Your data center is a primary resource for your organization. It can be a balancing act ensuring agility and operational efficiencies while keeping your data center secure and protecting your valuable assets. Modern data centers are becoming increasingly more complex, requiring organizations to take new a new approach to keeping them secure. Traditional packet-based network protection focuses on the edge or perimeter – we set up castle walls but generally consider that which is inside the walls as “trusted.” This type of policy is generally static in nature and insufficient to protect from modern threats or threats from within the walls. The moment a policy is committed, it is immediately obsolete due to the monolithic nature of ACLs at OSI Layers 2 through 4.
Next-Gen firewalls and security appliances improve upon traditional network protection by incorporating malware detection and blocking, anti-virus protection, and reputation scoring based upon rapidly updating subscription-based feeds to various manufacturer back-end security analytics services such as Cisco Talos. These supped up security appliances do an effective job of stopping dynamic traffic trying to leave the network that would be considered malicious and prevent malicious packet-based communications from communicating inbound from the outside of the perimeter walls. Essentially, Next-Gen firewalls include a bit of hearsay learned from reliable sources to stop the sketchy looking traffic from coming in or leaving the castle wall perimeter.
However, according to Cisco, most vulnerabilities inherent on the interior “trusted” segment of the network come from known vulnerabilities that reside within the deployed software ecosystem. These vulnerabilities originate not at the IP layer where ACLs, and other packet analysis engines have much if any visibility but instead deep within the application layer of the network in the form of application packages, services, and the individually distinct code components that make up many of the applications we use on a daily basis. Think about Apache Struts and the exploited vulnerability that negatively impacted so many of us. The network is used as a means to access this vulnerability and extract information but the critical chink in the armor is the application itself. This world is where Cisco Tetration shines.
Enabling Zero-Trust Operations
Cisco describes the Tetration product as “holistic workload protection for multi-cloud data centers by enabling a zero-trust model using segmentation.”
Huh? How about we break that down to common English…
In a nutshell, Tetration provides visibility and consistent policy enforcement to the applications, application packages, and services in operation within a range of deployment options from a single premise-based data-center to a distributed data-center spanning multiple public and private clouds. This is significant because unlike the security strategies already discussed, Tetration is not focused on IP or packet-based inspection and policy enforcement but instead, it looks directly at the software interactions occurring within a data center. Let’s explore some of the key elements of the platform.
How Tetration Works
Foremost, Cisco Tetration provides unparalleled visibility to the applications, application packages, system processes, and lines of communication between systems and services. Once Tetration has a picture of its environment it begins modeling the communications between systems, services, and processes and uses this information to derive a visual mapping which allows we mere humans a clear understanding of which processes are communicating between systems. Put another way, Tetration provides an application layer dependency map which visually draw lines of communication between applications being processed across a dynamic data center fabric. The dependency mapping can be highly useful when you consider the semantics of datacenter migrations, mergers, or the elastic requirements of a Cloud based or SDN solution.
Once Tetration has baselined the network and knows what’s out there and who’s talking with whom, it can provide some even more impactful functions such as providing vulnerability visibility based on published CVEs. Using our Apache Struts example again, Tetration will be able to identify exactly which application servers have a vulnerable version of Struts installed so administrators can take targeted remedial action more rapidly. Struts can even be blocked from communicating based upon a policy that is either manually built or automated by the Tetration machine learning engine.
Tetration also baselines the lines of communication between systems, services, and processes and continuously monitors them for Indications of Compromise (IOC) and anomalies such as: Escalation of privilege events, side channel attacks, and confidential file access to name a few. Additionally, Tetration monitors each process it discovers by creating a hash value during engine baselining. Once the hash values are derived, they can be looked up against a database maintained by Virus Totals and flagged if any trigger an IOC. Should anything within Tetration’s scope of visibility present an IOC, policy compliance alerts begin notifying administrators that attention is required.
Using the mapping and communications baseline information, Tetration builds a perspective of all lines of communication between systems and processes. Taking this information, the built-in machine learning engine derives a baseline “whitelist” policy which explicitly permits “normal” traffic between systems. This is powerful as it provides for narrow segmentation and a reduction of attack surface between servers, systems, and processes. Even more powerfully, Tetration allows for this segmentation to occur across data centers and platforms, regardless of their locale. As a relatable example, Tetration allows administrators to use human language to define policies that ascribe to PCI, HIPPA, and other compliance bodies and alert on events that violate within minutes.
All of these things make Tetration a breakout player within the data center security space on its own. However, the story gets better when you consider that Tetration uses back-end security analytics data provided by Cisco Talos. This means that if you pair Tetration up with other elements within Cisco’s security portfolio, you get a very powerful, multi-layered, enterprise-class security plane that spans from outside of your network edge (Cisco Umbrella), all the way down to a single process operating on a server within your walls and everywhere in-between.
Tetration – Not Just for Large Enterprises Anymore
Until recently, Tetration didn’t make sense from a cost perspective for data centers with fewer than 5000 workloads and required a significant investment in hardware. Cisco recently expanded its offerings to make this technology more approachable with the introduction of Tetration-V and Tetration-SaaS. Tetration-V is great for those that want to protect between 100-1000 servers and still want or need to invest in or provide existing hardware to support the system. If, however, yours is a more operationalized model, Tetration-SaaS is a new offering from Cisco that allows businesses to leverage Tetration without the capital expense of dealing with hardware to run the platform upon. The SaaS model scales up to 25,000 workloads and really begins to make sense for those with workloads beyond 100. This SaaS offering brings Tetration out of the clouds and makes it approachable for most businesses and data center operators.
If you are a data center administrator, compliance officer, or cyber-security analyst, you should consider adopting Cisco Tetration to get the pervasive, real-time network visibility that will enable you to make informed decisions for troubleshooting and remediating issues with agility and at scale. Cerium can help you determine whether Tetration makes sense for your organization. Cerium’s Cisco Gold Certification places us in the top echelon of Cisco technology advisers with a highly certified and credentialed staff of deployment experts. We are proud of a strategic partnership with Cisco that spans nearly two decades. Contact Cerium to learn more about how Tetration can address your data center operational and security challenges.