Keeping applications safe and secure in a time of remote work
Businesses around the world have quickly moved to a remote worker initiative, with more users accessing critical workloads outside the traditional workplace than ever before. New attack vectors are inadvertently being introduced to businesses as users are accessing their workloads outside the traditional 4-walls of the workplace and the security protection those 4 walls provide.
To combat the uncertainty and risks introduced by mobilizing a greater than normal remote workforce, it is critical that IT maintains visibility into the network and application behavior from the source of both the users’ remote access machine as well as the critical workloads they’re accessing in the data center, cloud or both (Figure 1). Additionally, it is critical for cybersecurity operators to be able to move to a whitelist/zero-trust segmentation model for network traffic they deem critical for the business to function and do so in a way that can be implemented in a matter of minutes.
Figure 1 – Example of hybrid deployment with remote access to critical workloads
Cisco Tetration and Cisco AnyConnect are paired together to provide comprehensive security for workload protection needs that customers are having during these volatile times. These technologies allow IT operators to mitigate many risks to their critical workloads introduced by having an increased attack surface at the “access” layer of their network and also enforce policies to secure the edge and the workloads. Let’s take a look at the two most relevant use-cases:
Use Case 1 – Gain visibility to network and application behavior of the remote workforce and the workloads they’re accessing. Figure 2 shows exactly how AnyConnect and Tetration work together by sharing telemetry to provide granular level visibility:
Figure 2 – Tetration and AnyConnect Integration
Use-Case 2– Easily implement whitelist network policies that protect access to workloads themselves. Figure 3 demonstrates Tetration enforcing enterprise wide policies that affect the organization as a whole. Figure 4 shows Tetration enforcing policies based on application and workload behavior remain compliant. Having these policies across workloads running anywhere (on-prem, cloud or both) adds the needed protection that stretches beyond perimeter security. With workloads being remotely accessed, micro-segmentation prevents later movement of threats reducing surface attacks.
Figure 3 – Enterprise-wide policies on Tetration
Figure 4 – Policies on workload based on workload behavior
Now let us dive into the critical elements that help you maintain full visibility and monitor your security policies as your environment evolves. Note all images below are demonstration derived from running Tetration.
Visibility is key—quickly see what applications are being accessed by remote users (Fig.5).
Figure 5 – Applications are accessed by remote users
Gain control— with deeper insights you have more power to take better IT decisions. Get an understanding of your workload data flow without the added overhead of manual interrogation (Fig.6). With the help of Tetration agent running on each workload, you also have the log on the processes that have been accessed (Fig7).
Figure 6 – Details flow data Figure 7 – Get the accessed process using Tetration Agent
Search optimization—get granular search results using user details. Historically, this has been a challenge, but with this capability, it will save you time of deeper intervention (Fig.8). Go further by filtering allowed communication policies amongst workloads by searching AD groups (Fig. 9)
Figure 8 – Filter based on AD user Figure 9 – Filter allowed communications based on AD Group
Cisco Tetration and AnyConnect can help you ramp up your remote access goals securely. Request a demo now.
I want to thank my colleagues for helping provide insight on writing this blog, Mike Delaguardia and Mazen Al Jundi.