Companies operating in hybrid environments need IT solutions capable of ensuring the uniform application of security policies in on-premises infrastructures and in multi-Cloud environments. The approach recommended by Datanet Systems is to integrate Cisco Secure Workload and Cisco Secure Firewall, applications that provide extended visibility and enhanced protection by automating detection and remediation.
In 2021, 92% of companies adopted a multi-Cloud strategy, with 82% opting for a hybrid approach. At the same time, by 2022, 90% of organizations estimate that the level of internal use of services and infrastructures delivered as-a-Service will increase. (*)
In terms of IT security, however, not all companies are able to keep up with the rapid pace of Cloud services adoption. There are still quite a few organizations in the early stages of adoption, that are trying to adapt traditional perimeter security solutions to ensure the protection of workloads in the Cloud, and thus make profitable the investments already made. However, it is true that there are many companies that have passed this stage and understood that they need dedicated protection solutions, becoming unconditional “Cloud-native” followers. However, the use of specific security solutions in the Cloud, while improving the level of protection, creates more independent security architectures, which are difficult to manage and that increase the operational effort in the area of integration and coherent policy implementation.
The solution proposed by Datanet specialists’ to overcome these challenges is to integrate Cisco network security solutions – from the Secure Firewall products (that includes the FirePower product family, ASA and Secure ISA equipment, but also virtual solutions for private and public cloud environments) – with a product dedicated to the control and monitoring of applications and workloads, respectively Cisco Secure Workload (the new name of Cisco Tetration).
Benefits of integrating Cisco Secure Workload and Secure Firewall
By integrating the two Cisco solutions’ categories, companies benefit from a higher level of security than obtained through their separate use, the main gains being:
- Extended visibility. Secure Workload ensures a continuous detection and monitoring of workloads, as well as the identification of interdependencies between them – on-premises infrastructures and Cloud environments -, enabling companies to have real-time access to each application’s profile and communication patterns. Secure Firewall, in turn, provides contextual information and visibility into encrypted traffic (Cisco solutions include support for HTTP / 2 and TLS 1.3), as well as access to advanced analytics capabilities. Additionally, visibility is enhanced by the inclusion of the Open Source Snort 3 engine, which increases the efficiency of detection processes.
- Improved protection. New generations of threats use elaborate methods of concealing and circumventing security measures, which are especially successful when protection solutions act in isolation and compromise indicators are not accompanied by relevant contextual information. Secure Firewall integration with Secure Workload provides full visibility into incoming and outgoing (North-South) traffic, as well as lateral (East-West) movements of potential threats. In addition, each security product includes a SecureX subscription, which can be activated to improve the level of threat detection and centralized management.
- Automation and increased reaction speed. In the context of the constantly increased number of threats, applications, and cloud services used, automation is a critical condition for improving response speed in detecting and fixing security events and reducing operational effort. To do this, Secure Workload automatically sends segmentation policies to secure workloads to Secure Firewall. Thus, the firewall rules are constantly updated according to the changes in the workloads, ensuring their protection in a dynamic way and the consistent application of security policies in different environments – physical servers, virtual machines, containers, microservices, etc.
- Integrated management and uniform application of security policies. In heterogeneous security architectures, where several non-integrated security solutions are used, policies are applied inconsistently, often leading to conflict-generating situations. By integrating Secure Workload with Secure Firewall, companies can verify that policies are correctly defined, work efficiently, and deliver the desired results. To define them as efficiently as possible, Secure Workload automatically identifies and associates all workloads and workflows with applications, adding contextual information provided by Secure Firewall. Cisco Secure Firewall, in turn, uses the telemetry data provided by Secure Workload to verify – before the policies are actually implemented – that the new rules applied to the firewall do not generate conflicts or security breaches.
Components of the integrated security architecture
The two Cisco solutions work in addition to covering a wide range of work scenarios. Secure Workload is an agent-based solution, while Secure Firewall is network-based. Thus, by integrating them, Cisco solutions can be used to protect workloads and terminal equipment that do not allow the installation of a dedicated agent for various reasons. (For example, when workloads are run on older operating systems that do not support the installation of agents.) Additionally, the network can function as a tool for validating security control and monitoring solutions, with telemetry data being used to check and complete the clues collected from the final equipment.
Datanet’s recommended Cisco integrated security approach components are:
- Cisco Secure Workload – that provides visibility and facilitates the definition and application of micro-segmentation policies, centrally, from a secure interface. Through Secure Workload, policies are simulated to validate their correctness, optimized to match workloads and firewalls in the security architecture, and then pushed to application/workload level (via Secure Agents Workload) and network (via Secure Firewall Management Center).
- Firewall Management Center (FMC) – that mediates the connection between Secure Workload and Secure Firewall and receives updates with new policy sets to apply. FMC acts as a dynamic component, enabling security architecture to respond to changes in workloads in production environments through policy micro-adjustments, which are made through the flow of updates sent by Secure Workload.
But integration works both ways. For example, when a computer running an infected application launches an attack on the network, Cisco Secure Firewall blocks the attack, and FMC generates an event report. The attack also activates the FMC fix that requires the Secure Workload API to quarantine infected equipment. In turn, Secure Workload blocks the workload of the infected application by sending a quarantine request to the agent installed on the compromised equipment, so that no more traffic is allowed.
- Cisco Secure Firewall – that integrates advanced security features, including packet data inspection, encrypted traffic, and dynamic file analysis. Cisco Secure Firewall Threat Defense (FTD) is available both as physical equipment and as a virtual machine or container, and can be installed in on-premises or cloud environments (private or public).
Cisco is the only manufacturer that integrates firewall and micro-segmentation capabilities, ensuring workload visibility and control regardless of the environment in which the applications run. In addition, Cisco Secure Firewall can integrate with third-party solutions using the AlgoSec solution for automating policy management and resolving compatibility issues.
By integrating Secure Workload and Secure Firewall solutions, companies benefit from a security architecture capable of quickly detecting advanced threats. Cisco solutions work seamlessly, providing robust workload protection regardless of the environment in which it runs, and simplifying security operations through automation.
For more technical and business information about Cisco Secure Workload and Secure Firewall solutions, and the services provided by the company, please contact us at email@example.com.
* According to Flexera – 2021 State of the Cloud Report