Cisco broadens Tetration security delivery with cloud, virtual buying options

Cisco has added new cloud and virtual deployment options for customers looking to buy into its Tetration Analytics security system.

Cisco’s Tetration system gathers information from hardware and software sensors and analyzes it using big-data analytics and machine learning to offer IT managers a deeper understanding of their data center resources.

Tetration can improve enterprise security monitoring, simplify operational reliability, give customers a single tool to collect consistent security telemetry across the entire data center and analyze large volumes of data in real time.

This week Cisco added Tetration SaaS, a managed cloud-based option for large organizations and Tetration-V, a software-only version of the package using a virtual appliance targeted at smaller operations.

Tetration SAAS lets companies that may not have a large IT skill set deploy Tetration security technology quickly without having to worry about hardware capital outlay, said Yogesh Kaushik, senior director of product management at Tetration Analytics.  “Tetration SAAS offers security for on-premises, public and private cloud systems, and can scale up to 25,000 workloads.”

For smaller organizations with fewer than 1,000 workloads and that prefer a software-only approach, Tetration is available as a virtual appliance. Tetration-V offers one-click deployment and lets companies use their own server and storage infrastructure, Kaushik said.

Cisco Tetration SaaS is scheduled to be available in May 2018. Tetration-V is available now

The two new options join Cisco’s existing Tetration offerings, which include the high-end Tetration package that supports 25,000 workloads and comes on a full rack of hardware supporting 36 UCS C-220 servers and three Nexus 9300 switches. A 5,000-workload system – Tetration-M – is available and includes six UCS C-220 servers and two Nexus 9300 switches.  Tetration Cloud virtual appliances that run on Amazon Web Services (AWS) and Microsoft Azure for up to 1,000 workloads are also available.

Also scheduled to ship this month is Tetration 2.3, which brings a number of enhancements directed at protecting application workloads.

For example, it provides a real-time inventory of all software packages along with version and publisher information. Using information learned from Cisco’s other security offerings, it detects servers hosting software packages with known common vulnerabilities and exposures (CVE) and can quarantine or segment those devices from important enterprise resources. These other security options include Cisco Firepower Next-Generation Firewall (NGFW), Next-Generation IPS (NGIPS), Advanced Malware Protection (AMP), and Stealthwatch, as well as data from the CVE database.

Tetration now collects and maintains inventory about workload processes running on enterprise servers on a minute-by-minute basis. “Using this information, IT managers can search inventory for the servers that are running or have run specific processes. The information includes process ID, process parameters and the user who is running the process, process duration and process hash or signature information. The process hash information is critical for security because IT managers can search for servers in the data center that ran a malicious process by matching this hash information,” Cisco said.

With this release, Tetration can monitor workloads and the network to create a “normal” application-behavior baseline that the system can monitor for deviations associated with malware behavior patterns like those found in side-channel or privilege-elevation attacks.

Customers can use this data to develop policies that Tetration follows and enforces.