Cisco Tetration Analytics A Path to Secure Zero-Trust in an Application-Centric World

Jothi Prakash & Benny Van de Voorde

October 13, 2016

Jothi Prakash & Benny Van de Voorde

Cisco Tetration Analytics A Path to Secure Zero-Trust in an Application-Centric World

13th October, 2016

Agenda

• Challenges in Modern Datacenter Operations

• Cisco Tetration Analytics Overview

• Use cases Demo

• Application Insight with Cisco IT

• Visibility and Forensics

• Policy Analysis

• Policy Enforcement Options

Modern data centers are getting increasingly complex

• Zero trust model

• Multi cloud orchestration

• Application portability

Hybrid cloud

• Increase in east-west traffic

• Expanded attack surface

• Open source

Big and fast data

• Continuous development

• Application mobility

• Micro services

Rapid app deployment

Customers Need a New Approach to …

1 2 3

Map IT investment to drive

business policy

Break organizational

siloes

Mitigate risk from adversaries

and disasters

Cisco Tetration Analytics™

Application

Insight

Policy

Simulation

and Impact

Assessment

Automated

Whitelist

Policy

Generation

Forensics:

Every Packet,

Every Flow,

Every Speed

Policy

Compliance

and

Auditability

Cisco Tetration Analytics – Use Cases

Cisco Tetration Analytics Architecture Overview

Analytics Engine

Cisco Tetration

Analytics™

Platform

Visualization and

Reporting

Web GUI

REST API

Push Events

Cisco Confidential-NDA Required

Data Collection

Host Sensors

Network Sensors

Third-Party

Metadata Sources

Tetration

Telemetry

Configuration

Data

Cisco Nexus®

92160YC-X

Cisco Nexus

93180YC-EX

VM

Multiple Sensors and Data Sources

Low CPU Overhead (SLA enforced)

Low Network Overhead (SLA enforced)

Cisco Confidential-NDA Required

Host Sensors NW Sensors 3rd Party

Linux VM

Windows Server VM

Bare Metal (Linux and Windows Server)

Hypervisors

Containers

Nexus 9200-X

Nexus 9300-EX

Geo

Whois

IP Watch Lists

Load Balancers

…

Highly Secure (Code Signed, Authenticated)

Every flow (No sampling), NO PAYLOAD

Available at FCS Next Generation 9K switches Future releases 3rd party Data Sources

Hardware Sensor and Software Sensor

Accumulated Flow Information (Volume…)

Software Sensor

Process mapping

Process ID

Process owner

Hardware Sensor

Tunnel endpoints

Buffer utilization

Burst detections

Packet drops

Flow details

Interpacket variations

Platform Built for Scale

Real Time

and Scalable Secure Easy to Use Open

Every Packet, Every Flow

Horizontal Expansion

Long-term Data Retention

Secure Design

Two-factor Authentication

Role Based Access

One Touch Deployment

Self Diagnostics

Self Monitoring

Standard Web UI

Event Pub/Sub (Push)

REST API (Pull)

Use Cases and Demo Application Insight

Visibility and Forensics

The DC with Tetration

Private

VM VM VM BM

Nexus 9K

Public Applications Insight

Performance

CMDB accuracy

Security & Auditing

Tetration

Analytics Engine

Other Data

Platforms

Applications Insight (DC Network) • Dependency Mapping / ACI Migration

Application Performance • Benchmarking on the Network

• Deviation Detection

Service Now Integration • Application and Infrastructure Inventory

• Increase Operational Insights

Security • Auditing

• Security Enforcement

• Policy Verification ~ ‘what if’

• Threat Detection / DDOS / …

Increased

Visibility

Insightful

Data

Tetration Analytics: Advancing Cisco IT

Multi-

Purpose

Use

Cases

Network Flows + Server-level Information + Analytics

now exploring

exploring

Regions – Locations for Tetration Cluster.

CA,

DCs MTV/SJC

TX,

DC1 Allen

TX,

DC2 RCDN NC,

DCs in RTP

DC

Ams

DCs

in APAC

TA cluster

in MTV5 TA cluster

in Allen

TA cluster

in RTP5 tbd tbd

Jan ‘17

US West US Central US East EMEA APAC

Status today:

• 2 Clusters installed (US West Coast)

• 3rd just installed (US East Coast)

• 4th coming (US Central)

• Agents on servers only

• 4000 Agents running on Linux Servers / Windows Servers

• +5000 next month

• New Nexus 9k (ACI) Hardware coming in our DCs in End of Oct/Nov timeline

To Date, Cisco IT

has only

deployed

software Agents

In the TA tool

Process

ACI

EPGs

&

Contracts

Validation

Json normalized

Pull Data

(multiple sources)

Routing info

DNS zone file

All SLB config

Known app groups

Create workspace

Upload normalized

data

Run TA Algorithm

Create Application

View

= massage, filter

output

TA admin network admin

App team

Security

team

TA admin

Use Case Demo Policy Analysis

Policy Enforcement

Get To Zero-Trust Model

APIC Application Policy

Recommendation

Import Policy using ACI

Toolkit

Automatic creation of EPGs

and Contracts

Real

Time

Data Network

Policy

App Policy Tetration

Analytics

UCS

Cisco Nexus 9000 Series

UCS

Enforcement Anywhere

Cisco

Tetration

Analytics™

Cisco ACI™ and Cisco Nexus® 9000 Series

Standalone

Linux and Microsoft Windows

Servers and VM

Public Cloud

Data

Whitelist policy Whitelist policy {

"src_name": "App",

"dst_name": "Web",

"whitelist": [

{"port": [ 0, 0 ],"proto": 1,"action":

"ALLOW"},

{"port": [ 80, 80 ],"proto": 6,"action":

"ALLOW"},

{"port": [ 443, 443 ],"proto": 6,"action":

"ALLOW"}

]

}

• Cisco ACI EGP/Contract Integration via Cisco ACI Toolkit

• Traditional Network ACL

• Firewall Rules

• Host Firewall Rules

Amazon

Web

Services

Microsoft

Azure

Google

Cloud

Summary

Pervasive flow

telemetry that

supports

infrastructure for

multiple data

centers at scale

Ready-to-use

solution to address

critical data center

operational

use cases

Self-monitoring

and eliminate the

need for

in-house big data

expertise

Open platform

and northbound

APIs enable

transparent

integration

VM

Accelerated

adoption and

comprehensive

Solution

support with

Services

http://www.cisco.com/go/tetration

Thank you for watching.