The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
What is a data center? You are free to ponder that, but by all means you do not want your data center security to be defined by the infrastructure you pick. Today’s data centers consist of a hybrid multicloud infrastructure using baremetal, virtualized, and container-based workloads or anywhere in-between.
As everything revolves around software today, applications are the crown jewels of any business. These are dynamic—these are constantly evolving. One of the critical challenges is how to provide a secure infrastructure for applications without compromising agility. Even today, the majority of data centers are designed with traditional perimeter-only security, which is insufficient. In some ways, there is no more perimeter. Solutions responding to this app-centric world must bring security closer to the applications using a “new firewall” that surrounds each and every workload, protecting what matters most— applications and data.
Cisco Secure Workload (Tetration) (Figure 1) addresses these requirements by securing your environments using firewalls at the workload level across your entire infrastructure, whether applications are deployed on bare-metal servers, virtual machines, or containers. The platform provides policy management capabilities to implement a zero-trust model using allow/block policies, it also proactively identifies workload behavior anomalies and reduces the attack surface by actively identifying vulnerabilities and exposures.
● Uses behavior-based application insight to automate zero trust policy
● Minimizes lateral movement using microsegmentation to enable a secure zero-trust model
● Identifies anomalies faster by using process-behavior deviations
● Reduces the attack surface within the data center by quickly identifying common vulnerabilities and exposures
Cisco Secure Workload architecture
Secure Workload helps you to deliver zero-trust application security, reduce risk, and maintain compliance. With Secure Workload, you can:
● Implement a zero-trust based model: By using advanced algorithms, Secure Workload generates a granular segmentation policy for each application. It provides the ability to merge business policy requirements with policies that are generated based on application behavior. This normalization and hierarchical merging of policies helps ensure that administrators with reduced scope cannot override higher level business policy intentions
● Contain lateral movement using microsegmentation: The platform provides consistent microsegmentation through workload operating system capabilities across the multicloud infrastructure. Because policy is enforced on the workload itself, Secure Workload supports virtualized, bare-metal, and container-based environments in unison. This approach ensures that policy moves along with the workload, even when an application component migrates from a bare-metal server to a virtualized environment
● Identify workload behavior deviation: Behavior of the workloads can be determined by baselining the processes that are running on the server and identifying any deviations in behavior from those baselines. In Secure Workload, algorithms are available to match the behavior deviations to malware execution patterns, enabling faster detection
● Detect vulnerabilities associated with software packages: Secure Workload also identifies installed software packages, package versions, patch level, and publisher. Using this information, it checks whether any of the software packages have known information-security vulnerabilities listed in the CVE database. When a vulnerability is detected, you can find complete details, including the severity and impact score, identify all servers that have the same version of the package installed, and define policies with specific actions, such as quarantining a host when servers have packages with certain vulnerabilities
● Compliance and auditability: The platform monitors application components for policy compliance. It can detect any segmentation policy compliance deviations in minutes and trigger a notification. In addition, enforcement policies are updated automatically to accommodate certain application-behavior changes
● Cisco SecureX integration: Cisco SecureX is a highly integrated security platform that makes it easy to establish coverage across your security portfolio. The SecureX platform is included with Secure Workload and every Cisco security product. SecureX integrates Secure Workload security features to unify and extend visibility and protection across network, endpoint, cloud, and applications to accelerate threat response and realize desired outcomes
● Cisco Secure Firewall integration: Leverage a true defense-in-depth strategy with unified segmentation policies. Secure Workload can enforce coarse macro policies to Secure Firewall to enhance the security posture of the network. It also extends consistent segmentation policies in environments where software agent installation is not feasible.
● Endpoint visibility with Cisco ISE and AnyConnect: Secure Workload can extend the zero-trust model to endpoints by defining least-privilege policies based on dynamic user or device information. Secure Workload maps dynamic inventory according to annotations like ISE Security Group Tags and AnyConnect telemetry information leveraging LDAP user attributes.
Secure Workload is unlike any other in the industry. It offers a turnkey approach for microsegmentation, minimizing the time and effort required to build a more secure environment for applications and reduces the risk of exposure.
Cisco provides professional and support services to help organizations get the most value. Cisco Services experts help integrate Cisco Secure Workload into your data center and cloud environment, define use cases based on business objectives, tune and validate policies and compliance. Cisco Solution Support provides hardware, software, and solution-level technical support.
For more information about the Cisco Secure Workload platform, please visit www.cisco.com/go/SecureWorkload.