Building and enforcing defense-in-depth with Cisco Tetration and AlgoSec

In a recent webinar, Jothi Prakash, Senior Product Manager at Cisco, and Yoni Geva, Product Manager at AlgoSec, discussed how organizations can tighten their security postures with micro-segmentation and an allow list approach

Today’s business networks are increasingly complex, with highly dynamic applications running in multi-cloud environments made up of various workload types, from bare metal to virtual. Add to this the fact that application behaviors are unique to each environment, which contributes to an increase in the attack surface and creates gaps in the security infrastructure.

The move to hybrid cloud environments has created a shift in security threats, with more cybercriminals targeting applications and API endpoints that are being used in data centers or workloads, as seen with the Kinsing Malware attacks earlier this year.

Using a traditional perimeter-based security approach alone is ineffective when addressing these new challenges. That’s why organizations are increasingly migrating to a defense-in-depth strategy. While it is widely acknowledged that micro-segmentation protects your workloads and applications against lateral movement of malware and limits the spread of insider threats, successfully implementing this type of ‘allow list’ defense strategy is complicated.

When dealing with distributed, dynamic applications, this approach requires deep insights into applications and their dependencies. It also requires the capability to apply business context and automation to core security policy management processes, such as change management, risk and compliance assessment, and auditing. This is made even more complex across hybrid network estates, with on premise data center, ACI and cloud networks utilizing solutions from a range of vendors.

However, by combining the strengths of the Cisco Tetration platform for application policy discovery and workload-based enforcement, with the AlgoSec Security Management Solution for the optimization and control of infrastructure-based segmentation, you can apply defense-in-depth security for applications running in any infrastructure and any cloud. Here’s how.

Securing application workloads with Cisco Tetration

The goal of Cisco Tetration is to secure application workloads across any infrastructure, any cloud, and any technology from bare metal to serverless. It focuses on four main areas:

Minimizing the lateral movement of threats

Micro-segmentation is a foundational element of Cisco Tetration. The primary challenge is how you define the policy for a given application. We see a lot of customers flying blind, unsure what the east to west traffic actually looks like for those applications. Tetration provides a mechanism to autogenerate the granular micro-segmentation policy, using an ‘allow list’ approach that takes you a step closer to a Zero Trust model.

Automating security policy management

After defining the micro-segmentation policy, you need to be able to enforce it, no matter where your workloads and applications are. Applications in the data center are dynamic, which means they constantly change and often exist both on-premise and in the cloud. For example, an application could be based in the on-prem data center but three months later your application team may move that to the public cloud. Tetration offers you a consistent enforcement mechanism across the infrastructure.

Enforcing and monitoring your policies

With your micro-segmentation policy in place, the next step is being able to enforce it confidently. Before rolling out the policy, Tetration allows customers to test policies with real-time or historical data to determine what the outcomes would be and share that information with the application team to address any errors before launching. Once that has been finalized you can enforce the policy from Tetration, which then pushes it directly to the workload itself, using the operating system firewall mechanisms.

Achieving continuous compliance

Once you have defined and enforced the policy, Tetration then continuously monitors the behavior of the policy to ensure it is compliant and identifying any deviations in a proactive fashion. If there are any irregularities, then Tetration generates alerts so you can take action immediately and the policy will be updated depending on your decision.

Real-time control and total application visibility with AlgoSec

Once connectivity and dependency mapping has been created through Tetration, the AlgoSec solution takes this information and integrates it into the enterprise’s wider network security infrastructure, including on-prem firewalls, SDN and public cloud , automatically tagging security policies across every device, platform and technology that support critical business applications.

With automated data import from Tetration to the AlgoSec solution, users receive automatic, near real-time updates across their network, enabling them to identify what changes have been made and take an appropriate course of action.

By integrating the AlgoSec solution with Cisco’s Tetration platform, customers have access to a single source of truth for application connectivity policies, giving them a business-centric view of their security posture, eliminating inconsistencies and tedious troubleshooting, and supporting continuous compliance with a fully documented audit trail.

You can watch the recorded webinar here.