Cisco Blogs
Share

The Goldilocks Zone: Cloud Workload Protection, an Introduction


March 5, 2018 - 0 Comments

What is the Goldilocks Zone?

Life evolved on Earth because multiple factors came together in the right place at the right time. NASA coined the term “Goldilocks Zone” to describe the places where the conditions needed to support life are present.

An effective cloud workload protection solution also must live in the Goldilocks Zone. Effective public or private cloud workload protection requires particular criteria and specific building blocks to provide robust security. This zone starts at the compute and network infrastructure edge and moves deep inside the workload, watching and controlling – by enforcing the appropriate policy – all of these components at each of the layers.

The building blocks of an effective cloud workload solution at scale include:

  1. Visibility: High resolution visibility on the network, compute and storage planes inside the workload, as well as some visibility into the infrastructure layer;
  2. Vulnerability detection and management;
  3. Full lifecycle management of micro segmentation policy;
  4. Application behavior analysis;
  5. Application whitelisting;
  6. File Integrity, memory monitoring, memory subsystem monitoring; and
  7. Deception and decoys.

In this new software release of Tetration, all the highlighted building blocks are covered – all in a single product. (For a deeper dive into each of these, please read the white paper The Goldilocks Zone: Cloud Workload Protection)

  • Tetration checks each workload for vulnerable software packages (based on the last 19 years of NIST CVE data).
  • Tetration computes the SHA256 hash of every process and cross checks that with threat intelligence.
  • Tetration tracks every process running on the workload and observes the process, file system, and server user behavior.
  • Tetration uses its large data lake to store this information, then processes these to find indicators of bad behavior on the machine.
  • Tetration collects data from multiple machines and can cross correlate information. Using this, Tetration can detect multiple forms like shellcode, privilege escalation, and side channel attacks like Meltdown and Spectre, etc.
  • Tetration marries this information (CVEs, packages, etc.) with enforcement policy for workload protection.
  • Tetration streams its policies in an open format (but encrypted) over Kafka to other authorized enforcement points in the infrastructure (whether it’s from Cisco or not).
  • Tetration supports enforcement of policies on containerized workloads, with policies personalized for the service pod.

In previous releases, Tetration shipped scaled-out solutions for:

  • High-resolution, long duration visibility;
  • Full lifecycle management of micro segmentation – policy discovery, policy simulation and test (back dated or current), policy enforcement and compliance; and
  • Multiple enforcement points through deep ecosystem support in the hybrid cloud environment and for current and future facing workloads like containers.

To learn more about these new Tetration capabilities, read the white paper and visit us at  www.cisco.com/go/tetration.

 

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.