamic—these are constantly evolving. One of the key challenges is how do I provide a secure infrastructure for applications without compromising agility. Even today, the majority of data centers are designed with traditional perimeter-only security, which is insufficient. A new approach is needed to address this challenge.
The Cisco Secure Workload platform (formerly Tetration) is designed to address this challenge in a comprehensive and scalable way. Secure Workload enables holistic workload protection for multicloud data centers by using:
● Micro-segmentation, allowing operators to control network communication within the data center, enabling a zero-trust model
● Behavior baselining, analysis, and identification of deviations for processes running on servers
● Detection of common vulnerabilities and exposures associated with the software packages installed on servers
● The ability to act proactively, such as quarantining server(s) when vulnerabilities are detected and blocking communication when policy violations are detected
By using this multidimensional workload-protection approach (See Figure1), Cisco Secure Workload significantly reduces the attack surface, minimizes lateral movement in case of security incidents, and more quickly identifies Indicators Of Compromise (IOCs).
The Cisco Secure Workload platform is powered by big-data technologies to support the scale requirements of data centers. It can process comprehensive telemetry information received from servers in near-real time and it can enforce consistent policy across thousands of applications and hundreds of millions of policy rules.
Multidimensional workload protection approach using Cisco Secure Workload
Redefine your data center security using comprehensive capabilities offered by the Cisco Secure Workload platform. With Secure Workload, operators can:
● Implement a zero-trust based model: By using advanced algorithms, Cisco Secure Workload generates a granular segmentation policy for each application. It provides the ability to merge business policy requirements with policies that are generated based on application behavior. This normalization and hierarchical merging of policies helps ensure that administrators with reduced scope cannot override higher level business policy intentions
● Control communication using segmentation: The platform provides consistent policy enforcement through server operating system capabilities across the multicloud infrastructure. Because policy is enforced on the workload itself, Secure Workload supports virtualized, bare-metal, and container-based environments in unison. This approach ensures that policy moves along with the workload, even when an application component migrates from a bare-metal server to a virtualized environment
● Identify process behavior deviation: Behavior of the servers can be determined by baselining the processes that are running on the server and identifying any deviations in behavior from those baselines. In Cisco Secure Workload, algorithms are available to match the behavior deviations to malware execution patterns, enabling faster detection. The behavior-pattern matching includes serious threats such as Specter and Meltdown
● Reduce attack surface with vulnerability detection: The Cisco Secure Workload platform also baselines installed software packages, package versions, patch level, and publisher. Secure Workload includes 19 years’ worth of Common Vulnerabilities and Exposure (CVE) database. Using this information, Secure Workload checks whether any of the software packages have known information-security vulnerabilities listed in the CVE database. When a vulnerability is detected, you can find complete details, including the severity and impact score, identify all servers that have the same version of the package installed, and define policies with specific actions, such as quarantining a host when servers have packages with certain vulnerabilities
The Cisco Secure Workload platform is unlike any other in the industry. Holistic workload capabilities allow you to build a more secure infrastructure for applications and significantly reduce the risk of exposure
It offers a turnkey approach for security and minimizes the time and effort required to operationalize the platform
For more information about the Cisco Secure Workload platform, please visit https://www.cisco.com/go/SecureWorkload.