Cisco Secure Workload for Workload Protection Data Sheet

Data Sheet

Available Languages

Download Options

  • PDF
    (1.3 MB)
    View with Adobe Reader on a variety of devices
Updated:August 15, 2023

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (1.3 MB)
    View with Adobe Reader on a variety of devices
Updated:August 15, 2023

Cisco Secure Workload (formerly Tetration) seamlessly delivers zero-trust microsegmentation across any workload, environment, or location from a single console. With comprehensive visibility into every workload interaction and powerful AI/ML-driven automation, Secure Workload reduces the attack surface by preventing lateral movement, identifies workload behavior anomalies, helps rapidly remediate threats, and continuously monitors compliance.

Product Overview

Traditionally in IT, we’ve had an infrastructure-centric view of the universe. Our most valuable data was contained in the data center, so our job was to let good traffic in and keep bad actors out. And our tool of choice was the firewall.

In today’s organizations, the center of gravity has shifted decidedly in favor of applications. Applications are critical to how you engage with customers, run your operations, and get paid. But the constant proliferation and dynamic nature of these applications have led to an unprecedented security challenge for IT professionals.

Apps are distributed. They’re deployed at the edge near to the user, on-premises data Center / private cloud, and in the cloud, or across multiple clouds, and critical workloads are no longer tidily kept in the data center where they can be protected by a perimeter firewall. In some ways, there is no more perimeter. To respond to this app-centric world, you need a security solution that can bring security closer to the applications using a “new firewall or micro-perimeter” that surrounds each and every workload, allowing you to protect what matters most to you—your applications and data.

With Cisco Secure Workload, you can secure your application landscape by creating a micro-perimeter at the workload level across your entire infrastructure, whether applications are deployed on bare-metal servers, virtual machines, or containers. Secure Workload helps you to deliver zero-trust microsegmentation to protect applications, reduce risk, and maintain compliance with:

      Automatically generated microsegmentation policies through a comprehensive analysis of application communication patterns and dependencies using machine learning models.

      Dynamic attribute-based policy definition with a hierarchical policy model to deliver comprehensive controls across multiple user groups with role-based access control.

      Consistent policy enforcement at scale through distributed control of native host firewalls, cloud built-in security constructs, and infrastructure, including ADCs (Application Delivery Controllers), firewalls, and networks.

      Near real-time compliance monitoring of all communications to identify and alert against policy violations or potential compromise.

      Workload behavior baselining and proactive anomaly detection.

      Common vulnerability detection with dynamic mitigation and threat-based quarantine.

Cisco Secure Workload - workload protection approach

Figure 1.            

Cisco Secure Workload - workload protection approach

Secure applications through microsegmentation

Cisco Secure Workload provides your team with automated microsegmentation policy recommendations and then helps you enforce those policies consistently at scale across all your environments. This model significantly reduces your attack surface, increases operational efficiency through automation, and enables a zero-trust model.

A blue and green circle with many small iconsDescription automatically generated with medium confidence

Figure 2.            

Secure applications using microsegmentation across any cloud

Flexible metadata-enriched policy definition

With the changing nature of applications and the infrastructures across which they are deployed, a flexible, dynamic policy model is essential. Whether distributed across multiple clouds or operating on the same network segment, individual workloads have discrete policy requirements based on a rich set of attributes that define the application and environment, location, regulatory context, and much more.

To achieve this, Secure Workload maintains a context-rich inventory of every workload and endpoint along with associated metadata through integration with existing systems of record including Configuration Management Database (CMDB), IP Address Management (IPAM), major cloud providers, orchestration platforms, access control, and authentication systems.

Secure Workload’s natural policy definition language provides users with the ability to author and enforce dynamic policy intent to meet any demand, whether to ensure restricted user or endpoint access to a critical application or to deliver against regulatory compliance or InfoSec mandates.

The policy is continually updated with the changing environment, which ensures up-to-the-minute policy delivery at each point of enforcement.

A screenshot of a computerDescription automatically generated

Figure 3.            

Flexible metadata-based policy definition

Automated microsegmentation policy recommendation

Using the Cisco Secure Workload platform, you can automatically generate highly specific microsegmentation policies based on complete visibility of application communications, running processes, and their dependencies. It deterministically merges the autogenerated policy with the user-defined metadata-enriched policy allowing for a detailed policy visualization. Secure Workload empowers the user to review, test, and refine the policy to deliver an accurate and detailed policy set that can be deployed and enforced with confidence.

Related image, diagram or screenshot

Figure 4.            

Automated microsegmentation policy recommendation based on application behavior

Application owners empowered with control

With Secure Workload, security becomes an enabler to rapid innovation because application owners are empowered to own the policies for their applications. Leveraging a hierarchical policy model and Role-Based Access Control (RBAC), application teams can deliver dynamic policy enforcement while operating within the bounds of the organizational policy requirements.

Application owners empowered with policy control

Figure 5.            

Application owners empowered with policy control

Policy flexibility can be achieved by using workload tag assignment through integration with orchestration platforms covering virtual machine and container-based workloads. Continuous Integration/Continuous Deployment (CI/CD) workflows are automated through API-driven policy sets, while maintaining end-to-end consistency across organizational boundaries.

Secure Workload’s dynamic policy model also provides the ability for automated policy response such as for a quarantine or hardening action that may be triggered directly or by third-party integration via an API.

Automated policy enforcement at scale

Whether your environment consists of a hundred or thousands of workloads, Secure Workload is built for scale, providing fully automated enforcement of a dynamic allow-list policy to every workload. A discrete policy set is custom computed for each workload, distributed via the Secure Workload software agent, and programmed for enforcement by the native operating system firewall (either iptables or Windows Firewall).

Policy enforcement across a multicloud infrastructure to enable consistent segmentation

Figure 6.            

Policy enforcement across a multicloud infrastructure to enable consistent segmentation

Secure Workload can also use an agentless approach to protect workloads by leveraging Cisco Secure Firewall and major cloud providers native policy controls such as AWS, Azure, and Google in the form of security groups and firewall rules. The generated policy intent is also streamed across a secure Kafka broker and API for further enforcement in the infrastructure and delivered to ADCs through direct integration to ensure consistent policy enforcement to all workloads across the data center, and cloud.

Agent and Agentless policy enforcement across Hybrid Multicloud environment

Figure 7.            

Agent and Agentless policy enforcement across Hybrid Multicloud environment

Visibility and compliance in near real-time

Secure Workload provides ongoing visibility of all communication activity with near real-time policy compliance assessment to quickly alert you to any policy violation. Flow records are retained for forensic record of all communications with analysis of flow disposition to identify the specific policy match. Whether responding to a breach or adapting to changes in application behavior, you will have a complete and up-to-date record of all communications to assist with rapid response and remediation efforts.

Reduce risks and maintain compliance

Cisco Secure Workload helps you reduce overall risks and maintain compliance by automatically identifying application behavior deviations and invoking appropriate workflows for policy updates. Analytics-based insights enable you to gain a unique perspective of your environment's operations and serve as a catalyst to increase efficiency and security.

Workload behavior baseline and anomaly detection

Secure Workload continually monitors and baselines running processes on every server, capturing detailed context for each process and its associated libraries. Process and library hashes are assessed against a threat data feed to identify malicious code execution and detect variation from known good processes.

Workloads are monitored for behavioral indicators of compromise through a configurable set of forensic event indicators. These forensic indicators include operating system event detections as well as a tailored set of MITRE ATT&CK techniques, identifying and alerting to anomalous behavior.

Security operations teams can customize these events, their severity, and associated actions using simple-to- define rules. In this way, security operations can quickly identify indicators of compromise and take remediation steps to minimize the impact.

Forensic event records provide a snapshot of the relevant process and metadata captured within the event to assist with exploit analysis.

Forensic event

Figure 8.            

Forensic event

Proactive software vulnerability detection

Cisco Secure Workload discovers the installed software packages and versions on your servers to report on known information security vulnerabilities by matching installed software versions against a vulnerability data feed that incorporates multiple sources, including National Institute of Standards and Technology (NIST) vulnerability database and vendor-specific updates.

Secure Workload allows you to quickly identify vulnerable workloads, enabling dynamic policy to be provisioned to protect these vulnerable machines from exploit or apply effective quarantine policy until the necessary patches are applied.

Software vulnerability detection and exposure details

Figure 9.            

Software vulnerability detection and exposure details

Composite security dashboard for actionable intelligence

It is highly critical for security operations teams to understand both their security posture as a whole as well as the individual elements that are contributing to the current posture. This provides actionable data to further harden and remediate the environment against a potential breach.

Secure Workload’s security dashboard provides you with a composite security score based on:

      Vulnerabilities associated with your software packages.

      Process hash consistency and process behavior.

      Workload attack surface assessment.

      Segmentation policy compliance.

The dashboard also helps you identify where to focus for improvement by providing the score breakdown for each of these elements.

Security dashboard with a composite security score

Figure 10.         

Security dashboard with a composite security score

Reporting for troubleshooting and maintenance

Secure Workload also offers tailored reporting for different personas, such as CxO, NetOps, and SecOps. Each report consists of a high-level overview of the following key metrics:

      Overview: Quick summary of license utilization and security posture.

      Operations: Troubleshoot and maintain seamlessly with telemetry, cluster, and segmentation.

      Compliance: CVE split ups for workspace and MITRE ATTACK framework.

Reporting dashboard based on MITRE ATT&CK Framework

Figure 11.         

Reporting dashboard based on MITRE ATT&CK Framework

Features and Benefits

Table 1 lays out the key features of the Cisco Secure Workload protection features and their benefits.

Table 1.        Key features and benefits



Zero-trust model using microsegmentation

  Make implementing microsegmentation within your environment a reality.
  Secure Workload’s automated approach helps accelerate deployment of microsegmentation.
  Secure hybrid multicloud workloads and contain lateral movement using microsegmentation.

Extend policy definitions based on additional context

  Eliminate time-consuming manual creation of resource lists to segment applications.
  Define microsegmentation default and absolute policies using meta-data tags (annotations).
  Quickly develop consistent policies for applications using real-time annotations:

    Associate rich business context with the servers.

    Define policies based on users and user groups that need access.

Detect policy noncompliance events

  Track application policy compliance in real time.
  Enable alerts for compliance events that can then be integrated with Security Incident and Event Management (SIEM) systems for investigation and remediation.

Software vulnerability tracking

  Get a baseline software inventory and the version information installed on servers.
  Quickly identify if any of the package versions have known vulnerabilities or exposures, along with the severity.
  Get an accurate inventory of all the servers that have the vulnerable package.
  Tie this information to a policy that designates a specific action, such as quarantining a specific server.

Behavior-based workload anomaly detection

  Baseline the behavior or the workloads based on communication activities and processes on the workloads.
  Proactively detect anomalous behavior and identify indicators of compromise.
  Enable alerts for such events to be integrated with your SIEM systems for further security incident handling.

Rich context for users and endpoint devices

  Integrate with Cisco ® Identity Services Engine (ISE) and Cisco AnyConnect ® to get the user context, endpoint device posture, and other endpoint information.
  Define policies to secure your applications and workloads from compromised endpoints or user information.

Cisco Secure Workload Platform details

Information regarding the deployment options, supported scale, supported operating systems, licensing, and ordering information can be found in the platform datasheet:

Cisco Secure Workload Software licensing terms

Secure Workload Software-as-a-Service (SaaS) deployment:

SaaS subscription is governed by the Secure Workload SaaS Offer Description and the Cisco Universal Cloud Agreement located at (or similar terms existing between you and Cisco) (the “Agreement”), and any software that you install is licensed under the Cisco End User License Agreement located at (the “EULA”).

On-premises deployment models:

In addition to being subject to the Cisco EULA (see ), Cisco Secure Workload software is subject to Cisco Supplemental End User License Agreement terms (SEULA)see:

Put Cisco Expertise to work to accelerate adoption

Cisco provides professional and support services from Advisory, Implementation, and Optimization to ongoing Solution Support, to help organizations get the most value from the Cisco Secure Workload platform. Cisco Services experts help integrate the platform into your production data center environment, define use cases relevant to your business objectives, tune machine learning, and validate policies and compliance to improve application and operation performance. Cisco Solution Support for Cisco Secure Workload provides hardware, software, and solution-level support.

We offer a selection of custom and fixed-price, fixed-scope services for Cisco Secure Workload that help you experience faster time to value, comprehensive adoption in your environment, optimized policies and application performance, and solution-wide support.

Cisco environmental sustainability

Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.

Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:

Sustainability topic


Information on product material content laws and regulations


Information on electronic waste laws and regulations, including products, batteries, and packaging

WEEE compliance

Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

For more information about the Cisco Secure Workload platform, please visit or contact your local Cisco account representative.




Learn more