Secure Workload Security: Extending Micro Perimeters and Automation to Business IaaS
This post had been authored by Frank Dickson, Plan Vice President, Cybersecurity Items, IDC
The very best kept secret in cloud workload security is that Cisco is number 2 in revenue market share in accordance with IDC, just shy of $100 million in 2019 and almost certain to exceed $100 million in 2020 (please keep tuned in). The explanation for the “secret” is that the road that Cisco has had is really a bit atypical for Cisco. In other security markets, entry has been made through acquisition, including Duo Security, CloudLock, Sourcefire, Lancope, Threat and opendns Grid to mention a few. In cloud workload safety, Cisco were only available in a different location; its organically grown, focusing on the requirements of enterprises compared to the cloud native start-ups rather. Of targeting workloads natively developed in greenfield IaaS opportunities instead, Cisco targeted existing applications if they maintain on-premises originally, private clouds (basically virtualized datacenters) or in public areas clouds, the enterprise remedy addressed enterprise pain factors.
The goal was to greatly help datacenter administrators with security measures for enterprise applications. Application dependencies could be opaque extremely. Thus, protection of “those” applications could be challenging quite. You understand “those” applications-the applications critical to the business enterprise but written twenty years ago in COBOL by developers who left years back. And, by the real way, “those” applications are very brittle typically. And there may be a complete large amount of them in an adult datacenter.
The Role of Cisco Secure Workload
Cisco Secure Workload (formally referred to as Tetration) addressed issue of protecting existing applications in virtualized datacenters in addition to in public areas cloud by changing the enforcement scope from hard perimeter-based strategies (the macro) to the micro (the workload). The answer functions by automating application dependency for policy and visibility generation. Thus, allow-list policies could possibly be generated, and enforced directly on the workload itself.
Essentially, think about Cisco Secure Workload as creating visibility in a sea of applications and enable the careful enforcement of L3 and L4 micro perimeter segmentation policies. A data administrator might not have to understand the functions of all components of a credit card applicatoin. However, now the administrator will understand that an application can only just communicate only on required ports and protocols to required workloads there through the elimination of hackers try to laterally move and breach applications.
As enterprise customers migrate some or all their workloads from on-premises private clouds to IaaS, Cisco Secure Workload extended the micro perimeter segmentation method of hybrid multicloud workloads essentially.
Today, L3 and L4 micro perimeter policies predicated on application behavior is simply not enough for enterprises alone. Enterprises have security operations centers (SOCs) that address of the requirements of the oceans of on-premises and cloud compute resources. These SOCs aggressively leverage automation to tackle the Herculean task of cloud workload security; automation demands integration. To handle 2021 enterprise needs, Cisco Secure Workload includes a plethora of integrations to increase these micro perimeter policies definitions.
A significant security need was addressed by Cisco Secure Workload’s native integration with the Cisco Firepower Management Center (FMC), the cornerstone of Cisco perimeter automation. Within datacenters, datacenter firewalls create the macro perimeter and at the security zone boundaries. Native integration with FMC allows Cisco Secure Workload to push policies to Cisco firewalls, extending micro perimeters with macro perimeter enforcement. An integral benefit of that is to effectively segment application workloads where Cisco Secure Workload cannot natively enforce policies on the workload itself. This macro perimeter integration isn’t Cisco-limited, as integrations may also be designed for load balancers such as for example F5 and Citrix and third-party firewall products through orchestration platforms such as for example AlgoSec and Tufin.
Finally, ingesting security intelligence through STIX/TAXII, the accepted standards for threat intelligence widely, has been turn into a critical requirement. Organizations might sign up to numerous threat intelligence feeds. A lot of indicators of compromise (IOC) will never be relevant; some IOCs will be critical. Locating the relevant IOCs and at scale via automation is really a 2021 enterprise requirement accurately, as SOCs cannot spare valuable analysts perform such repetitive yet important tasks. Cisco Secure Workload will ingest security intelligence through STIX/TAXII and automate the procedure now.
The bigger point is that Cisco took another method of workload security, concentrating on the requirements of the enterprise. The company’s micro perimeter and integration strategies highlight the idea. Frankly, greenfield IaaS use cases are easier; Cisco is seeking to help address the utilization cases that aren’t so easy.