The platform uses software sensors to monitor and analyze workloads running on bare metal servers, virtual machines, and containers.
“We create an inventory of everything that is installed on the workloads,” said Yogesh Kaushik, director at Cisco Tetration Analytics. “If someone deploys something new, within one second Tetration knows there is a new packet installed on such and such workload.”
But while traditional segmentation technologies use network traffic to create fine-grained security policies to be assigned to applications, Tetration now also looks at application vulnerability and behavior, Kaushik said.
It does this by comparing workloads’ behavior to Talos, Cisco’s threat intelligence platform, as well as the Common Vulnerabilities and Exposure (CVE) and other open source threat databases. When it detects software packages with known CVEs, it ranks the severity of the vulnerabilities and identifies all servers that may be affected.
“We can say of the 500 machines you have, these 50 don’t have the right patch and they are potentially vulnerable to Spectre and Meltdown,” Kaushik said, referencing recent chipset exploits.
Enterprises can also automate policy response to detected security vulnerabilities, such as quarantining a host where servers are identified to have high-impact vulnerability. Tetration can enforce tens of millions of whitelist policy entries across thousands of applications in a multi-cloud datacenter, according to Cisco.
“What Tetration can do now is define a rule, a policy, that says anything that has a vulnerability score of higher than eight, quarantine those workloads,” Kaushik said.“And that gets pushed out in 60 to 90 seconds. So if you read an article that says a new threat is spreading to workloads and this is what it looks like, on Tetration you can take action in less than two minutes.”
All existing known security vulnerabilities come baked into the Tetration update, and it includes a feature that allows Tetration to push out information on new vulnerabilities as they become known. Customers can opt-out of this service.
Additionally, policy simulation allows companies to test the impacts of a security policy before applying it across workloads.
In addition to the Tetration updates, Cisco has taken other efforts to extend security beyond the data center and beef up its multi-cloud protection. This comes at a time when 27 percent of security professionals are using off-premises private clouds, according to Cisco’s annual security report.
Late last year the company launched a multi-cloud security portfolio based on cloud security startup acquisitions and homegrown technologies.
It’s also targeting managed security service providers (MSSPs) with a bundle of cloud-based endpoint security products now packaged as an MSSP portfolio. Cisco has also teamed up with Rackspace, which offers Cisco’s next-generation firewalls to its customers, integrating them directly into managed cloud services.