Fortunately, teams that have turned to Cisco Tetration Analytics Platform have seen vast increases in their confidence to map, assess, and secure their networks. This blog post goes into detail on exactly what this Cisco Tetration technology is and how it takes enterprise security to another level.
Cisco created Tetration as a data center analytics tool to improve network visibility. Network visibility measures how well network administrators can see and control all components and interactions occurring within the entirety of the organization. Tetration captures all traffic flow better and more efficiently than a monitoring tool can. As companies move towards micro-segmentation, it ensures different applications can talk to each other. Tetration will map out all the individual flows of an application, ensuring you know exactly where all traffic is going and which devices are talking to each other.
You inevitably need that map to be able to totally understand your environment so that it can then be segregated. To understand how your web server talks to your SQL server, Tetration will show every connection that was made, normalize it, and then allow you to make rules around it to keep your traffic segregated. Beyond that, once you have all of that segmented and you're in compliance (if applicable), you can actively make changes with this tool. It will plug into switches and works like a Windows desktop or firewall.
Changes can also be made through an agent, which in some cases is needed for Cisco switches, to either allow additional traffic or block traffic. This way Tetration can actually see traffic and recognize that it is an anomaly to this host. It recognizes that this source is not good, and can then block it. It can even communicate with the firewall and say, “don't allow this traffic.”
That is the first step to moving towards a zero-trust method of networking. This method of knowing everything going on it a network at any given time provides a major benefit to customers.
Blacklisting is how many organizations’ networking policies have been traditionally structured. Blacklisting entails identifying “bad” traffic that is unwanted and setting up specific rules to not allow any traffic from those locations. This can help keep out many potentially threatening sources, but only those that are known can be kept out. There never was a great way to truly have 100% visibility into your network, making a blacklist model the best possible solution to provide some security measures and try to ensure employees can continue doing their jobs.
As an example, we can use vLAN to vLAN allowing traffic. You're not allowing all of this random traffic that you don't understand between the two. It has always been a real hassle for network administrators to understand application ports that are required. If you look at a ‘https’ port, that's port 443, so we would allow 443. If its ‘http’ we would allow port 80. There are thousands of ports across an application, and you may need a handful of those available, or you may need thousands of them available. In most cases we haven't had tools to absolutely identify that, so you depend on the applications and things get lost in transition between application owners and network owners. It has always been easier to say, “I can't figure out which of the 4,000 ports I need available, so I'm just going to go ahead and let them talk to each other.”
With Cisco Tetration, however, 100% visibility can be reached, providing a situation to provide a whitelist model, also known as a “Zero-Trust” model. A Zero-Trust security model follows the opposite methodology. With this approach, instead of controlling what can’t interact with the network, you are controlling what CAN interact with it. You can now confidently know that everything allowed to interact with the network is there because a rule has been established allowing it to be there.
Basically now, because we have visibility across the board, IT teams can say they know exactly what's going on, so by default, that traffic is not going to pass unless it is understood and a rule has been set. The only sources allowed into the network are ones that are specifically approved.
The increase in cyber-attacks, such as with Target getting hacked, makes more companies realize that they do not have as much visibility as they need on their network. Cisco Tetration and its zero-trust security model is a step forward in preventing future attacks.
One exceptional use case surrounding Cisco Tetration involves Cisco themselves. They developed this software partially for their internal requirements. They were going to move from a traditional network structure to Cisco ACI—a software defined network—and they didn't understand what the traffic flows looked like on their network. They couldn't logically make a plan for how they should separate things. This led them to run Tetration to migrate their own data centers. When there's a requirement to understand anything on the network it is absolutely critical to have something like this. Mapping out a network is the leading purpose for Tetration. Its secondary purpose is utilizing Tetration to plug into firewalls on hosts, among many other things.
You can automate it, either API driven, or by some default baked into the product that will help you protect your end points. If something does get through your firewall or IPS and it's now on your network, you can leverage Tetration. You can see it, act on it, report on it, and actually close the port. To get to that next level of security, it's a pretty big piece of the puzzle.
Cisco Tetration can map a network and provides that top tier level of security, as well as enabling your network to do what you want it to do. You have to totally understand that and you have to understand the applications that run over it. It has always been a challenge for the network administration side to understand that.
This provides more accurate visibility into what is actually happening. It tells the network team why traffic is moving the way it is. If you have a troublesome application, you may not realize that it's spanning multiple catastrophic and saturating links. Now you can see where that's coming from, how it's happening, and how often it's happening. If something does get through your firewall or your IPS and it's now on your network, you can see that, act on it, report on it, and close the port. Cisco Tetration enables you to not only report against it, but actively make changes. This is the future of how companies will build and monitor applications, as it gives so much more insight into what people are traditionally used to. In a world where you need to segregate everything, Cisco Tetration gives you the power to do that and more.
Next Steps: Look for a continuation on this topic in next week's blog post to learn about the benefits and challenges that come along with Cisco Tetration. In the meantime, learn more about WEI's experience implementing Cisco ACI in this case study featuring a major data center relocation initiative for a Fortune 100 company.