techwisetv workshop: tetration analytics
Post on 08-Jan-2017
86 Views
Preview:
TRANSCRIPT
Cisco Tetration Analytics A Path to Secure Zero-Trust in an Application-Centric World
Jothi Prakash & Benny Van de Voorde
October 13, 2016
Jothi Prakash & Benny Van de Voorde
Cisco Tetration Analytics A Path to Secure Zero-Trust in an Application-Centric World
13th October, 2016
Agenda
• Challenges in Modern Datacenter Operations
• Cisco Tetration Analytics Overview
• Use cases Demo
• Application Insight with Cisco IT
• Visibility and Forensics
• Policy Analysis
• Policy Enforcement Options
Modern data centers are getting increasingly complex
• Zero trust model
• Multi cloud orchestration
• Application portability
Hybrid cloud
• Increase in east-west traffic
• Expanded attack surface
• Open source
Big and fast data
• Continuous development
• Application mobility
• Micro services
Rapid app deployment
Customers Need a New Approach to …
1 2 3
Map IT investment to drive
business policy
Break organizational
siloes
Mitigate risk from adversaries
and disasters
Cisco Tetration Analytics™
Application
Insight
Policy
Simulation
and Impact
Assessment
Automated
Whitelist
Policy
Generation
Forensics:
Every Packet,
Every Flow,
Every Speed
Policy
Compliance
and
Auditability
Cisco Tetration Analytics – Use Cases
Cisco Tetration Analytics Architecture Overview
Analytics Engine
Cisco Tetration
Analytics™
Platform
Visualization and
Reporting
Web GUI
REST API
Push Events
Cisco Confidential-NDA Required
Data Collection
Host Sensors
Network Sensors
Third-Party
Metadata Sources
Tetration
Telemetry
Configuration
Data
Cisco Nexus®
92160YC-X
Cisco Nexus
93180YC-EX
VM
Multiple Sensors and Data Sources
Low CPU Overhead (SLA enforced)
Low Network Overhead (SLA enforced)
Cisco Confidential-NDA Required
Host Sensors NW Sensors 3rd Party
Linux VM
Windows Server VM
Bare Metal (Linux and Windows Server)
Hypervisors
Containers
Nexus 9200-X
Nexus 9300-EX
Geo
Whois
IP Watch Lists
Load Balancers
…
Highly Secure (Code Signed, Authenticated)
Every flow (No sampling), NO PAYLOAD
Available at FCS Next Generation 9K switches Future releases 3rd party Data Sources
Hardware Sensor and Software Sensor
Accumulated Flow Information (Volume…)
Software Sensor
Process mapping
Process ID
Process owner
Hardware Sensor
Tunnel endpoints
Buffer utilization
Burst detections
Packet drops
Flow details
Interpacket variations
Platform Built for Scale
Real Time
and Scalable Secure Easy to Use Open
Every Packet, Every Flow
Horizontal Expansion
Long-term Data Retention
Secure Design
Two-factor Authentication
Role Based Access
One Touch Deployment
Self Diagnostics
Self Monitoring
Standard Web UI
Event Pub/Sub (Push)
REST API (Pull)
Use Cases and Demo Application Insight
Visibility and Forensics
The DC with Tetration
Private
VM VM VM BM
Nexus 9K
Public Applications Insight
Performance
CMDB accuracy
Security & Auditing
Tetration
Analytics Engine
Other Data
Platforms
Applications Insight (DC Network) • Dependency Mapping / ACI Migration
Application Performance • Benchmarking on the Network
• Deviation Detection
Service Now Integration • Application and Infrastructure Inventory
• Increase Operational Insights
Security • Auditing
• Security Enforcement
• Policy Verification ~ ‘what if’
• Threat Detection / DDOS / …
Increased
Visibility
Insightful
Data
Tetration Analytics: Advancing Cisco IT
Multi-
Purpose
Use
Cases
Network Flows + Server-level Information + Analytics
now exploring
exploring
Regions – Locations for Tetration Cluster.
CA,
DCs MTV/SJC
TX,
DC1 Allen
TX,
DC2 RCDN NC,
DCs in RTP
DC
Ams
DCs
in APAC
TA cluster
in MTV5 TA cluster
in Allen
TA cluster
in RTP5 tbd tbd
Jan ‘17
US West US Central US East EMEA APAC
Status today:
• 2 Clusters installed (US West Coast)
• 3rd just installed (US East Coast)
• 4th coming (US Central)
• Agents on servers only
• 4000 Agents running on Linux Servers / Windows Servers
• +5000 next month
• New Nexus 9k (ACI) Hardware coming in our DCs in End of Oct/Nov timeline
To Date, Cisco IT
has only
deployed
software Agents
In the TA tool
Process
ACI
EPGs
&
Contracts
Validation
Json normalized
Pull Data
(multiple sources)
Routing info
DNS zone file
All SLB config
Known app groups
Create workspace
Upload normalized
data
Run TA Algorithm
Create Application
View
= massage, filter
output
TA admin network admin
App team
Security
team
TA admin
Use Case Demo Policy Analysis
Policy Enforcement
Get To Zero-Trust Model
APIC Application Policy
Recommendation
Import Policy using ACI
Toolkit
Automatic creation of EPGs
and Contracts
Real
Time
Data Network
Policy
App Policy Tetration
Analytics
UCS
Cisco Nexus 9000 Series
UCS
Enforcement Anywhere
Cisco
Tetration
Analytics™
Cisco ACI™ and Cisco Nexus® 9000 Series
Standalone
Linux and Microsoft Windows
Servers and VM
Public Cloud
Data
Whitelist policy Whitelist policy {
"src_name": "App",
"dst_name": "Web",
"whitelist": [
{"port": [ 0, 0 ],"proto": 1,"action":
"ALLOW"},
{"port": [ 80, 80 ],"proto": 6,"action":
"ALLOW"},
{"port": [ 443, 443 ],"proto": 6,"action":
"ALLOW"}
]
}
• Cisco ACI EGP/Contract Integration via Cisco ACI Toolkit
• Traditional Network ACL
• Firewall Rules
• Host Firewall Rules
Amazon
Web
Services
Microsoft
Azure
Cloud
Summary
Pervasive flow
telemetry that
supports
infrastructure for
multiple data
centers at scale
Ready-to-use
solution to address
critical data center
operational
use cases
Self-monitoring
and eliminate the
need for
in-house big data
expertise
Open platform
and northbound
APIs enable
transparent
integration
VM
Accelerated
adoption and
comprehensive
Solution
support with
Services
http://www.cisco.com/go/tetration
Thank you for watching.
top related