More and more organizations that have invested in accelerating the digital transformation process are currently facing a common challenge: securing the infrastructure without compromising agility. However, the approach is becoming increasingly complicated due to the continuous adoption of new virtualization and containerization technologies, the work environments’ distributed generalization, and the increased mobility of workloads.
All these technological developments, most definitely necessary and useful, also generate an increase in the attack surface, which “classic” security solutions fail to effectively manage. Today data centers’ “perimeter” no longer includes only the Data Center itself, but also Cloud environments and partners’ small-size centers. On the other hand, workloads are becoming more and more heterogeneous, because, in addition to bare-metal servers and virtual machines, containers and micro-services are increasingly present on the scene, which is managed and operated with completely different technologies than traditional.
Additionally, applications are becoming more dynamic, as updates and changes occur more frequently, and the ability to scale Cloud is at a high price these days.
On top of all these, it is added the constant emergence of new attack vectors, as well as the rapid increase in the level of exposure through the adoption of mobility and the migration of workloads to multi-cloud environments. In addition, the ever-faster development of applications leads to favoring the emergence of vulnerabilities. For all these reasons, organizations that operate their own data centers confront with more and more frequent problems such as:
- The inability to monitor and control how applications behave and identify all their dependencies;
- The impossibility of real-time detection of abnormal behavior of applications;
- Low ability to perform compliance audits and security reviews in a timely manner.
Secure Workload, Cisco’s secret weapon
These challenges represent real problems, increasingly becoming common to many organizations, and for which Cisco has designed a dedicated solution – Secure Workload (the new name of Cisco Tetration). In order to respond to all this accumulation of common needs, Secure Workload uses modern technologies, such as Machine Learning mechanisms, application behavior analysis systems, intelligent algorithms, etc., coherently integrated and with the help of which it delivers:
- Extended visibility in real-time on all data flows within the Data Center;
- A 360º perspective on any application running in the data center, its dependencies, and behavior;
- Coherent management of the lifecycle of policies based on “White lists” to support the current infrastructure of the data center;
- The possibility of offering higher protection to applications, by reducing the attack surface, without affecting their scalability and flexibility, via segmentations based on business processes.
Cisco Secure Workload is a security platform designed to secure workloads running both on-premises data centers and multi-Cloud environments, whether they are virtual machines, bare-metal servers, or containers. An important competitive advantage of the Cisco solution is that it can work in any on-premises infrastructure and public Cloud environment, using software agents that run on the workload’s operating system. Agents collect an extremely large range of telemetry information, which includes data about applications, traffic flows, processes, operating system kernel versions, installed software packages, etc.
Work scenarios assured by Cisco Secure Workload
The Cisco solution ensures workload protection through three main methods: limiting lateral movements, proactively detecting anomalous application behaviors, and reducing the attack surface, as follows:
-
Limitation of lateral movements – Cisco Secure Workload enables security teams to implement a Zero Trust model for workloads using micro-segmentation. The Cisco solution automates the policy generation process for micro-segmentation using unsupervised machine learning mechanisms as well as near-real-time application behavior analysis. Policies, ranked by priority level, are enforced through firewalls. It’s an approach that provides application-level segmentation that applies to both on-premises data centers and multi-cloud environments and enables organizations to quickly detect and limit lateral movement in the event of security incidents.
In addition, in virtualized and containerized environments, the Cisco solution allows the established segmentation policy to move with the workload, thus ensuring increased mobility of applications without the need to define a new policy specific to the infrastructure in which they run. And as application dependencies and communication patterns between them evolve, Cisco Secure Workload ensures segmentation policies are automatically updated
- Detection of abnormal applications’ behavior: In data centers, workloads serve a specific activity or functionality, therefore their evolution can be monitored using a database of behavior patterns. Cisco Secure Workload monitors process and communication activities within workloads to detect anomalous behaviors signaled by:
-
- Privilege escalations
- Shell code execution
- Techniques and tactics identified through the MITER framework
- Attacks through secondarychannels.
By using data that Cisco solution collects, aggregates, correlates, and analyzes in near real-time, security managers can quickly identify indicators of compromise and proactively take remedial measures to minimize the impact of events.
-
- Reducing the attack surface: One of the main risk factors in data centers is the vulnerabilities associated with software packages, operating system versions and ports, and processes that run in this environment. Secure Workload identifies in real-time the complete inventory of all software packages installed on workloads and provides the ability to detect vulnerabilities and issues associated with them. The Cisco solution also delivers actionable security insights that IT managers can use to define automated policies to quarantine workloads and/or restrict communication between them when certain vulnerabilities are detected. In addition, Secure Workload also detects all open ports associated with certain processes but are not in use and delivers concrete information that helps administrators determine which port can be safely closed to reduce the attack surface.
Tangible benefits delivered by Cisco solution
- Applying a Zero Trust model to workloads through micro-segmentation usage, which enables the automation of policy enforcement across local, public, and private Clouds, as well as near-real-time policy compliance tracking and policy updates.
- Increased operational efficiency by eliminating manual segmentation operations, defining policies based on users and user groups, and creating consistent application rules that can be verified (by simulation) before they are applied. Additionally, the Cisco solution provides real-time traffic monitoring for policy compliance, dependency discovery, and application mapping, with the ability to rapidly analyze tens of billions of traffic data.
- Improved security and compliance levels by proactively detecting and remediating security risks using workload behavior analysis and associated processes. Secure Workload automatically detects abnormal behavior and indicators of compromise (IoC) and provides real-time tracking of application policy compliance through integration with SIEM and firewall systems.
- Increasing organizational effectiveness, by expanding visibility and control over applications, processing environments (Data-Centers on-premises and multi-Cloud) and users. On the other hand, Secure Workload can serve as the basis for developing a Zero Trust approach that can be extended throughout the organization.
How Datanet Systems can help you
Cisco Secure Workload is a security solution specifically designed to meet the current needs of organizations operating in hybrid environments that integrate on-premises data centers and multi-Cloud services. As a unified platform, the Cisco solution helps IT teams effectively collaborate and integrate with a broad ecosystem of partner solutions that enable an increased value of the data center IT environment. To provide a high level of flexibility, Cisco Secure Workload is available in both on-premises and Cloud versions.
Datanet can help you choose, implement, and customize the right version for your needs so that you can fully benefit from all the mentioned competitive advantages. We have the largest team of certified Cisco specialists in Romania, as well as a solid experience in security projects, and Datanet’s service offering is designed to help you quickly gain benefits, leveraging Cisco products and solutions at every stage of the lifecycle life. At the same time, the system integrator capabilities, as well as multi-vendor skills, allow us to ensure the integration of the Cisco solution with the other security applications in your company’s infrastructure, thus facilitating the return on existing investments, as well as the realization of advanced customizations, to respond as more efficient to specific needs.
For more technical and commercial information about the Cisco Secure Workload solution, as well as about the services delivered by the company, contact us at sales@datanets.ro.
At the same time, for more details about how Cisco Secure Workload works, as well as about the advantages of integration with firewall systems, we invite you to read the materials previously created by Datanet specialists:
- CISCO TETRATION SECURES ON-PREMISES AND CLOUD DATA CENTER INFRASTRUCTURES
- CISCO SECURE WORKLOAD AND SECURE FIREWALL – INTEGRATION FOR ADVANCED PROTECTION IN HYBRID ENVIRONMENTS