Cisco Tetration Analytics

Similar documents
Cisco Tetration Analytics

PSOACI Tetration Overview. Mike Herbert

Tetration Hands-on Lab from Deployment to Operations Support

Self-driving Datacenter: Analytics

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Cisco Tetration Analytics

Cisco Tetration Analytics + Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Title DC Automation: It s a MARVEL!

The Why, What, and How of Cisco Tetration

Cisco Tetration Platform

Cisco Tetration Platform

Cisco Tetration Application Segmentation

Cisco IT Tetration Deployment, Part 1 of 2

Cisco Tetration Analytics, Release , Release Notes

Architectural overview Turbonomic accesses Cisco Tetration Analytics data through Representational State Transfer (REST) APIs. It uses telemetry data

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Qualys Cloud Platform

Cisco Tetration Platform: Network Performance Monitoring and Diagnostics

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Unlock the Power of Data

A10 HARMONY CONTROLLER

Cisco Application Centric Infrastructure

Cisco Application Centric Infrastructure

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

Qualys Cloud Platform

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

Developing Microsoft Azure Solutions (70-532) Syllabus

2018 Cisco and/or its affiliates. All rights reserved.

The Intent based Data Center. Kim In-Sook Manager, ASEAN Data Center Architect Team Jan 11, 2018

VMware Hybrid Cloud Solution

SYMANTEC DATA CENTER SECURITY

主題 :Cisco Data Tetration Solution - 思科大數據維運解決方案 公司名稱 :Cisco Systems

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Powerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations

Cisco Cloud Application Centric Infrastructure

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Network Behavior Analysis

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Securing the Modern Data Center with Trend Micro Deep Security

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

Microsoft Operations Management Suite (OMS) Fernando Andreazi RED CLOUD

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Community Edition Getting Started Guide. July 25, 2018

Exam : Implementing Microsoft Azure Infrastructure Solutions

DC: Le Converged Infrastructure per Software Defined e Cloud Cisco NetApp - Softway. Luigi MARCOCCHIA SOFTWAY

The OnApp Cloud Platform

ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS

SEVONE DATA APPLIANCE FOR EUE

Compare Security Analytics Solutions

Security from the Inside

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Building a Data-Friendly Platform for a Data- Driven Future

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

USERS CONFERENCE Copyright 2016 OSIsoft, LLC

Everything visible. Everything secure.

Hyper-Convergence De-mystified. Francis O Haire Group Technology Director

Securing Containers Using a PNSC and a Cisco VSG

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cloud Computing. An introduction using MS Office 365, Google, Amazon, & Dropbox.

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

VMware vsphere 4.0 The best platform for building cloud infrastructures

Help Your Security Team Sleep at Night

Automating Security Practices for the DevOps Revolution

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Getting Started with AWS Security

CISCO CLOUD. Multi Cloud Management Multi Cloud Reference Architecture Multi Cloud Capability Map CiscoCloud CiscoCloud v Competition

Infoblox as Part of the Ecosystem

The Next Opportunity in the Data Centre

All Events. One Platform.

VDI What is it? Virtual Desktop Infrastructure in Plain Vanilla. Clifford Gabriel Data Center and Virtualization Trends and Technologies Inc.

La plateforme Cloud d Entreprise. Découvrez la vision et la stratégie de Nutanix.

SIEMLESS THREAT DETECTION FOR AWS

Delivering Intent for Data Center Networking

Stop Cyber Threats With Adaptive Micro-Segmentation. Jeff Francis Regional Systems Engineer

Automated Infrastructure Management Powers Future-Ready Enterprise Clouds

AppDefense Getting Started. VMware AppDefense

Trends and Challenges We now live in a data-driven economy A recent Gartner report discussing NetOps 2.0 stated, NetOps teams must embrace practices a

CLOUD WORKLOAD SECURITY

No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide

NFV Infrastructure for Media Data Center Applications

Developing Microsoft Azure Solutions (70-532) Syllabus

Cisco Unified Data Center Strategy

Accelerate Your Enterprise Private Cloud Initiative

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

Regaining Our Lost Visibility

70-414: Implementing an Advanced Server Infrastructure Course 01 - Creating the Virtualization Infrastructure

SEVONE END USER EXPERIENCE

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Transform to Your Cloud

How to Keep UP Through Digital Transformation with Next-Generation App Development

Hybrid Cloud for the Enterprise

The Future of Virtualization Desktop to the Datacentre. Raghu Raghuram Vice President Product and Solutions VMware

Transcription:

Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems

Security Challenges in Modern Data Centers Securing applications has become complex Rapid application deployment Continuous development Application mobility Microservices Policy enforcement Heterogeneous network Zero-trust security Policy compliance Applications are driving modern data center infrastructure

NSA TAO* Chief on Disrupting Nation State Hackers Approaches to defense Segment the network Whitelist applications https://www.youtube.com/watch?v=bdjb8wojyda Intrusion Phases Reconnaissance Initial Exploitation Establish Persistence Install Tools Move Laterally Collect, Exfil, and Exploit Figure out what s routine in your infrastructure (what s not) Figure out what you need to protect and segment that off Locking down at the host level * Tailored Access Operations

Introducing Tetration Software & Network Sensors: See everything OS Sensor Windows Linux Mid-Range Universal Network Sensor Cloud-Scale Nexus Nexus 9000 X v Data Analytics & Machine Learning Engine Open Access Analytics Cluster Appliance model On-Premise or Cloud Billions of Events Meta-Data generated from every packet Ingest Store Analyse Learn Simulate Act APPLICATION INSIGHT FLOW SEARCH & FORENSICS SEGMENTATION & COMPLIANCE Web Rest API Event Bus Lab

Operations Security Cisco Tetration Use cases Visibility and forensics Policy Application insight Policy simulation Neighborhood graphs & Cloud Migration Cisco Tetration Application segmentation Process inventory Compliance

Use Cases Accelerate Business Transformation Accelerate Technology Transformation v Secure Cloud & Data Centre APPLICATION INSIGHT FLOW SEARCH & FORENSICS SEGMENTATION & COMPLIANCE Operational Excellence

Cisco Tetration Analytics Architecture Overview Data Collection Analytics Engine Visualization and Reporting VM Host Sensors Tetration Telemetry Web GUI Network Sensors Cisco Nexus 92000YC-X Cisco Nexus 93000YC-EX Cisco Tetration Analytics Platform REST API Third-Party Metadata Sources Configuration Data Push Events

Cisco Tetration Analytics Data Sources Software sensors Available today Network sensors Next-generation Cisco Nexus Series Switches Third-party sources Third-party data sources Linux servers (virtual machine and bare metal) Windows servers (virtual machines and bare metal) Windows Desktop VM (virtual desktop infrastructure only) Universal* (basic sensor for other OS) Cisco Nexus 9300 EX Cisco Nexus 9300 FX Asset tagging Load balancers IP address management CMDB *Note: No per-packet telemetry; not an enforcement point Main features Low CPU overhead (SLA enforced) Low network overhead (SLA enforced) New Enforcement point (software agents) Highly secure (code signed and authenticated) Every flow (no sampling) and no payload

Holistic Approach to Server Protection Advanced behavior analysis Policy Enforcement Application control using whitelists Traffic visibility, server process baseline, and analytics Dynamic and heterogeneous environment Policy that enables application segmentation Break organizational siloes

Get Great Identity About Endpoints Discovered inventory Uploaded inventory and metadata (32 arbitrary tags) Inventory tracked in real time, along with historical trends Cisco Tetration Analytics sensor feed VMware vcenter (virtual machine attributes) AWS attributes (AWS tags) User-uploaded tags Cisco Tetration Analytics merge operation Real-time inventory merged with information with historical trends

The Goal Is to Describe Intent I want to Block non-production apps talking to productions apps Allow HR apps to use the employee database Block all HTTP connections that are not destined to web servers Allow and notify me when a new app request DNS server access Block and notify me when a new app uses requests AD server access

How Does It Work? Tetration automatically converts your intent into black and white list rules Block non-production apps talking to production apps Allow HR apps to use the employee database Block all HTTP connections that are not destined to web servers DENY SOURCE 10.0.0.0/8 DEST 128.0.0.0/8 ALLOW SOURCE 128.0.10.0/16 DEST 128.0.11.0/16 ALLOW SOURCE * DEST 128.0.100.0/16 PORT = 80 DENY SOURCE * DEST * PORT = 80 Intent Rules

Enforcement of Policy Across Any Floor Tile Cisco Tetration Analytics Google 1. Generates unique policy per workload 2. Pushes policy to all workloads 3. Workload securely enforces policy 4. Continuously recomputes policy from identity and classification changes Azure Compliance monitoring Amazon Enforcement Public cloud Bare metal Virtual Cisco ACI TM Traditional network

Policy-Related Notification Alerts every minute for enforcement Policy compliance event notifications Count of policy alerts until whitelisted Alerts when IP tables or firewall is flushed or disabled by user Alerts when enforcement sensor is disabled Publishes policy differences between versions Cisco Tetration Analytics Message publish Kafka Kafka broker Northbound consumers Northbound consumers

Cisco Tetration: Server Process and Process Hash Cisco Tetration Analytics Computed process hash for all the processes running on the server Search based on: Process Process ID All servers running a particular process Details for long-running processes User ID associated with process and process ID Use process hash information to search for suspicious processes against any IOCs

Insight-Based Notification: Neighborhood Graphs Neighborhood graphs Find up to two-hop communication neighbors for a selected workload Drill down into details about communication between these neighbors View dashboard display using graph database Determine the number of server hops between two workloads Get out-of-the-box and customer alerts through Kafka Cisco Tetration Analytics Message publish Kafka Kafka broker Northbound consumers Northbound consumers

Analyze Network Traffic for Cloud Migration Cisco Tetration Analytics Estimate usage and cost for your planned migration Google Run cost analysis on hypothetical migration scenarios, based on your actual network traffic Create a cloud profile > Define cloud migration scenario > Add your cloud pricing tiers and data to study an application migration Run hypothetical analysis to find out what will it cost to move certain workloads or full applications to cloud Support for AWS, Azure, and other cloud platforms Azure Amazon

Virtual Desktop Infrastructure: Visualization Cisco Tetration Analytics VDI instances Main features Support Microsoft Windows Desktop 7, 8, and 10 Get per-packet, per-flow visibility Correlate traffic with process on the desktop instances Tie VDI user traffic to application workspace

Cisco Tetration: Bring Your Own Data Northbound consumers Streaming JSON telemetry Data sink Public Cloud Main features Stream any JSON-based telemetry to a data sink Support up to 10 simultaneous streaming topics Bring up to 5 GB of data per hour per streaming topic Analyze and write your results through alerts or UI

Datacenter Wide Traffic Flow Visibility Detail information about the flow Information about Consumer Provider and type of traffic

Tetration Application Segmentation Policy Recommendation Public Cloud APPLICATION W ORKSPACES Private Cloud Cisco Tetration Analytics Application Segmentation Policy

Real-Time and Historical Policy Simulation BM VM VM VM VM BM VM VM VM VM VM BM VM Cisco Tetration Analytics Platform Validating policy impact assessment in real time Simulating policy changes over historic traffic View traffic outliers for quick intelligence Audit becomes a function of continuous machine learning

Tetration Analytics: Open Access NORTHBOUND APPLICATION NORTHBOUND CONSUMERS NORTHBOUND CONSUMERS Kafka Broker Programmatic Interface Message Publish Tetration Apps Cisco Tetration Analytics Platform REST API Tetration flow search Sensor management Push Notification Out-of-box events User defined events Tetration Apps Access to data lake Write your own application

Cisco Tetration Analytics: Ecosystem Service visibility Layer 4-7 services integration Cisco Tetration Analytics Security orchestration Service assurance Insight exchange

Insight Exchange Telemetry Data Ingestion Pipeline Workload Tetration Anotations Insight Exchange (or connect your own)

Cisco Tetration Analytics: Deployment options On-premises options Public cloud Cisco Tetration Platform (large form factor) Suitable for deployments of more than 5,000 workloads Built-in redundancy Scales to up to 25,000 workloads Includes: 36 x Cisco UCS C220 servers 3 x Cisco Nexus 9300 platform switches Cisco Tetration-M (small form factor) Suitable for deployments of less than 5,000 workloads Includes: 6 x Cisco UCS C220 servers 2 x Cisco Nexus 9300 platform switches Cisco Tetration Cloud Software deployed in AWS Suitable for deployments of less than 1000 workloads AWS instance owned by customer Amazon Web Services

Huntington bank Business value snapshot Cisco Tetration enabling Huntington National Bank to execute major IT initiative faster and more efficiently 80-90% Less staff timing to carry out application mapping We needed up to a month to map a complex application, and Cisco Tetration allows us to do this in days or less. This will help us complete a significant IT initiative with major cost implications in far less time. -Patrick Drew, Assistant Vice President, Network Infrastructure Manager, The Huntington National Bank 60-65% Faster expected execution of significant IT initiative The big ROI for us of using Cisco Tetration is not having to do application mapping again; the dynamic mapping means that we don t have to go through the exercise again for future initiatives. -Patrick Drew, Assistant Vice President, Network Infrastructure Manager, The Huntington National Bank 98% Less time spent by application owners for application mapping IDC Analyze the future 2017 IDC. www.idc.com

Cisco IT: Business value 1 2 3 4 5 6 Traditional Hire a consultant Collect logs, interview teams Identify application dependencies Verify with every group Static map, change requests Implement policy, apps break Cisco Tetration platform 70% reduction in cost and time 3600 person hours of skilled staff time saved for every 100 applications 20-40% reduction in virtual machine footprint US$1M-$5M project; several months

Customer Video

Summary Real time and scalable Granular policy enforcement Easy to use Open Every packet, every flow Application segmentation for 1000s of applications Long term data retention Consistent policy enforcement Identify policy deviations in near real-time Support for workload mobility One touch deployment Self monitoring Self diagnostics Standard web UI REST API (pull) Event notification (push) Tetration applications

Tetration answers your Critical Questions Who talks with who? What was out of Policy? Audit & Compliancy Policy Enforcement Application Dependency Aut. Policy Discovery Network DVR Visibility

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback