Welcome to the WEI Tech Exchange Blog

3 Challenges and Benefits of Cisco Tetration

Written by Josh Cronin | Jul 19, 2018 12:15:00 PM

In last week's post we discussed the Cisco Tetration Analytics Platform—what the platform is and how it integrates with the modern enterprise. We talked about how it supports a “Zero-Trust” security model and explained the story that ties in with its creation with an interesting use case involving Cisco and WEI.

This week we will discuss three challenges that can be associated with Cisco Tetration, along with some suggestions on how to avoid or lessen the impact of these factors. We will also look at three benefits of incorporating Cisco Tetration into your infrastructure strategy.

Challenges of Cisco Tetration

1. Infrastructure Commitment
When Cisco Tetration was first released there was a significant infrastructure commitment. You would have had to invest in several servers, multiple switches, and more. This resulted in an organization bringing in nearly a rack of gear just to run this engine. If you think about your network size, the amount of processing, and the amount of flows this thing is going to take in and allow for you, it is a significant space and power investment.
 
2. Upfront Costs

The infrastructure commitment contributes to the second obstacle; being that the upfront costs are really high because there is a lot of hardware that needs to be brought in. Cost is probably the biggest preventative measure and it is common with migrating to or improving a digital-ready network strategy. The cost models have since improved, providing a few different options now. You will see more about Cisco’s improving cost models and options in the “benefits” section of this blog post.

3. Overwhelming Visibility

The idea of gaining 100% visibility into a network sounds great (and it is as you will see later on) because it ensures nothing can get past your team. It also makes your network seems impenetrable. Let’s use an example to show where there could be an obstacle with this. Let’s say you currently have 40% visibility into your network. You will have found a method and strategy to operate under this level of visibility. You are used to only being able to see this limited amount of network activity and you are able to properly plan a security strategy for it given the available tools at your disposal.

Now years have passed with no real network problems, but Cisco Tetration starts being discussed as a potential solution to increase your organization’s network strategy. There is buy in and now you suddenly have 100% network visibility. Understandably, there are going to be a lot of questions and a lot of confusion. There will be a lot of work upfront to understand what everything is because you are now in a situation where you are able to see and plan for more parts of your network than you have ever been exposed to before.

It is important to understand that this “new” stuff happening in your network would be there anyways, whether you see it or not. It is a kind of a requirement for your job to understand this extra activity. This makes the front loaded work worthwhile to be able to decide how traffic flows are working and to be able to package them. After understanding what else is in your network and how some of the network automation features work you will get to a point of normalcy with all of it. The size of your network and years established is definitely worthwhile to discuss when considering utilizing Cisco Tetration.

Benefits of Cisco Tetration

We will now dive into three of the primary benefits of Cisco Tetration and as you will see, these benefits make up for and outweigh many of the “challenges” discussed in the first half of this blog.

1. No Vendor Lock-in

Cisco Tetration has improved its integration with other network switches. There is no “vendor lock-in” where Tetration would require Cisco switches. Fortunately, Tetration will check everything on the network and will play well with nearly any infrastructure setup.

One thing to keep in mind is that while Cisco does agent and agentless monitoring, it is preferred you run Cisco for this. Some of the Cisco switches like the Nexus 93180 have a lot of that functionality baked into them. This means you don't have to run SNMP or Agents to pull information off those switches since they can already send that natively. I wouldn't call it a lock-in, but Cisco may, even though they're kind of agnostic in what they monitor. This is simply because they're better and more experienced with monitoring their own stuff since they built it.

2. Package options

While we touched on the significant up front infrastructure cost requirements with Cisco Tetration, there are ways to get around it. When Tetration was first released the price was fairly stagnant and out of reach for many organizations. Since then, they have become more flexible, since as the product grew, more ways to consume it were developed. Various pricing options make sense for companies in different situations and with different needs. Some will continue to run Tetration as they always have, but package options matter to determine whether organizations will run it for the foreseeable future or just for a year before converting their network over to Cisco ACI. Other important uses cases should be considered before making a decision; such as how you run Tetration (manually or automatically), will it be used for a specific initiative or will you integrate it into your security fabric, and how will your workflows run. Cisco adapted as needs for this product changed, allowing customers to choose why and how they want to consume it, which is favorable.

They have a few different deployment options now. Depending on how big your network is, Cisco has two differently sized physical deployment models, Tetration Appliance and Tetration-V. One is across multiple servers, meaning the amount of servers for the larger model would be very expensive. They also have a smaller size now that is designed for organizations only monitoring 2,000 or less end points. Whether those are switches or desktops it does not matter because, organizations can get by with this option, making it cheaper.

Cisco has adapted even more to the point where cloud-based offerings of Tetration are available now too (known as Tetration – SaaS). This allows you to run Tetration in AWS or Azure. Cisco gives you the virtual software that you run on AWS or an Azure VPN. This way you're still paying for those, but if you don't have the space or interest in owning the hardware overall, you can do that. If you're going to run Tetration for a certain amount of time (let's say you get the licenses for a year) and then you want to get rid of it without a hardware investment, Cisco provides a pretty good opportunity for this. They can also do software to server configurations now, so Cisco can run it in its cloud. You can now plug Tetration into your networks and run it for as long as you need, similar to a subscription model.

3. Full Visibility

Once you get past that learning curve and the upfront commitment to set up Tetration, the day to day operations simplify because it will reach into the switches and desktops, notifying you when an anomaly is discovered. It allows you to make your decision on the fly to either block or allow it.

It is front loaded and there will be a lot of work to understand what you're using it for. There's a lot of learning in your own network, but it will become operational. This visibility also extends to heightened security measures, making it possible to truly maintain a zero-trust model that we discussed in last week’s blog.

With Cisco Tetration 100% visibility can be reached, providing a situation to provide a whitelist model, also known as a “Zero-Trust” model. With this approach, instead of controlling what can’t interact with the network, you are controlling what can interact with it. You can now confidently know that everything allowed to interact with the network is there because a rule has been established allowing it to be there. Letting Cisco Tetration map your network provides that top tier level of security that organizations strive to reach.

Conclusion

Now that this product has been around for a few years it has been developed and improved enough to the point where the benefits outweigh the obstacles by far. Cisco Tetration may not be for every organization, but for those looking to heighten their network security strategies, there are few other solutions as comprehensive and versatile at Cisco Tetration.

In case you missed part one of our blog series on Cisco Tetration, you can find it here: Achieve 100% Network Visibility with Cisco Tetration

Next Steps: Learn more about the software-defined revolution and how companies are leveraging SDN in our white paper, “Software Defined Networking: The Next Paradigm of IT Promise.”