- You can have consistent policy enforcement for segmentation
- Your whitelist policies are kept up to date based on application behavior
- You can automatically track policy compliance
- You are alerted of anomalies in app behavior
Applications are the lifeblood of digital business. Modern applications are inherently dynamic and modular. They are also distributed across multiple public clouds and on-premises infrastructure. IT organizations are struggling to secure these modern apps across hybrid cloud environments without giving up the agility they need to compete in the digital age. They face three primary challenges.
To secure your applications, you must first know what services are running and their interdependencies. Just as securing a building requires a blueprint to start, you need a map of all your applications to successfully secure them.
With applications running across multiple infrastructures, the attack surface is growing. It is essential that you rein it in.
Most current static security policies run at the perimeter of the data center network and allow open access within it. This approach is no longer sufficient. Your infrastructure is constantly changing, which means that any static policy becomes obsolete the minute it is implemented.
Shrinking your attack surface now requires a segmentation-based zero-trust model. That means allowing only known and required communication and blocking everything else.
A recent study shows that majority of security vulnerabilities that are exploited are known software vulnerabilities. That is why it is critical to take immediate action to identify and remediate them. The ability to baseline the normal behavior of your data center workloads is important for quickly identifying anomalies or suspicious behavior.
Identify application anomalies in minutes, rather than days or weeks?
Reduce your attack surface by as much as 85 percent?
Automate your zero-trust model and minimize the lateral movement of workloads while reducing human intervention by 70 percent?
Achieve consistent workload protection across on-premises and public cloud data centers?
With the Cisco Tetration™ solution, IT organizations gain consistent workload protection. Using whitelist-based segmentation, behavior baselining and analysis, and detection of common vulnerabilities, you can proactively quarantine affected servers before an incident causes damage. An open policy model secures workloads consistently across bare metal, virtual, and containerized workloads, both on-premises and in the public cloud.
It all happens through a single pane of glass.
With this holistic approach, Cisco Tetration significantly reduces the attack surface, minimizes lateral movement in case of security incidents, and accelerates the identification of anomalies and suspicious behavior. The open policy can be enforced across any vendor’s infrastructure.
With Cisco Tetration, you gain:
Identify application anomalies in minutes by using process behavior deviations.
Shrink your attack surface by up to 85 percent by eliminating known vulnerabilities.
Build a zero-trust model that protects you automatically with a 70 percent reduction in human intervention, and minimize the lateral movement of vulnerable apps by using efficient segmentation.
Achieve consistent workload protection across data centers residing on premises and in private and public clouds.
Cisco Tetration is the only platform that monitors and analyzes both the network and workloads to provide an attribute-driven security policy that is open and scalable.
Cisco Tetration works with Cisco’s security portfolio to offer comprehensive, enterprisewide security. Our security portfolio includes the Firepower® NGFW (Next-Generation FireWall), Advanced Malware Protection (AMP), and Cisco® Stealthwatch® solutions.
Applications are the crown jewels of the data center. They define the business. Their level of complexity is high because modern applications are dynamic and distributed across heterogeneous environments. Cisco Tetration provides holistic workload protection for a multicloud data center with four fundamental layers of security for workloads, no matter the infrastructure.
IT enables application communication control using whitelist policies. Cisco Tetration auto generates the granular whitelist policy and provides the ability to keep the policy up to date as the applications evolve. The whitelist policy addresses the application requirements and accounts for corporate business policies.
Enforce your granular policies to enable consistent application segmentation irrespective of the infrastructure type—whether it is a bare-metal, virtualized, or container environment or if the workload is running in an on-premises data center, public cloud, or private cloud. A single whitelist policy can be orchestrated across workloads (a fine-grained approach), and a coarse-grained implementation can run in the network and perimeter layer.
Baseline your processes, including process hash, running on the servers, and then apply behavior analysis and other statistical models to identify behavior deviations. This approach will allow you to identify issues early on and take necessary remediation steps.
Take an accurate inventory of the software packages and versions installed on the servers and then identify any high-risk vulnerabilities associated with them. From there, define policies around the vulnerable workloads.
Cisco Tetration is an analytics platform that provides a turnkey solution for data center security. It doesn’t require data scientists or other in-house programming expertise for you to deploy and operate it or realize its benefits. Its features are supported independent of the infrastructure you have and where your applications are running.
In the Cisco Tetration platform, we start with collecting rich telemetry from both servers and the network. We use unsupervised machine learning and other algorithmic approaches to baseline the behavior of the workloads and apply statistical models on top. The telemetry data we collect includes metadata from every packet header in every flow within the data center and process-related details from the servers, such as process name, user, process execution details, and process binary hash. The platform correlates the network traffic to the process on a server.
Provide a clear and accurate view of app communications and infrastructure service dependencies. Get detailed insights about which communication is going through Layer 4–7 services, such as load balancers. Identify external entities accessing the application.
Understand the baseline behavior of existing processes to identify anomalies and vulnerabilities.
Search billions of records in less than a second. Collect network data flow information in real time at line rates without any sampling using natural language and visual-based search queries. Find details of known issues and other aberrant behaviors that could go otherwise unnoticed.
Using real-time telemetry data from application components and behavior-analysis algorithms, get an automated whitelist policy for segmentation. Keep track of the behavior changes to keep the policy up to date.
Consistently enforce a highly specific segmentation policy for mission-critical workloads running on bare-metal, virtualized, and containerized servers.
Monitor network traffic for compliance in real time based on whitelist policy and endpoint behavior changes or anomalies. Get clear indicators of noncompliant flows.
Provide deep security at the process and subprocess levels across bare-metal, virtualized, and containerized workloads.
Understand the baseline behavior of installed software packages to identify anomalies and vulnerabilities.
Cisco provides professional and support services ranging from advisory, implementation, and optimization offerings to ongoing solution support so that you get the most value from the Cisco Tetration platform. Cisco Services experts help integrate the platform into your production data center environment, define use cases relevant to your business objectives, tune machine learning, and validate policies and compliance to improve application and operational performance. Cisco Solution Support for Cisco Tetration provides hardware, software, and solution-level support.
Our unique insights and expertise—gained from a rich history of successful deployments—help you:
Identify and address technical and operational readiness for your target use cases
Fine-tune machine learning parameters for faster application dependency and segmentation
Define parameters and bring up clusters with relevant system checks
Accelerate sensor installation support and increase the effectiveness of data collection
Get consultative support and guidance for segmentation and workload protection
Optimize your Cisco Tetration environment with upgrades, system administration, and ongoing operations
We offer a selection of custom and fixed-price, fixed-scope services for Cisco Tetration that help you experience faster time to value, achieve comprehensive adoption in your environment, optimize your policies and application performance, and obtain full solution support.
For more information, read our Cisco Tetration Services At-a-Glance document.