Avatar

There are many benefits to using a cloud provider like Amazon Web Services (AWS). Better capacity planning with the flexibility to scale up or down to adjust to your business needs, the ability to rapidly deploy applications globally to better serve your customers, and a pay-as-you-go, consumption model, where you pay for only the computing resources you consume.

When deploying applications in public cloud, it important to understand the Shared Responsibility Model. In short, it places responsibility for security in the hands of both the cloud provider and the customer. The cloud provider is responsible for the security of the cloud and its infrastructure that runs the cloud-based services and the customer is responsible for securing their applications, workloads, and data hosted in the cloud.

However, as more organizations move their applications and workloads to the cloud, the complexity of their environment increases.  They can lose visibility into their cloud-based workloads, and those blind spots can be fatal.  No matter how secure a cloud provider is, inconsistent protection and lack of comprehensive visibility and control can leave organizations vulnerable.  Gartner estimates through 2025, 99% of cloud security failures will be the customer’s fault.*

As organizations embrace the cloud model, they’re investing in infrastructure that’s more dynamic and distributed, and as a result, security must become more dynamic as well. Fundamentally, to be protected, organizations must have visibility and control over their environments.  With on-premise data centers, it was challenging enough to protect critical applications, workloads, and data from attack, breach, and theft.  The hybrid cloud, public cloud environment makes the complexity of securing your entire environment much more challenging.

What can you do to address this complexity? Focus on protecting the workload with a product designed for that use case – Cisco Tetration.

Cisco Tetration addresses the cloud workload protection challenge in a comprehensive and scalable way. Tetration enables holistic workload protection for multi-cloud data centers through:

  • Scalable, consistent policy implementation for thousands of applications, spanning tens of thousands of workloads
  • Microsegmentation which allows the implementation of a true zero trust model
  • Detection of CVE’s (Common Vulnerabilities and Exposures) based on the installed software packages; proactively quarantine servers when vulnerabilities are detected
  • Ability to capture a million events per second and make policy decisions based on the behavior analysis of billions of flows, processes, and workload characteristics, allowing for real-time policy enforcement

Seems too good to be true – Well it is true.  Look at these free, technical resources to help you be successful.

Request a demo:  Want to see Tetration in action live?  Sign up here and we’ll come to you virtually. You’ll get all your questions answered in a customized session based on your needs.

Cisco Tetration Design & Implementation video playlist:  Learn how to use Tetration for workload security by watching this in-depth series.  It helps you understand the breadth and depth of Tetration’s cloud workload protection, microsegmentation, and visibility features.

Cisco Secure Cloud for AWS Design Guide: This lab-tested/validated design guide focuses on best practices for deploying Tetration in AWS.  It includes the following best practices on how to deeply:

  • Leverage the Tetration security dashboard for visibility into critical information like vulnerability score, process health score, attach surface score, forensics score, network anomaly score, and segmentation compliance score.
  • Leveraging Amazon EC2 tools to auto-provision Tetration sensors to provide visibility, segmentation, behaviors deviation, and software vulnerability data
  • Application Dependency Mapping to automatically discover the policies based on flow and other data received from workloads. Refine the discovered workload clusters and update the inventory filters to define policies to be enforced on our cloud workloads

 


*Smarter With Gartner, Is the Cloud Secure? October 10, 2019

 



Authors

Christina Hausman

Product Marketing Manager

Security