Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and Compliance Management Through the integration of AlgoSec and the Cisco Tetration Analytics platform, customers can visualize business application connectivity and dependencies; map existing security policies to the business applications they support; manage risk, vulnerability, and compliance with full business application context; enforce whitelist policy; and automate business application connectivity management across multiple technologies and platforms. The Need Today s business applications are the core of the data center. They are highly dynamic, with communication flows between the various application components that are constantly changing to support business continuity and digital transformation initiatives. This constant state of flux increases the organization s attack surface and creates gaps in the security infrastructure that network and security operations teams are challenged to fix. To address these challenges effectively, network and security operations teams need to take an application-centric approach to network security management. This approach requires insight into applications and their connectivity flows across the network infrastructure. It also requires the capability to apply business context and automation to core security policy management processes such as change management, risk and compliance assessment, and auditing.
Cisco Tetration Analytics Platform The Cisco Tetration Analytics platform addresses these requirements using unsupervised machine learning, behavior analysis, and algorithmic approaches. It provides a ready-to-use solution to accurately identify applications running in the data center and their dependencies and the underlying policies between different application tiers. In addition, the platform is designed to normalize and automate policy enforcement within the application workload itself, track policy compliance deviations, and keep the application segmentation policy up-to-date as the application behavior changes. With this approach, the Cisco Tetration Analytics platform provides consistent application segmentation across virtualized and bare-metal workloads running in public and private clouds and on-premises data centers. AlgoSec Security Policy Management Using single-pane management, the AlgoSec Security Management solution provides holistic, business-level visibility across the entire network security infrastructure, including business applications and their connectivity flows in the cloud and across software-defined networking (SDN) and on-premises networks (Figure 1). With AlgoSec, users can manage application connectivity, proactively analyze risk from the business perspective, tie cyber attacks to business processes, and intelligently automate time-consuming security changes all without human interaction and seamlessly orchestrated across any heterogeneous environment. Cisco Tetration Analytics and AlgoSec solution Through transparent integration, AlgoSec complements the Cisco Tetration Analytics platform by extending its application connectivity visualization to the underlying network security infrastructure. This extension provides the network and security teams with business context for their firewall rules and policies and for security risks and vulnerabilities. In addition, it extends Cisco Tetration Analytics application segmentation capabilities to all network security devices across the enterprise network: physical and virtual, on premises, and in the cloud. Figure 1. AlgoSec Security Management Provides Single-Pane Management and Visibility 2
The integrated solution offers these main features: Automatically discovers business application connectivity, dependencies and behavior (Figure 2) Automatically tags security policy rules across multiple security devices, platforms, and technologies with the business applications they support Allows users to easily search through all security rules across in the entire network, and filter by business applications Automatically generates reports that aggregate all network security risks and vulnerabilities affecting each application (Figure 3) Automatically annotates flows that the Cisco Tetration Analytics discovers with information about host vulnerabilities Monitors the connectivity status of critical applications and verifies that supporting network security policies are intact Automatically generates whitelist policies based on actual application behavior and pushes the policies to the relevant network security devices Figure 2. The Cisco and AlgoSec Solution Displays Connectivity, Dependencies, and Behavior Figure 3. The Cisco and AlgoSec Solution Shows Risks and Vulnerabilities Affecting Each Application 3
Main Benefits of the Integrated Solution Provides visibility into business application connectivity and dependencies Delivers business-based risk and vulnerability analyses Presents business application context for every rule in every security policy Tightens security by enabling microsegmentation based on application behavior Reduces time and effort through automation Avoids outages and eliminates device misconfigurations Main Use Cases for the Integrated Solution Table 1 presents the main use cases for the Cisco Tetration Analytics and AlgoSec solution. Use Case Map firewall rules to the business applications they support Manage risk, vulnerabilities, and compliance in the context of affected business applications Troubleshoot application outages and misconfigurations Generate and push whitelist policies to network security devices Description Automatically tag all existing security policy rules with the business applications they support. Support any hybrid environment virtual or physical, on premises or in the cloud and multiple vendors and platforms. See application context in policy searches, troubleshooting, risk analysis and compliance assessment, policy cleanup, and more. Manage network security risk in the context of affected business applications. Prioritize vulnerability and patch management based on affected business applications. View aggregated information about network security risks and vulnerabilities relevant to a specific business application. Instantly detect application behavior anomalies and outages. Easily check whether a malfunction is the result of a network security policy misconfiguration anywhere in the network. Remediate misconfigurations quickly and efficiently. Automatically generate whitelist policy recommendations based on application behavior. Push generated policies to network security devices, SDN technologies, and cloud security groups. Tighten security through microsegmentation. For More Information See https://www.cisco.com/go/tetration. 4
About AlgoSec The leading provider of business-driven security management solutions, AlgoSec helps the world s largest organizations align security with their business processes. With AlgoSec, users can discover, map, and migrate business application connectivity, proactively analyze risk from the business perspective, tie cyber attacks to business processes, and intelligently automate network security changes with zero touch across their cloud, SDN, and on-premises networks. Over 1500 enterprises, including 20 of the Fortune 50, use AlgoSec s solutions to make their organizations more agile, more secure, and more compliant, all the time. Since its inception, AlgoSec has offered the industry s only money-back guarantee. 2017 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Copyright 2017 Algosec. All rights reserved. C22-739268-00 06/17