The key characteristics and intent of Cisco Tetration are workload protection and functionality. Hybrid cloud workload protection collects telemetry information about communication across infrastructures and baselines it to identify deviations.
Cisco provides a dynamic mechanism that uses machine learning to generate and maintain policies allotted by the applications. Once policies are enforced, they will continuously track for compliance as the applications evolve as well. Behavior deviations have default options available out of the box but are also definable by users for business-specific customizability. Tetration also offers software vulnerability monitoring. Software is often used as a pivot point in attacks, so it’s necessary to identify vulnerabilities early. Customers can tie vulnerabilities and servers to policies within workloads.
Baseline policy is generated from application workspaces using a blueprint of observed process behavior, application insights, and network communications. This blueprint can be visualized in a chart with application dependency mapping. Customers can identify different clusters and how many members each cluster contains. This blueprint can be used to create a baseline whitelist policy based on observed application communication behavior.
There are three elements making up the segmentation policy: workload context and metadata, third-party integrations and customizable information access to users and groups. These are also autogenerated based on application behaviors and can be combined for a unified policy. Tetration offers integration with CMDB systems and any third-party systems able to be loaded into the Tetration platform via API.
Workloads are protected from deviations like privilege escalation, shellcode execution, side channel attacks, raw socket creations, and user login activities. It checks process hash sanity based on NIST RDS database and hash consistency across different layers of the applications. Administrators can upload information for custom whitelisting. Temporal analysis baselines behaviors and addresses seasonality to look for deviations and detect anomalies in traffic volume between workloads. You can map different alerts to different mechanisms.
Composite security scores are populated in an intuitive dashboard. This gives customers a 90-day view of trending data and the ability to drill down from the data center level to an application level. Users can run experiments on policies using historical data before deploying and enforcing them. They can also revert to previous versions of policies. This customizability ensures seamless merging of policies. Once policies are rendered and active, they are monitored continuously.
There is also 24/7 support included via phone or by submitting a ticket via email.
Tested by Matthew Hreben