Cisco Secure Workload (CSW) formerly "Tetration" is a powerful tool to be leveraged on the journey to Zero Trust security. Business Technology Architects' S.I.M.P.L.E. method for CSW adoption helps customers deploy quickly, delivering immediate visibility and a proven process that accelerates policy development and the realization of a sustainable and scalable framework for zero trust enforcement and operations in weeks versus months or years.
One of the significant customer challenges BTA sees with our customers is difficulty enforcing segmentation at different points in the network, such as translating CSW discovered policy and enforcing that in Data Center Fabrics, Firewalls (Internet Edge, Data Center, Campus, etc.) or other policy enforcement points. CSW sees all traffic in the environment and can provide a global view of flows into, out of and within the Data Center and Cloud workload environments. This allows us to create a hierarchical policy that can be optimized for enforcement in various places in the network. With CSW, we develop a common policy higher in the tree that can be used by other platforms or enforced by CSW. The key here is that we deploy only the application-specific "whitelist" or allowed policy to the workload and do not burden it unnecessarily with a bloated rule set.
When considering the integrity and security of an environment, ensuring that policies have been and continue to be successfully enforced is crucial. Insight into the performance of policies is straightforward in CSW, and is easily confirmed on the platform. There, the user can check on the deployed policy and identify unauthorized traffic being dropped. A great example here is securing jump hosts, by creating a rule set for all hosts that only a group of selected jump hosts can perform remote management tasks you mitigate that direct vector to the workloads. Additionally building a strict policy for connectivity to jump hosts similarly protects them so they cannot be accessed from a non-company owned network segment or authorized VPN environment.
The inability to identify and research suspicious traffic or activity is a serious liability. CSW solves this problem by facilitating rapid investigation of incidents and will provide detailed data on how traffic entered the network and all endpoints that are communicated with for every host that has an agent on it. A real-world example recently found in a customer environment:
- A host without an agent in development mistakenly has production credentials put on a public file share (which is why you should put CSW agents on dev hosts).
- The CSW platform can still show any server in the environment with an agent that it has communicated with the compromised host.
- Had an agent been deployed on the dev host, a simple network traffic rule not allowing dev to speak to production, or the internet could have mitigated the exposure
Flow Sampling does not tell the whole story.
Sampled flow data is not sufficient for security applications, as some advanced persistent threats and malware are incredibly quiet during the reconnaissance phase and may only send a single packet to report in or request instructions. This is where sampling does not meet the baseline requirement for complete visibility. The potential to miss a single critical communication that may not have been sampled will obviate your security controls. With CSW, every packet/flow is accounted for; all flows, even a single "innocuous" UDP query packet with no response will be accounted for and visible. CSW can run as a standalone as a service platform and is also part of the Cisco SecureX integrated portfolio of security products delivering a high degree of confidence and auditability of policy that is developed and deployed throughout the enterprise. Working with BTA is S.I.M.P.L.E. To learn more about protecting your environment with Cisco Secure Workload, visit us at www.GoBTA.com.