Tetration, and the Cisco Security Big Picture

In walks Tetration.  At face value, it’s nothing new.  Nothing in the Cisco Security Market is “new”, … at face value.   

Here’s the change:  Cisco Security is demonstrating legitimate, long-term direction. They have made heavy hitting acquisitions over the past few years and the Sourcefire integration has become complete.  Cisco has taken its innate knowledge of all things “network”, and bolstered its security portfolio.  Acquisitions like CloudLock and Neohapsis should bring some street cred to Cisco from the Cyber Trendies, and points to extending the security “fabric” seamlessly from Campus to Cloud.

Network as a Sensor isn’t just a catchphrase.  It’s a holistic network security culture where the worlds of network and cyber architects finally collide in a non-combative way.  A completely integrated framework brought to us by TrustSec. We are given full policy control for authentication, authorization, and profiling via Identity Services Engine.  AMP provides us with host-level malware protection, retrospective security, and automation. FireSIGHT introduces a single pane of glass, and we see global threat intelligence and sandboxing with ThreatGRID. 

Clean, automated, Flexible Netflow keeps track of every transaction, anywhere.  This unlocks several great features such as the following:

.        App-aware abilities built into IOS

.        DDOS Protection

.        Pattern matching

.        Data exfiltration detection from Perimeter all the way down to the Access

.        Integration with Stealthwatch to benefit our friends in the SOC

For the first time, the entirety of our network infrastructure works in concert to monitor, analyze, report, and react.  

With Tetration, we see big picture integration at the next level – with complete hardware sensor integration into the Davos ASICs, capturing flow data at line-rate.  Tetration captures data on every flow, can pull data from third party platforms like load balancers, blacklist scripts, geo-location, etc… opening up opportunity for legitimate end to end performance monitoring that isn’t relying so heavily on supplicants.  

We see deep integration with the APIC, to react to threats by way of ACI automation.  We also see glimpses of this same model getting integrated into the APIC-EM, to take Campus automation to the next level.  At that point, the step out to the WAN via the ISR4k line and iWAN is a small one.  Again:  Legitimate…Direction.

One of the things I learned quickly after making the jump from commercial to federal, was a growing culture of the “Zero Trust Model”.   No more can we trust massive perimeter firewalls to protect the enterprise from the bad guys.  Because as every cyber security person with any wisdom knows, the bad guys are already in.  Our job is to limit the damage.  

Cisco Security has not historically been the trendy pick for Cyber Security Architects.  But folks, I just don’t think we can ignore them any longer.  We can’t afford to.