Securing Workloads Across Your Entire Environment

Cisco Secure Workload (CSW) formerly "Tetration" is a powerful tool to be leveraged on the journey to Zero Trust security. Business Technology Architects' S.I.M.P.L.E. method for CSW adoption helps customers deploy quickly, delivering immediate visibility and a proven process that accelerates policy development and the realization of a sustainable and scalable framework for zero trust enforcement and operations in weeks versus months or years.

Policy Re-Usability

One of the significant customer challenges BTA sees with our customers is difficulty enforcing segmentation at different points in the network, such as translating CSW discovered policy and enforcing that in Data Center Fabrics, Firewalls (Internet Edge, Data Center, Campus, etc.) or other policy enforcement points. CSW sees all traffic in the environment and can provide a global view of flows into, out of and within the Data Center and Cloud workload environments. This allows us to create a hierarchical policy that can be optimized for enforcement in various places in the network. With CSW, we develop a common policy higher in the tree that can be used by other platforms or enforced by CSW. The key here is that we deploy only the application-specific "whitelist" or allowed policy to the workload and do not burden it unnecessarily with a bloated rule set.

Verification/Visibility

When considering the integrity and security of an environment, ensuring that policies have been and continue to be successfully enforced is crucial. Insight into the performance of policies is straightforward in CSW, and is easily confirmed on the platform. There, the user can check on the deployed policy and identify unauthorized traffic being dropped. A great example here is securing jump hosts, by creating a rule set for all hosts that only a group of selected jump hosts can perform remote management tasks you mitigate that direct vector to the workloads. Additionally building a strict policy for connectivity to jump hosts similarly protects them so they cannot be accessed from a non-company owned network segment or authorized VPN environment.

In-depth Forensics

The inability to identify and research suspicious traffic or activity is a serious liability. CSW solves this problem by facilitating rapid investigation of incidents and will provide detailed data on how traffic entered the network and all endpoints that are communicated with for every host that has an agent on it. A real-world example recently found in a customer environment:

  • A host without an agent in development mistakenly has production credentials put on a public file share (which is why you should put CSW agents on dev hosts).
  • The CSW platform can still show any server in the environment with an agent that it has communicated with the compromised host.
  • Had an agent been deployed on the dev host, a simple network traffic rule not allowing dev to speak to production, or the internet could have mitigated the exposure

Flow Sampling does not tell the whole story.

Sampled flow data is not sufficient for security applications, as some advanced persistent threats and malware are incredibly quiet during the reconnaissance phase and may only send a single packet to report in or request instructions. This is where sampling does not meet the baseline requirement for complete visibility. The potential to miss a single critical communication that may not have been sampled will obviate your security controls. With CSW, every packet/flow is accounted for; all flows, even a single "innocuous" UDP query packet with no response will be accounted for and visible. CSW can run as a standalone as a service platform and is also part of the Cisco SecureX integrated portfolio of security products delivering a high degree of confidence and auditability of policy that is developed and deployed throughout the enterprise. Working with BTA is S.I.M.P.L.E. To learn more about protecting your environment with Cisco Secure Workload, visit us at www.GoBTA.com.

Show

Get In Touch

If you would like to learn more about BTA's services and capabilities, please out the form below or give us a call and we will be in touch shortly.

1750 Founders Pkwy

Suite 154

Alpharetta, GA 30009

678 - 951 - 8980

Contact Us