For most businesses, the rapidly changing nature of the modern data center poses a significant security challenge. The data center remains the heart of digital enterprises, and IT departments are looking for solutions to make the data center accessible anytime, anywhere. At Cisco, we have redefined security for the modern data center by delivering visibility, segmentation, and threat protection at the process, application, fabric, and network level.

Modern Data Center

Before explaining the Cisco approach to securing the modern data center, it is imperative to further address the challenges businesses are facing. The modern data center is extremely dynamic, and there are three significant trends: big and fast data, application architecture, and hybrid cloud.

Virtualization, Cloud, and Software Defined Network (SDN) are new technologies that are increasingly being deployed in the data center, changing its scope and function. Today, the demand for sharing information rapidly has increased. For this reason, there is more traffic passing east-west across servers in the data center than travelling in and out of the data center. Security and capability within the data center has become as important as threat protection at the perimeter.

The workloads are now dynamic and increasingly moving across multiple on-premises or physical data centers and across private, hybrid cloud and multi-public cloud environments. As workloads dynamically expand and contract, the underlying security policies must adjust in real-time to seamlessly follow the workloads wherever they go.

DevOps teams are moving to continuous integration and continuous development (CICD). In addition, they are rolling out new applications and services quickly to keep up with the rapid speed of business. New technologies like microservices, containers, and APIs are transforming how applications are being designed.

In order to secure your data center in a multicloud world, your business must know where all of these workloads are. This requires more visibility in your entire network.


With ever-changing, dynamic applications and workloads, it can be extremely difficult to understand all of the activity within your data center. Cisco Tetration provides crucial insight into these workloads and applications. Tetration captures the complex nature of these applications and workloads by developing application dependency maps. These maps provide IT departments with a comprehensive visual representation of their data center activity. As a result, IT departments can finally understand which web servers are interacting with which applications. By understanding application dependencies, IT departments can leverage enhanced contextual awareness of users, networks, and applications to create a better approach to segmentation and data center security. As the nature of data center activity changes, network behavioral analysis like this becomes increasingly important.

While Tetration provides enhanced visibility within the data center, Cisco Stealthwatch allows for enhanced visibility across the entire network end-to-end. With Cisco Stealthwatch, IT departments can quickly see the users, devices, and traffic flows that are coming from branch and campus offices to the data center. Additionally, there is full visibility of the network and data flows out to the cloud, as well as activity within cloud infrastructure such as Amazon AWS, Google Cloud Platform, and Microsoft Azure.

Understanding the traffic throughout the entire network provides crucial information for segmentation. Businesses can quickly map out which branches or users have access to specific applications or resources. If there is unauthorized or suspicious access, threats can quickly be controlled and remediated. In a multicloud environment like today, the analytics and visibility from Stealthwatch are imperative.

Stealthwatch Cloud For Leading Cloud Platforms


One of the key benefits of Stealthwatch is that it is cloud-native threat detection. Stealthwatch utilizes cloud platform APIs to access the data needed for analysis. For this reason, it requires no additional cloud infrastructure, so it can be deployed within minutes without the need for agents. Because Stealthwatch is vendor agnostic, it can be deployed to any network environment, on-prem, in a virtualized setting, within cloud infrastructure, etc. Regardless of the environment, it uses the data to provide unparalleled visibility and low-noise, high-value alerts. Rather than flood your business with your alerts, Stealthwatch is able to separate the truly helpful alerts out. In fact, 95% of Stealthwatch’s alerts are deemed helpful by clients.


Through micro-segmentation and application whitelisting, IT departments can efficiently and intelligently segment their data center. Segmentation reduces the attack surface and prevents threats from moving laterally across the servers.  Segmentation must now be enforced at multiple areas in the data center.  By attaching security to workloads in the form of multi-layered segmentation, businesses can have dynamic control of their workloads wherever they go. This includes workloads across the perimeter, on the fabric, and on the server and application process. Our approach enables consistent and granular policy enforcement on the workloads across Cisco Next-Generation Firewalls (NGFW) at the perimeter and Cisco Nexus 9000 Series Switches on the ACI Fabric. In addition, Cisco Tetration enforces policy across Cisco Hyperflex, Cisco UCS servers, and application processes. This allows you to consolidate silos of policy and automate the enforcement of policy on the workloads as they move across data centers and multicloud environments.

Tetration application segmentation

Because all three products work together, IT can quickly implement and enforce consistent security policies across the entire data center. The NGFW protects the perimeter with granular access control across north-to-south traffic flows. Cisco ACI on Nexus 9k Switches provides fabric-level protection and moderates east-to-west traffic. Finally, Cisco Tetration enables protection down to the server and application process level.

Tetration takes a holistic and full lifecycle approach to workload protection and application segmentation. Cisco Tetration collects over one hundred attributes from thousands of workloads, infrastructure (network, load balancers, AWS), orchestration systems, and other systems of record in real-time. This includes metadata about every process, every software package, and every flow/packet to name a few. Tetration monitors for workload attributes in real time.

In addition, Tetration decouples the policy creation and translation from policy enforcement. It enforces policy on the workload natively, and also streams that same policy to Cisco infrastructure elements such as Cisco firewalls, ACI Fabric, the public cloud, and more. The same policy model is used for bare metal, virtual and containerized workloads, both on-premises and in the public cloud.

Tetration can compute and enforce the policy rules based on the change, in real-time. If a new software vulnerability is found, or a host gets compromised, the Tetration policy model can quarantine the culprit in seconds.

Threat Protection

Visibility and segmentation prepare businesses for threats, and often, they prevent breaches. At some point, however, every network will experience a breach. It is unavoidable. The key is to stop the breach by deploying multilayered threat sensors strategically in the data center. Threat sensors quickly prevent hackers from stealing data or disrupting operations by dynamically detecting, blocking, and responding to threats.

The increased use of mobile and web applications can strengthen customer loyalty, but this trend increases the attack surface and creates other avenues of attack. Also, the influx of new vulnerabilities and exploits across networks, applications and systems, and increased complexity with staying current with the latest patches introduce new attack vectors for hackers to bypass traditional security defenses. Employees may unwillingly compromise the business and contribute to a data breach. Hackers often begin by gaining access to an employee’s authentication credentials. They gain access by infecting an endpoint device with malware or using a phishing attack or other social engineering technique to trick users into supplying their credentials. Once the credentials have been provided, the hacker can now gain “authorized” access to a server or servers within the data center, access more user accounts, and continue towards the target server where the data theft occurs.

Businesses can mitigate the disruption and the impact from a breach by deploying comprehensive, integrated security products that work together in an automated process. This streamlines threat protection, detection, and mitigation.

Cisco offers a wide portfolio of products like Cisco Next-Generation IPS (NGIPS), Advanced Malware Protection (AMP), Stealthwatch, and more to provide robust threat protection. In addition, all of these products are enabled with threat intelligence from Talos, one of the largest commercial threat intelligence teams in the country. Talos blocks 19.6 Billion threats per day and 2.5 Million threats per second.

Cisco NGIPS, AMP, and Stealthwatch are all security monitoring tools, that can be deployed to quickly see threats and work intelligently with Cisco ACI and Tetration to deliver comprehensive threat protection capabilities. With these products, businesses can find and block more threats and quickly contain and mitigate those that do breach your data center.

Cisco can truly offer the only integrated solution that protects workloads EVERYWHERE. Whether your workloads are in on-prem or in private, public, or hybrid clouds, Cisco data center security solutions to achieve greater availability, agility, and performance.

Cisco has a new architectural solution to secure the modern data center in a multicloud world. Cisco has the most comprehensive security solution and we are the only vendor that can truly protect the workload everywhere.

For more information on this topic you can watch the Innovation Session I delivered with Roland Acra at CiscoLIVE in Orlando.



Jeff Reed

SVP/GM of Cloud and Network Security

Security Business Group