How to Navigate a ‘Zero Trust’ Environment
Cisco’s Tetration uses real-time telemetry from applications to detect changes such as abnormal activity or attempts to exploit newly discovered flaws.
June 28, 2019
Sponsored by Oracle
Trust nobody. Trust nothing. Those are good principles when it comes to secure enterprise computing, and it’s the mindset behind what’s called the “zero-trust” IT security model—that is, assume that all traffic crossing a network is potentially dangerous until it is verified. The zero-trust model requires enforcing controls so that users and applications can access only the resources they absolutely require, and ensuring that monitoring systems have full visibility into, well, everything.
The zero-trust model is at the heart of Tetration, a workload protection and cybersecurity system offered by Cisco Systems—and delivered as a software-as-a-service offering running on Oracle Cloud Infrastructure.
The Tetration service goes both broad and deep. Broad, in that it aims to protect all of a company’s users, applications, data, compute infrastructure, virtual machines, containers and network traffic. Deep, because Tetration looks at every process interaction, at metadata from every network packet, at the metadata that describes each application process, at the storage and file systems containing corporate data, and even at employee and customer user activity.
While a company’s applications are running, the data is flowing, shoppers are buying, and employees are working, Tetration is protecting. It uses real-time telemetry from applications—down to the individual end user or software process—to detect changes such as abnormal activity caused by a hacker or malware, or by attempts to exploit newly discovered flaws.
Back to the zero-trust model: Tetration combines the enterprise’s high-level IT security policies with AI-discovered patterns of baseline application behavior. Tetration also factors in industry data about software vulnerabilities, threat telemetry and indicators of attack. Using those policies, it can segment application components, microservices and data sources into their own network spaces, to ensure that digital access to important resources is permitted only on an as-needed basis to users or other application components that have a safe posture and operating behavior. Of course, in a large enterprise, the IT environment changes all the time, so no administrator or team of administrators can understand all the changes and their ramifications. That’s where Tetration uses artificial intelligence and machine learning to eliminate the burden of whitelist policy lifecycle management and application management.
Tetration’s software agents see all those changes to the network architecture, applications, users and workloads. The Tetration analytics engine uses AI and ML to update the segmentation while assessing whether those changes increase risk and could lead to future vulnerabilities. The Tetration AI identifies the applications and databases in the environment and the dependencies, whether in the cloud or in the on-premises data center.
The AI also interprets application and user activity–to determine what is normal and what is anomalous– in real time. Tetration can also analyze the results of new security policies, such as those that might restrict access to specific resources and predict the effects those policies will have on applications and user workloads.
That’s a lot of data to manage, analyze and correlate, and that’s why Cisco recommends that IT organizations run Tetration as SaaS running on Oracle Cloud Infrastructure, says Navindra Yadav, founder of Tetration, head of Tetration Engineering and Cisco Fellow. It also offers the option of dedicated Cisco UCS server racks running the Tetration software and installed within a customer’s data center.
The Tetration SaaS option is “better on a cost-benefit basis,” Yadav says. Tetration uses Oracle Cloud Infrastructure for its high performance compute infrastructure. Oracle’s bare metal servers offer significantly higher processor, memory and storage densities, plus a higher-performance network fabric, than alternatives in the cloud IaaS marketplace we evaluated, Yadav says.
Oracle Cloud Infrastructure’s bare metal servers use the latest-generation microprocessors, network connections, high-performance memory and solid-state storage. For security, the servers are isolated from network traffic belonging to any other user, or even from Oracle’s own cloud-management traffic. The cloud customer—in this case, Cisco—has full control over the service’s software configuration, including operating systems and software.
Another reason to prefer the Tetration SaaS offering: scalability up and down. Customers can use only the cloud resources needed to handle their data center applications and workloads, and can scale very quickly. By contrast, when using on-premises hardware, the hardware has to be purchased, which can take some time. Also, because it’s slower to scale hardware, IT organizations will always need to buy excess capacity.
“Customers are paying for latent capacity with our service appliances on premises, whereas in SaaS, they pay for only what they use,” Yadav says.
Maintenance is another factor: With SaaS version of Tetration, all software maintenance is carried out by Cisco, while Oracle takes care of the physical hardware. With an on-premises server stack, the customer has to administer the server hardware and software.
“It’s good to have Cisco manage the SaaS version because Tetration is our software, and the employees inside the Tetration team understand it better than anyone,” Yadav says. “We can offer much higher availability to our SaaS customer and keep the software up to date.”
Cisco continues selling the hardware-appliance version of Tetration to support legacy customers, as well as for some very large, very nervous organizations, such as government agencies, that run Tetration inside very secure facilities that are not connected to the internet or to any external services. “The only reason new customers would choose to go with the appliance is really because they are air-gapped or they have very specific security concerns,” Yaday says.
A final benefit to Tetration as SaaS in Oracle Cloud is speed to deployment. Customers can go live within a day after they place the order with Cisco. When an organization realizes that it needs a comprehensive security system like Tetration to protect the data center and its workloads, nobody wants any delays.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
VARs/SIsAbout the Author
You May Also Like