Managing business application connectivity with Cisco Tetration Analytics and AlgoSec

The heart of the data center, today’s business applications are highly dynamic with communication flows between the various application components that are constantly changing to support business continuity and digital transformation initiatives.  This constant state of flux increases the organization’s attack surface and creates gaps in the security infrastructure, which network and security operations teams are struggling to plug.

Cisco has recently introduced a new product that addresses this exact need for application connectivity visibility and enforcement – Cisco Tetration Analytics™.

The Cisco Tetration Analytics platform addresses these requirements using unsupervised machine learning, behavior analysis, and algorithmic approaches. It provides a ready-to-use solution to accurately identify applications running in the data center and their dependencies and the underlying policies between different application tiers. In addition, the platform is designed to normalize and automate policy enforcement within the application workload itself, track policy compliance deviations, and keep the application segmentation policy up-to-date as the application behavior changes. With this approach, the Cisco Tetration Analytics platform provides consistent application segmentation across virtualized and bare-metal workloads running in public and private clouds and on-premises data centers.

We, at AlgoSec, are very excited that Cisco has joined the efforts to solve these problems for enterprise customers, and that we share the same business-driven security policy management philosophy.

Being a Cisco technology partner for many years, we immediately sat together with our colleagues in Cisco, mapped capabilities and interesting use-cases, and designed a joint solution to provide even more value to our customers.

Through a seamless integration, the AlgoSec and Cisco Tetration solution provides application connectivity visualization, and extends it to the underlying network security infrastructure. This provides the network and security teams with business context for their firewall rules and policies, as well as for security risks and vulnerabilities. In addition, it extends Cisco Tetration Analytics’ application segmentation and policy enforcement capabilities to all network security devices across the enterprise network – physical or virtual, on-premises or in the cloud – overlaying and automatically applying translated whitelist policies generated by Algosec based on Tetration output to a wide variety of security devices and platforms.

How does it work?

First, Tetration Analytics performs the automatic application discovery, utilizing its hardware and software sensors and its machine-learning analytics. Then, once clear application connectivity and dependency mapping is created, AlgoSec further leverages this information, and ties it into the underlying network security infrastructure – automatically tagging every security policy rule on every security device, platform and technology, with the business application it supports. You can then easily search for all rules supporting a specific application.

AlgoSec also ties the business application context into detected security risks, vulnerabilities, and compliance gaps – so you can manage security tasks with the business impact in mind. Through the integration, information about vulnerabilities is also pushed to Tetration to provide visibility everywhere.

Finally, AlgoSec can automatically generate whitelist policies based on actual application behavior, and then push the policies to the relevant network security devices – on-prem, on private or public clouds, and across multiple vendors, as required in today’s hybrid environments.

It is exciting to see the joint solution we designed coming to life, and being presented in both the AlgoSec booth (#1036), and the Cisco Data Center booth at Cisco Live 2017 in Las Vegas this week

Come see us there!