There’s always an inherent challenge between providing a secure infrastructure for your applications and delivering agility. How do you manage a complex web – where apps are dynamic and distributed across your own data center and the cloud – and keep security at the front of your priorities?
Increasingly, organizations are saying goodbye to perimeter-based security and focusing on protecting their application workloads wherever these are deployed. At Cisco, we’re leading the path with Tetration to offer full cycle workload protection for any vendor’s infrastructure in any data center and across any cloud – delivering on the promise of a Zero-Trust security model. Importantly, we deliver the value – while not intruding on the application – as a benevolent, watchful, and discrete guardian of policy.
How is Tetration’s approach to workload protection unique?
Enforcing policies – also known as segmentation or micro-segmentation – is just one of the steps to get to a Zero-Trust model. First, you need to know what policies you want to enforce. With Tetration, we observe thousands or tens of thousands of your applications and how they behave. We do this not only through the lens of their network communication, but also – and this is new! – through the lens of what they do locally in their operating systems: process activity, memory usage patterns, file accesses, privilege escalations, container level granularity, all of which are invisible through the network lens alone.
From that unparalleled level of visibility and high-resolution, we learn what your policies should be using data-driven algorithms.
Any static approach is costly, error-prone, and obsolete the minute it’s completed since your infrastructure is constantly changing. In fact, it might be downright impossible to accurately state policy the static way when dealing with thousands or tens of thousands of workloads, especially when these come in varieties – such as container-based, virtual machine-based, or bare metal-based, not to mention cloud-based.
Gathering the level of detail and processing in real-time across dozens of dimensions – and for each workload – is no small task.
We’ve designed Tetration to deliver at scale, capturing granular packet-based and process-level telemetry – hundreds of signals per workload. In addition, Tetration offers long-term retention of your data – enabling simulation of new policy on old traffic for effectiveness and avoidance of collateral damage, as well as real-time forensics and auditing, plus compliance validation. These unique elements of policy management, combined with machine-learned generation and enforcement of policy via segmentation, are needed to deliver a truly effective policy lifecycle.
Armed with your white-list policies and a wealth of telemetry, looking at tens of millions of data across thousands of applications … down to the packet, Tetration enforces those policies.
Tetration examines behavior-based application anomalies, known vulnerabilities from CVEs (Common Vulnerabilities and Exposures), unexpected binary image hash values, as well as suspicious behavior and communication patterns.
And to close the cycle, Tetration gives users the ability to remediate any attack, such as quarantining server(s) when vulnerabilities are detected and blocking communication or privileges when policy violations occur, notably to prevent “lateral movement” and further spread of threats.
We’re excited to roll out these new workload protection features for Tetration, further helping our customers:
- Identify application anomalies in minutes by using process behavior dynamic baselining and detecting and flagging deviations
- Reduce the attack surface up to 85% by eliminating identified vulnerabilities
- Through automation, realize a 70% reduction in human intervention to enable a zero-trust model
- Minimize lateral movement of threats by using efficient application segmentation
- Achieve consistent workload protection for on-premises and public cloud data centers
To learn more about what’s inside Tetration and our new workload protection features, visit The Goldilocks Zone: Cloud Workload Protection, an Introduction by Navindra Yadav, head of the Tetration Engineering team.
To find out more about getting started, read A Recipe to Keep Your Hybrid Workloads Safe by Yogesh Kaushik, head of Tetration Product Management.