Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account
How to Protect Your Hybrid Workloads

How to Protect Your Hybrid Workloads

Introducing Cisco Tetration security enhancements for multicloud data centers

How do I secure my workloads in a hybrid cloud without sacrificing agility?

Distributed workloads are creating bigger attack surfaces that must be controlled

Applications are the lifeblood of digital business. Modern applications are inherently dynamic and modular. They are also distributed across multiple public clouds and on-premises infrastructure. IT organizations are struggling to secure these modern apps across hybrid cloud environments without giving up the agility they need to compete in the digital age. They face three primary challenges.

  • Growing number of distributed
    applications
  • Expanding attack surface
  • Faster anomaly and vulnerability
    detection

To secure your applications, you must first know what services are running and their interdependencies. Just as securing a building requires a blueprint to start, you need a map of all your applications to successfully secure them.

With applications running across multiple infrastructures, the attack surface is growing. It is essential that you rein it in.

Most current static security policies run at the perimeter of the data center network and allow open access within it. This approach is no longer sufficient. Your infrastructure is constantly changing, which means that any static policy becomes obsolete the minute it is implemented.

Shrinking your attack surface now requires a segmentation-based zero-trust model. That means allowing only known and required communication and blocking everything else.

A recent study shows that majority of security vulnerabilities that are exploited are known software vulnerabilities. That is why it is critical to take immediate action to identify and remediate them. The ability to baseline the normal behavior of your data center workloads is important for quickly identifying anomalies or suspicious behavior.

Any workload, anywhere: Protected

Taking a holistic, full-lifecycle approach to workload security

What if you could…

Identify application anomalies in minutes, rather than days or weeks?

Reduce your attack surface by as much as 85 percent?

Automate your zero-trust model and minimize the lateral movement of workloads while reducing human intervention by 70 percent?

Achieve consistent workload protection across on-premises and public cloud data centers?

Follow a three-pronged security game plan

Automation helps you quickly detect anomalies and vulnerabilities

  • Application
    communication control
    Enable efficient segmentation across your hybrid cloud infrastructure so that:
    • You can have consistent policy enforcement for segmentation
    • Your whitelist policies are kept up to date based on application behavior
    • You can automatically track policy compliance
    • You are alerted of anomalies in app behavior
  • App behavior
    detection
    Identify anomalies faster by using process behavior deviations:
    • Process hash, lineage, attributes
    • File access
    • Privilege escalation
    • Shell-code execution
    • Side channel attacks
    • Raw sockets
  • Vulnerability
    detection
    Reduce your attack surface quickly as you identify common vulnerabilities and exposures by:
    • Baselining installed software packages along with version information
    • Tracking Common Vulnerabilities and Exposures (CVEs) associated with the installed software packages
    • Identifying the criticality of the vulnerability
    • Taking action to restrict access or quarantine workloads

Cisco Tetration hybrid cloud workload protection

Full lifecycle security for any workload, anywhere, at scale

With the Cisco Tetration™ solution, IT organizations gain consistent workload protection. Using whitelist-based segmentation, behavior baselining and analysis, and detection of common vulnerabilities, you can proactively quarantine affected servers before an incident causes damage. An open policy model secures workloads consistently across bare metal, virtual, and containerized workloads, both on-premises and in the public cloud.

It all happens through a single pane of glass.

With this holistic approach, Cisco Tetration significantly reduces the attack surface, minimizes lateral movement in case of security incidents, and accelerates the identification of anomalies and suspicious behavior. The open policy can be enforced across any vendor’s infrastructure.

With Cisco Tetration, you gain:

  • Anomaly
    detection

    Identify application anomalies in minutes by using process behavior deviations.

  • Reduced attack
    surface

    Shrink your attack surface by up to 85 percent by eliminating known vulnerabilities.

  • Automated zero-trust
    security

    Build a zero-trust model that protects you automatically with a 70 percent reduction in human intervention, and minimize the lateral movement of vulnerable apps by using efficient segmentation.

  • Consistent protection

    Achieve consistent workload protection across data centers residing on premises and in private and public clouds.

Cisco’s differentiation

Cisco Tetration is the only platform that monitors and analyzes both the network and workloads to provide an attribute-driven security policy that is open and scalable.

  • We monitor all communication to and from workloads (every packet, every flow) and analyze them in real time to automate application segmentation policy.
  • We enforce tens of millions of whitelist policy entries across thousands of applications in a multicloud data center.
  • We retain network and workload information long term and use it to conduct detailed forensics.

Cisco Tetration works with Cisco’s security portfolio to offer comprehensive, enterprisewide security. Our security portfolio includes the Firepower® NGFW (Next-Generation FireWall), Advanced Malware Protection (AMP), and Cisco® Stealthwatch® solutions.

4-layer security for cross-cloud workloads

Holistic and infrastructure-agnostic protection

Applications are the crown jewels of the data center. They define the business. Their level of complexity is high because modern applications are dynamic and distributed across heterogeneous environments. Cisco Tetration provides holistic workload protection for a multicloud data center with four fundamental layers of security for workloads, no matter the infrastructure.

Collaborate across multiple group
  • Communication control using whitelisting
  • Application segmentation
  • Process behavior analysis and baselining
  • Software inventory baseline and vulnerability detection

IT enables application communication control using whitelist policies. Cisco Tetration auto generates the granular whitelist policy and provides the ability to keep the policy up to date as the applications evolve. The whitelist policy addresses the application requirements and accounts for corporate business policies.

Enforce your granular policies to enable consistent application segmentation irrespective of the infrastructure type—whether it is a bare-metal, virtualized, or container environment or if the workload is running in an on-premises data center, public cloud, or private cloud. A single whitelist policy can be orchestrated across workloads (a fine-grained approach), and a coarse-grained implementation can run in the network and perimeter layer.

Baseline your processes, including process hash, running on the servers, and then apply behavior analysis and other statistical models to identify behavior deviations. This approach will allow you to identify issues early on and take necessary remediation steps.

Take an accurate inventory of the software packages and versions installed on the servers and then identify any high-risk vulnerabilities associated with them. From there, define policies around the vulnerable workloads.

Telemetry and analytics with a dash of machine learning

Your turnkey solution for data center security

Cisco Tetration is an analytics platform that provides a turnkey solution for data center security. It doesn’t require data scientists or other in-house programming expertise for you to deploy and operate it or realize its benefits. Its features are supported independent of the infrastructure you have and where your applications are running.

Advanced security

  • Process security
  • Software vulnerability detection

Segmentation

  • Whitelist policy
  • Application segmentation
  • Policy compliance

Insights

  • Visibility and forensics
  • Process inventory
  • Application insight

In the Cisco Tetration platform, we start with collecting rich telemetry from both servers and the network. We use unsupervised machine learning and other algorithmic approaches to baseline the behavior of the workloads and apply statistical models on top. The telemetry data we collect includes metadata from every packet header in every flow within the data center and process-related details from the servers, such as process name, user, process execution details, and process binary hash. The platform correlates the network traffic to the process on a server.

  • Application insights

    Provide a clear and accurate view of app communications and infrastructure service dependencies. Get detailed insights about which communication is going through Layer 4–7 services, such as load balancers. Identify external entities accessing the application.

  • Process inventory

    Understand the baseline behavior of existing processes to identify anomalies and vulnerabilities.

  • Visibility and forensics

    Search billions of records in less than a second. Collect network data flow information in real time at line rates without any sampling using natural language and visual-based search queries. Find details of known issues and other aberrant behaviors that could go otherwise unnoticed.

  • Whitelist policy

    Using real-time telemetry data from application components and behavior-analysis algorithms, get an automated whitelist policy for segmentation. Keep track of the behavior changes to keep the policy up to date.

  • Application segmentation

    Consistently enforce a highly specific segmentation policy for mission-critical workloads running on bare-metal, virtualized, and containerized servers.

  • Policy compliance

    Monitor network traffic for compliance in real time based on whitelist policy and endpoint behavior changes or anomalies. Get clear indicators of noncompliant flows.

  • Process security

    Provide deep security at the process and subprocess levels across bare-metal, virtualized, and containerized workloads.

  • Software inventory baseline

    Understand the baseline behavior of installed software packages to identify anomalies and vulnerabilities.

For more information

Expert guidance and deployment

Analysis and recommendations for seamless installation

Cisco provides professional and support services ranging from advisory, implementation, and optimization offerings to ongoing solution support so that you get the most value from the Cisco Tetration platform. Cisco Services experts help integrate the platform into your production data center environment, define use cases relevant to your business objectives, tune machine learning, and validate policies and compliance to improve application and operational performance. Cisco Solution Support for Cisco Tetration provides hardware, software, and solution-level support.

Our unique insights and expertise—gained from a rich history of successful deployments—help you:

  • Identify and address technical and operational readiness for your target use cases

  • Fine-tune machine learning parameters for faster application dependency and segmentation

  • Define parameters and bring up clusters with relevant system checks

  • Accelerate sensor installation support and increase the effectiveness of data collection

  • Get consultative support and guidance for segmentation and workload protection

  • Optimize your Cisco Tetration environment with upgrades, system administration, and ongoing operations

We offer a selection of custom and fixed-price, fixed-scope services for Cisco Tetration that help you experience faster time to value, achieve comprehensive adoption in your environment, optimize your policies and application performance, and obtain full solution support.

For more information, read our Cisco Tetration Services At-a-Glance document.

banner

Explore Cisco Tetration

banner