« back to news

Cloud Workload Protection with Cisco Tetration 3.3 v1 – In-depth Demo

Date
February 2020

This demo is now available on dCloud for Cisco, Partner and Customers in the US East, EMEA and APJ locations (previously only available in US West.)

The Cisco Tetration platform offers effective workload protection for multicloud data centers by containing the lateral movement, proactively identifying workload behaviour anomalies, and reducing the attack surface. This lab provides an introduction to see this in action:

Scalable policy enforcement to enable microsegmentation
Learn now Cisco Tetration microsegmentation allows network administrators to implement a secure, zero-trust model using an autogenerated application-whitelist policy. It normalizes this policy based on the priority and hierarchy before enforcing it. When policy enforcement is enabled for an application, software sensors carry it out using native operating system capabilities such as ipsets and iptables, in the case of Linux servers, and the Windows advanced firewall, in the case of Microsoft Windows servers. This approach delivers a stateful and consistent segmentation across multicloud data centers at scale. See how you can enable microsegmentation policies, at your own pace, independently of workload location and infrastructure.

Software vulnerability detection
Cisco Tetration platform discovers the installed software packages, package version, patch level, etc. The platform includes 19 years’ worth of Common Vulnerability and Exposures(CVE) database. Using this information, Tetration checks whether any of the software packages have known information-security vulnerabilities listed in the Common Vulnerabilities and Exposures (CVE) database. When such a vulnerability is detected, complete details—including the severity and impact score—are included, and all the servers with the same version of the package installed for patching and planning purposes can quickly be identified. See how Tetration makes an ongoing assessment of your risks, and can implement micro-segmentation rules automatically protecting your environment.

Workload behaviour baseline and anomaly detection
Cisco Tetration collects and baselines the process details running on each of the servers, including process ID, process parameters, the associated user, process start time, and process hash (signature) information. It provides a tree view snapshot of all the processes running on a server. Users can search for servers running specific processes or for process hash information. Cisco Tetration also has algorithms available based on MITRE techniques and tactics to track behaviour pattern changes and match those to malware behaviour patterns. See how Cisco Tetration raises security events for such behavior deviations. Security operations teams can customize those events, their severity, and associated actions using simple-to-define rules. In this way, security operations can quickly identify indicators of compromise and take remediation steps to minimize the impact.

To achieve these capabilities, Cisco Tetration uses software sensors on servers (virtual machines or bare metal), hardware sensors (embedded in the switch’s Application-Specific Integrated Circuit [ASIC]), and Encapsulated Remote Switched Port Analyzer (ERSPAN) sensors to collect telemetry data. Cisco Tetration then uses modern technologies such as unsupervised machine learning, behavior analysis, etc., to support the functions. Overall, the Cisco Tetration application segmentation approach reduces the attack surface within the data center and increases the efficiency of data center operations.

Scenarios

  • Scenario 1. Application Microsegmentation
  • Scenario 2. Software vulnerability detection
  • Scenario 3. Workload behaviour

Resources

Schedule a demo: Cloud Workload Protection with Cisco Tetration 3.3 v1 – In-depth Demo

Visit the Cisco dCloud Help page for more information and training materials

To view all available Cisco dCloud demos, visit dcloud.cisco.com 

Talk about it on the dCloud Community Cloud Workload Protection with Cisco Tetration 3.3 v1 – In-depth Demo