The Why, What, and How of Cisco Tetration

Similar documents
Self-driving Datacenter: Analytics

Cisco Tetration Analytics

Cisco Cloud Application Centric Infrastructure

Cisco Tetration Analytics

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Architectural overview Turbonomic accesses Cisco Tetration Analytics data through Representational State Transfer (REST) APIs. It uses telemetry data

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

Cisco Tetration Platform: Network Performance Monitoring and Diagnostics

Title DC Automation: It s a MARVEL!

Cisco Tetration Platform

Cisco Tetration Analytics

Tetration Hands-on Lab from Deployment to Operations Support

Cisco Tetration Platform

PSOACI Tetration Overview. Mike Herbert

Cisco SAN Analytics and SAN Telemetry Streaming

SYMANTEC DATA CENTER SECURITY

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Accelerate Your Enterprise Private Cloud Initiative

Closing the Hybrid Cloud Security Gap with Cavirin

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Addressing Network Performance Monitoring Requirements in Hybrid Cloud Environments

The threat landscape is constantly

Trends and Challenges We now live in a data-driven economy A recent Gartner report discussing NetOps 2.0 stated, NetOps teams must embrace practices a

Cisco Tetration Application Segmentation

2018 Cisco and/or its affiliates. All rights reserved.

Cisco Application Centric Infrastructure

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Network Visibility and Segmentation

MODERNIZE YOUR DATA CENTER. With Cisco Nexus Switches

Unlock the Power of Data

Cisco Unified Computing System Delivering on Cisco's Unified Computing Vision

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Cisco Unified Data Center Strategy

Cisco Tetration Analytics, Release , Release Notes

Popular SIEM vs aisiem

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Solution Overview Gigamon Visibility Platform for AWS

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Transforming the Cisco WAN with Network Intelligence

Solution White Paper Using the Power of Artificial Intelligence to Monitor Today s Multi-Cloud Networks

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

SIEMLESS THREAT DETECTION FOR AWS

F5 Reference Architecture for Cisco ACI

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

by Cisco Intercloud Fabric and the Cisco

Five Reasons Why You Should Choose Cisco MDS 9000 Family Directors Cisco and/or its affiliates. All rights reserved.

Intelligent Edge Protection

Compare Security Analytics Solutions

Cisco Crosswork Network Automation

Best Practices in Securing a Multicloud World

HPE IT Operations Management (ITOM) Thought Leadership Series

CenturyLink for Microsoft

Cisco Software-Defined Access

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

BUILDING the VIRtUAL enterprise

The Intent based Data Center. Kim In-Sook Manager, ASEAN Data Center Architect Team Jan 11, 2018

Cisco CloudCenter Solution Use Case: Application Migration and Management

AKAMAI CLOUD SECURITY SOLUTIONS

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SIEMLESS THREAT MANAGEMENT

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

A10 HARMONY CONTROLLER

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

AWS Reference Design Document

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

Cisco DNA Center FAQ

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Product Brief GigaVUE-VM

SIEM: Five Requirements that Solve the Bigger Business Issues

Qualys Cloud Platform

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

CLOUD WORKLOAD SECURITY

vrealize Introducing VMware vrealize Suite Purpose Built for the Hybrid Cloud

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Supporting the Cloud Transformation of Agencies across the Public Sector

Cisco Tetration Analytics + Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Cisco IT Tetration Deployment, Part 1 of 2

Cisco Data Center Network Manager 5.1

Cisco Start. IT solutions designed to propel your business

Transition Your Windows Server 2003 Infrastructure to a Modern Cisco and Microsoft Solution

SEVONE DATA APPLIANCE FOR EUE

Delivering Complex Enterprise Applications via Hybrid Clouds

Cisco Application Centric Infrastructure

REDUCE TCO AND IMPROVE BUSINESS AND OPERATIONAL EFFICIENCY

Powerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations

Securing Your Digital Transformation

McAfee epolicy Orchestrator

Application Performance Troubleshooting

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Data Center and Cloud Automation

SEVONE END USER EXPERIENCE

Transcription:

The Why, What, and How of Cisco Tetration Why Cisco Tetration? With the above trends as a backdrop, Cisco has seen specific changes within the multicloud data center. Infrastructure is changing. It is now common for an enterprise to have not only a data center or two (or more) but also many remote locations with server assets, as well as one or more cloud infrastructure partners. The data center perimeter today contains the data center, remote mini data centers, and cloud infrastructure partners. Application development is changing. Today s applications are dynamic, using heterogeneous virtualization, containerization, micro-services, and workload mobility technologies, with communication patterns between application components constantly changing. Traffic patterns are changing. Now, 76 percent of data center traffic is east-west, a fundamental change from traffic patterns in the past. In addition, data center fabrics are being built at Nx100Gbps to support these traffic volumes. These changes are opening up new attack vectors. When an enterprise s perimeter expands to encompass public cloud providers, the attack surface also changes. With more rapid application development occurring in more places, more often, there are more software vulnerabilities. As traffic shifted inside to east/west, where there is little to no segmentation, malicious code can now roam freely inside the trusted intranet. Recent years have seen a relentless pace of change and digital acceleration across industry verticals. Some trends include: Business trends: High-performing application/infrastructure and security integrity are top of mind for CXOs due to their growing online presence. People and process trends: Teams are asked to work together efficiently to support and meet service levels for the business, giving rise to the terms DevOps, DevSecOps, and NetDevOps. Technology trends: As infrastructure and applications become increasingly critical to the business, new requirements for visibility, security, workload protection, and service operations in this complex (virtualized, multigigabit, containerized, multicloud, etc.) environment have emerged.

Planning and design Planning and design for infrastructure and application migration, consolidation, or expansion Planning and design for disaster recovery and business continuity projects Hybrid-cloud cost Performance and capacity management Implementation Implementation of Software Defined Networking (SDN) Model and test policy before implementation validate and simulate policy in real time or against historical data Zero-trust and application micro-segmentation deployment Implementation of consistent application security policy for cloud and infrastructure migration Operations and optimization Pervasive visibility in the multi-cloud datacenter Asset and inventory discovery Reduced Mean Time To Resolution (MTTR) Policy compliance Security forensics Because these trends and changes drive new initiatives and requirements for the multicloud data center, Cisco has created Cisco Tetration from the ground up expressly to meet these requirements. Cisco Tetration enables the business objectives of CXOs and executives, while enabling disparate teams to work together using a single platform as a pane of glass, and fulfills the day-to-day tasks of app developers, architects, SecOps, NetOps, and IT operations: Figure 1. Cisco Tetration: features and benefits Planning and design Infrastructure changes DR and BC initiatives Hybrid-cloud cost Capacity/ performance mgmt Implementation Software-defined networking Zero-trust and application segmentation Consistent policy for cloud and infrastructure migration Operations and optimization Pervasive visibility in multicloud Asset and inventory discovery Mean time to resolution Policy compliance Security forensics What is Cisco Tetration and Which specific use cases does it address? Cisco Tetration is a turn-key solution that provides actionable insights to deliver business outcomes for application/infrastructure performance and security integrity in the modern heterogeneous, multicloud data center. The main use cases fall under three broad categories: Application Insight, Workload Protection, and Network Insight (as shown below). Figure 2. Cisco Tetration main use cases Application insight Workload protection Network insight Inventory and workload discovery in a heterogeneous, multicloud datacenter Automated mapping of all application dependencies (ADM) Automatic generation of whitelist policy based on application Behavior and Business requirements Conversation to show impact of traffic/load for simulation of cloud migration Hardening of application segmentation policy via simulation Compliance and day-2 Policy One-click deployment of application micro-segmentation policy for zero-trust enforcement Software package and vulnerability assessment Process behavior review and Anomalous behavior detection, such as side-channel attacks (e.g., Spectre/Meltdown) Proactive actions, such as quarantining servers when vulnerabilities are detected Pervasive network visibility Association of all network flows with process and owner context Hope-by-hop fabric path and performance statistics MTTR determination whether bottleneck result from application or Network application or network Visualization of network relationships Performance metrics etc. Forensics, search of flows up to a year

Application insight: Application insight is a prerequisite to any successful data center consolidation, expansion, or migration. It is also a prerequisite to any SDN, application migration, or micro-segmentation initiative. Without understanding the dependencies of an application, these initiatives may be delayed or fail. Some of the functions included in this category are: Workload and application discovery in the multicloud data center Complete visibility of all communication in, out, and within the multicloud data center Automated mapping of all application dependencies (ADM) to enable implementation of a zero-trust model Automatic generation of a whitelist policy based on empirical of every packet of every flow at multi-100gbps speeds, including intent-based security policies mandated by business requirements Conversation to show impact of traffic/load to prepare applications for cloud migration Hardening of application segmentation rules via simulation and what-if scenarios On-going application compliance and policy for day-2 operations Workload protection: It is imperative the workloads be protected to provide a secure infrastructure for business-critical applications and data. Cisco Tetration enables holistic workload protection by securing communication between workloads as well as the workloads themselves. Some of the functions included in this category are: One-click deployment of whitelist policy for application micro-segmentation, protecting communication between workloads Process inventory and behavior baselining,, and identification of deviations for the processes Full inventory of all software packages running on the workload, and the ability to detect common vulnerabilities and exposures associated with these packages by comparing against 19 years of CVE database Ability to detect anomalous behavior including side-channel attacks such as Spectre/Meltdown, privilege escalation, and shellcode attacks Actionable security insight, such as quarantining server(s) when vulnerabilities are detected, and blocking communication when policy violations are identified Network insight: Gaining pervasive visibility in the modern data center which is agile, multigigabit, heterogeneous, and multicloud is no easy task. Not only does Cisco Tetration offer pervasive visibility in this environment near real-time, it allows the operator to go back upwards of a year to replay the network insight recording. This level of deep and pervasive visibility enables planning and operations teams to make intelligent decisions about network changes and bandwidth upgrades. Some of the specific functions in this category include: Visibility of every packet of every flow at every speed, 24x7, in the multicloud data center (public or private) with bare-metal, container, and virtualized workloads Association of all network flows with system process and owner context Insight into the hop-by-hop path and performance statistics for an application all the way from the data center client to the initiating server process Ability to determine whether workload latencies are due to network and/or application constraints, hence reducing Mean Time To Resolution (MTTR) Ability to visualize neighborhood relationships Collection of performance metrics, including application latency, SRTT, TCP retransmissions, window sizes, and long TCP handshakes Ability to search on all historical flows contained in the platform, which may include up to a year or more of data

There are three layers in the architecture: Input and telemetry: Cisco Tetration collects telemetry and other context information from sensors and third-party sources. Sensors are deployed across heterogeneous environments, in public or private clouds, across virtual machines, to containers, and bare-metal servers. Sensor options include software sensors, hardware (Cisco Nexus 9000 CloudScale series) sensors, container sensors, ERSPAN sensors, and Cisco IOS NetFlow sensors Further context may be obtained from load balancers, location information systems, IP Address Management (IPAM), the Configuration Management Database (CMDB), and Security Information and Event Management (SIEM) systems. 1 With comprehensive telemetry across the heterogeneous infrastructure, Tetration gains true pervasive visibility in the complex environment. Big data : The telemetry of the communication flow and the system context from hundreds or thousands of agent sources are sent securely to the Tetration big data platform, which analyzes the data, using unsupervised machine learning and behavior. The relationships among the workloads, and the state and health of the workloads and network, are derived. The algorithmic approach and artificial intelligence employed by Cisco Tetration results in the use cases of Application Insight, Workload Protection, and Network Insight described previously. The platform further preserves the data in a data lake, as well as in computed results and a time-series database. There are several delivery models for the platform, including on-premises appliance, virtual appliance, and Software-as-a-Service (SaaS). How is Cisco Tetration implemented? Legacy approaches neither meet nor scale for the new requirements of the changing data center. Cisco Tetration represents a paradigm shift that leverages Artificial Intelligence (AI) and big data analytics to address the modern data center that has the following characteristics: (1) it is multicloud, where boundaries extend beyond on-premises data centers; (2) it has heterogeneous environments with a combination of bare-metal hosts, virtualized workloads, and containers; and (3) it is dynamic with changing traffic patterns at multi/100-gigabit+ speeds and predominantly east-west traffic patterns. By leveraging algorithmic approaches, Cisco Tetration is able to automate the identification of application flows at 100+ Gigabit speeds, across private data center, cloud, and hybrid deployments at a level of detail that can enable the application dependency mapping, security enforcement, and added business value required by customers. Cisco Tetration high-level architecture is shown in the figure below: Figure 3. Data access Big data compute and Input and telemetry Cisco Tetration high-level architecture Search GUI Reports, alerts Custom dashboards and user apps Prebuilt dashboards Flow-search data API Event notification User apps Computed results Machine learning Telemetry + context Data lake deep store Application insight Workload protection Network insight 1 Tetration ecosystem partners: https://blogs.cisco.com/datacenter/tetration-open-platform-enables-strong-partner-ecosystemchoice-and-flexibility-benefits-to-customers

Data access: Operators require access and the ability to manipulate their data. Cisco Tetration is an open platform that is accessible via GUI, REST API, and an event notification message bus. Operators may even leverage the compute and storage of the platform to write their own user apps in Python or Scala. Cisco Tetration is optimized to provide search query results of historical flow data in subsecond response times. The open APIs and event notification bus are leveraged by Tetration ecosystem partners for integration with SIEM, CMBD, and other tools. Figure 4. Cisco Tetration delivery models Delivery model Hardware appliance Virtual appliance SaaS Type 39RU 8RU ESX OVA SaaS Summary In summary, Cisco Tetration is purpose-built to address industry trends impacting our customers businesses. The solution leverages streaming telemetry, behavior, unsupervised machine learning and artificial intelligence, and big data analytics to deliver pervasive visibility, automated intent-based policy, workload protection, performance management, and much more. As a unified platform, Cisco Tetration allows various teams to work together efficiently across organizational silos and integrates with an ecosystem of partner solutions to increase value throughout the IT data center environment. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C22-741289-00 11/18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback