Modern data centers are highly dynamic. With the use of virtualization technologies, container adoption, and workload mobility, applications are deployed rapidly, and communication patterns between application components are constantly shifting. Applications also move across data centers and across different infrastructures. This dynamic application environment presents a new set of challenges.
Customers may have no awareness of an application’s various components, communication patterns, and dependencies. They also may have no visibility into the application flows and the application’s overall behavior. Application components running in different infrastructures present challenges in generating and enforcing microsegmentation policies within the data center at scale: who can talk to whom, on what ports, using what protocols, etc. Given the dynamic nature of the workloads today, where IP addresses are ephemeral, a scalable microsegmentation platform should allow policy definitions based on context from critical infrastructure management systems. These policies have to be rendered and kept up to date as contexts change. In addition, customers need the capability to search for network traffic anomalies and policy compliance based on the same context information instead of the IP addresses.
● Generate dynamic microsegmentation policies based on the IP address context received from the Infoblox IP Address Management system.
● Keep policies up to date as context information changes.
● Get network traffic annotated based on the same context.
● Search billions of network traffic flow information based on the context in seconds.
The Cisco Tetration™ and Infoblox integration enables enterprises to enhance their microsegmentation policies based on information from the Infoblox IP Address Management system. This context data is annotated with every workload and traffic flow from these workloads. This provides enriched application insights, thereby allowing administrators to define policies based on the same context. The solution also helps customers enhance security through anomaly detection and quarantine mechanisms.
Why existing approaches cannot meet these challenges
Existing approaches to data collection, analysis, and correlation do not meet the data center scale requirements needed for visibility, security, and forensics.
● Inability to autogenerate microsegmentation policies to support data center scale: Most enterprises use a combination of outdated tools and manual approaches to implement microsegmentation. The problems with this approach include inconsistency of data coming from different tools, keeping these policies up to date as workload posture or context changes, and blind spots that obscure visibility and therefore segmentation policies.
● Inability to analyze data in real time: Most tools that exist today cannot analyze in real time the volume of data that modern data centers receive, nor can they address operational issues comprehensively. Most tools try to support a single security use case. Also, these tools do not have the long-term data retention capabilities needed for effective forensics and policy compliance analysis. Thus customers end up with siloed tools for specific tasks without any correlation between them.
● Complexity associated with systems that have the technology to address the challenges: Customers need advanced data scientists to implement algorithms to support these complex systems. These systems are expensive, cumbersome, and complicated to maintain.
The Cisco Tetration and Infoblox solution
Cisco Tetration is an application workload security platform designed to secure compute instances across any infrastructure and any cloud. One of the key capabilities of Tetration is providing customers a scalable way to implement microsegmentation. It uses behavior- and attribute-driven policies and policy enforcement in multicloud environments to achieve this. It enables trusted access through automated, exhaustive contexts from various systems to automatically adapt security policies.
Infoblox provides the industry-leading platform for secure DNS, Domain Host Configuration Protocol (DHCP), and IP Address Management (IPAM)— collectively referred to as DDI. By delivering actionable network intelligence through a centrally managed interface, Infoblox helps secure core network services, automate discovery and provisioning, and control a diverse architecture with powerful views and management features.
Cisco Tetration and Infoblox integration
The Infoblox platform comes ready to immediately integrate with existing workflow automation and security orchestration solutions to help ensure that intelligence can be shared with the existing networking and security infrastructure. For example, Infoblox can share discovered end-host and network parameters with other platforms. Infoblox also works with selected partners to share underlying data and insights through its Representational State Transfer (REST) and streaming APIs.
Cisco Tetration offers a native integration with the Infoblox IPAM system to dynamically get the context for subnets and IP addresses in the multicloud environment. This dynamic context is used by Tetration to support two key use cases.
IP addresses are ephemeral in modern data centers. Due to their ephemeral nature, it is inefficient to define microsegmentation policies based on just IP addresses. Infoblox IPAM provides a rich set of contexts for subnets and IP addresses. Examples of the context for an IP is lifecycle, state, location, application group, etc., Tetration users can predefine policies for microsegmentation based on this rich set of contexts. There are two key advantages of this context-based approach:
● It provides an IP address–agnostic approach to define the policies. The Tetration platform identifies the IP addresses and subnets that match the context and enforces the right microsegmentation policy.
● If a new IP block is added with the same context, the same policies will be enforced on the new workloads.
Segmentation policy using context information
The combination of Cisco Tetration and Infoblox’s discovered data provides a comprehensive context that allows enterprises to design and implement microsegmentation within the data center to provide greater security.
Cisco Tetration collects a rich set of traffic telemetry from all of the workloads in a multicloud data center. When using Infoblox IPAM integration, the Tetration platform annotates every traffic flow with the same context information. Tetration provides a time series view, allowing users to search the traffic flow based on this context rather than tracking down individual IP addresses.
Search network traffic flow based on context information
A typical application consists of multiple tiers, and each tier may have multiple servers for redundancy. This is called a cluster. Tetration discovers these clusters within the application using AI/ML approaches. The IP address context from Infoblox can be used for automated updates to these clusters. For example, to scale out an application if two additional web servers are added to the clusters, these two servers will be automatically added to the cluster when using the context information.
Cluster definition in application dependency maps based on the context information
Business factors and technology trends including adoption of multicloud, DevOps, and containers mandate a new approach to data center security. Complexity is exacerbated due to the ephemeral nature of the IP addresses in the data center. Real-time context from infrastructure platforms such as Infoblox can, not only provide required visibility for security, but also automate the enforcement of microsegmentation policies as the application context or behavior changes. Such contexts provide the missing ingredients that enterprises need for their data center security transformation.
To learn more, visit https://www.cisco.com/go/tetration, then contact your Cisco sales representative or Cisco authorized channel partner.