Cisco Tetration Archives - IT Solutions Provider - IT Consulting - Technology Solutions

3 Challenges and Benefits of Cisco Tetration

Josh Cronin — Thu, 19 Jul 2018 12:15:00 +0000

In last week’s post we discussed the Analytics Platform, what the platform is and how it integrates with the modern enterprise. We talked about how it supports a “Zero-Trust” security model and explained the story that ties in with its creation with an interesting use case involving Cisco and WEI.

This week we will discuss three challenges that can be associated with Cisco Tetration, along with some suggestions on how to avoid or lessen the impact of these factors. We will also look at three benefits of incorporating Cisco Tetration into your infrastructure strategy.

Challenges of Cisco Tetration

1. Infrastructure Commitment
When Cisco Tetration was first released there was a significant infrastructure commitment. You would have had to invest in several servers, multiple switches, and more. This resulted in an organization bringing in nearly a rack of gear just to run this engine. If you think about your network size, the amount of processing, and the amount of flows this thing is going to take in and allow for you, it is a significant space and power investment.

2. Upfront CostsThe infrastructure commitment contributes to the second obstacle; being that the upfront costs are really high because there is a lot of hardware that needs to be brought in. Cost is probably the biggest preventative measure and it is common with migrating to or improving a digital-ready network strategy. The cost models have since improved, providing a few different options now. You will see more about Cisco’s improving cost models and options in the “benefits” section of this blog post. 3. Overwhelming VisibilityThe idea of gaining 100% visibility into a network sounds great (and it is as you will see later on) because it ensures nothing can get past your team. It also makes your network seems impenetrable. Let’s use an example to show where there could be an obstacle with this. Let’s say you currently have 40% visibility into your network. You will have found a method and strategy to operate under this level of visibility. You are used to only being able to see this limited amount of network activity and you are able to properly plan a security strategy for it given the available tools at your disposal.Now years have passed with no real network problems, but Cisco Tetration starts being discussed as a potential solution to increase your organization’s network strategy. There is buy in and now you suddenly have 100% network visibility. Understandably, there are going to be a lot of questions and a lot of confusion. There will be a lot of work upfront to understand what everything is because you are now in a situation where you are able to see and plan for more parts of your network than you have ever been exposed to before.It is important to understand that this “new” stuff happening in your network would be there anyways, whether you see it or not. It is a kind of a requirement for your job to understand this extra activity. This makes the front loaded work worthwhile to be able to decide how traffic flows are working and to be able to package them. After understanding what else is in your network and how some of the network automation features work you will get to a point of normalcy with all of it. The size of your network and years established is definitely worthwhile to discuss when considering utilizing Cisco Tetration.

Benefits of Cisco Tetration

We will now dive into three of the primary benefits of Cisco Tetration and as you will see, these benefits make up for and outweigh many of the “challenges” discussed in the first half of this blog.

1. No Vendor Lock-in

Cisco Tetration has improved its integration with other network switches. There is no “vendor lock-in” where Tetration would require Cisco switches. Fortunately, Tetration will check everything on the network and will play well with nearly any infrastructure setup.

One thing to keep in mind is that while Cisco does agent and agentless monitoring, it is preferred you run Cisco for this. Some of the Cisco switches like the Nexus 93180 have a lot of that functionality baked into them. This means you don’t have to run SNMP or Agents to pull information off those switches since they can already send that natively. I wouldn’t call it a lock-in, but Cisco may, even though they’re kind of agnostic in what they monitor. This is simply because they’re better and more experienced with monitoring their own stuff since they built it.

2. Package options

While we touched on the significant up front infrastructure cost requirements with Cisco Tetration, there are ways to get around it. When Tetration was first released the price was fairly stagnant and out of reach for many organizations. Since then, they have become more flexible, since as the product grew, more ways to consume it were developed. Various pricing options make sense for companies in different situations and with different needs. Some will continue to run Tetration as they always have, but package options matter to determine whether organizations will run it for the foreseeable future or just for a year before converting their network over to Cisco ACI. Other important uses cases should be considered before making a decision; such as how you run Tetration (manually or automatically), will it be used for a specific initiative or will you integrate it into your security fabric, and how will your workflows run. Cisco adapted as needs for this product changed, allowing customers to choose why and how they want to consume it, which is favorable.

They have a few different deployment options now. Depending on how big your network is, Cisco has two differently sized physical deployment models, . One is across multiple servers, meaning the amount of servers for the larger model would be very expensive. They also have a smaller size now that is designed for organizations only monitoring 2,000 or less end points. Whether those are switches or desktops it does not matter because, organizations can get by with this option, .

Cisco has adapted even more to the point where cloud-based offerings of Tetration are available now too (known as Tetration – SaaS). This allows you to run Tetration in AWS or Azure. Cisco gives you the virtual software that you run on AWS or an Azure VPN. This way you’re still paying for those, but if you don’t have the space or interest in owning the hardware overall, you can do that. If you’re going to run Tetration for a certain amount of time (let’s say you get the licenses for a year) and then you want to get rid of it without a hardware investment, Cisco provides a pretty good opportunity for this. They can also do software to server configurations now, so Cisco can run it in its cloud. You can now plug Tetration into your networks and run it for as long as you need, similar to a subscription model.

3. Full Visibility

Once you get past that learning curve and the upfront commitment to set up Tetration, the day to day operations simplify because it will reach into the switches and desktops, notifying you when an anomaly is discovered. It allows you to make your decision on the fly to either block or allow it.

It is front loaded and there will be a lot of work to understand what you’re using it for. There’s a lot of learning in your own network, but it will become operational. This visibility also extends to heightened security measures, making it possible to truly maintain a that we discussed in last week’s blog.

With Cisco Tetration 100% visibility can be reached, providing a situation to provide a whitelist model, also known as a “Zero-Trust” model. With this approach, instead of controlling what can’t interact with the network, you are controlling what can interact with it. You can now confidently know that everything allowed to interact with the network is there because a rule has been established allowing it to be there. Letting Cisco Tetration map your network provides that top tier level of security that organizations strive to reach.

Conclusion

Now that this product has been around for a few years it has been developed and improved enough to the point where the benefits outweigh the obstacles by far. Cisco Tetration may not be for every organization, but for those looking to heighten their network security strategies, there are few other solutions as comprehensive and versatile at Cisco Tetration.

In case you missed part one of our blog series on Cisco Tetration, you can find it here:

Next Steps: Learn more about the software-defined revolution and how companies are leveraging SDN in our white paper, “.”

The post 3 Challenges and Benefits of Cisco Tetration appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Achieve 100% Network Visibility with Cisco Tetration

Josh Cronin — Thu, 12 Jul 2018 12:45:00 +0000

How much visibility do you have into your organization’s network? How confident is your IT team in its ability to accurately map out the network, which is a necessary step in data center migrations. According to a white paper from IDC, a mere 18% increase in network visibility can improve security breach preventative measures by over 40%. Many organizations know there are devices on their network that are unaccounted for, but many do not have a way of even guessing how many devices that is, let alone strategizing how to secure them.

Fortunately, teams that have turned to have seen vast increases in their confidence to map, assess, and secure their networks. This blog post goes into detail on exactly what this Cisco Tetration technology is and how it takes enterprise security to another level.

What is Cisco Tetration?

Cisco created Tetration as a data center analytics tool to improve network visibility. Network visibility measures how well network administrators can see and control all components and interactions occurring within the entirety of the organization. Tetration captures all traffic flow better and more efficiently than a monitoring tool can. As companies move towards , it ensures different applications can talk to each other. Tetration will map out all the individual flows of an application, ensuring you know exactly where all traffic is going and which devices are talking to each other.

You inevitably need that map to be able to totally understand your environment so that it can then be segregated. To understand how your web server talks to your SQL server, Tetration will show every connection that was made, normalize it, and then allow you to make rules around it to keep your traffic segregated. Beyond that, once you have all of that segmented and you’re in compliance (if applicable), you can actively make changes with this tool. It will plug into switches and works like a Windows desktop or firewall.

Changes can also be made through an agent, which in some cases is needed for Cisco switches, to either allow additional traffic or block traffic. This way Tetration can actually see traffic and recognize that it is an anomaly to this host. It recognizes that this source is not good, and can then block it. It can even communicate with the firewall and say, “don’t allow this traffic.”

That is the first step to moving towards a zero-trust method of networking. This method of knowing everything going on it a network at any given time provides a major benefit to customers.

Heightened “Zero-Trust” Security Model

Blacklisting is how many organizations’ networking policies have been traditionally structured. Blacklisting entails identifying “bad” traffic that is unwanted and setting up specific rules to not allow any traffic from those locations. This can help keep out many potentially threatening sources, but only those that are known can be kept out. There never was a great way to truly have 100% visibility into your network, making a blacklist model the best possible solution to provide some security measures and try to ensure employees can continue doing their jobs.

As an example, we can use vLAN to vLAN allowing traffic. You’re not allowing all of this random traffic that you don’t understand between the two. It has always been a real hassle for network administrators to understand application ports that are required. If you look at a “https” port, that’s port 443, so we would allow 443. If its “http” we would allow port 80. There are thousands of ports across an application, and you may need a handful of those available, or you may need thousands of them available. In most cases we haven’t had tools to absolutely identify that, so you depend on the applications and things get lost in transition between application owners and network owners. It has always been easier to say, “I can’t figure out which of the 4,000 ports I need available, so I’m just going to go ahead and let them talk to each other.”

With Cisco Tetration, however, 100% visibility can be reached, providing a situation to provide a whitelist model, also known as a “Zero-Trust” model. A follows the opposite methodology. With this approach, instead of controlling what can’t interact with the network, you are controlling what CAN interact with it. You can now confidently know that everything allowed to interact with the network is there because a rule has been established allowing it to be there.

Basically now, because we have visibility across the board, IT teams can say they know exactly what’s going on, so by default, that traffic is not going to pass unless it is understood and a rule has been set. The only sources allowed into the network are ones that are specifically approved.

The increase in cyber-attacks, such as with getting hacked, makes more companies realize that they do not have as much visibility as they need on their network. Cisco Tetration and its zero-trust security model is a step forward in preventing future attacks.

Use Case

One exceptional use case surrounding Cisco Tetration involves Cisco themselves. They developed this software partially for their internal requirements. They were going to move from a traditional network structure to Cisco ACI, a software defined network, and they didn’t understand what the traffic flows looked like on their network. They couldn’t logically make a plan for how they should separate things. This led them to run Tetration to migrate their own data centers. When there’s a requirement to understand anything on the network it is absolutely critical to have something like this. Mapping out a network is the leading purpose for Tetration. Its secondary purpose is utilizing Tetration to plug into firewalls on hosts, among many other things.

You can automate it, either API driven, or by some default baked into the product that will help you protect your end points. If something does get through your firewall or IPS and it’s now on your network, you can leverage Tetration. You can see it, act on it, report on it, and actually close the port. To get to that next level of security, it’s a pretty big piece of the puzzle.

Why do organizations need Cisco Tetration?

Cisco Tetration can map a network and provides that top tier level of security, as well as enabling your network to do what you want it to do. You have to totally understand that and you have to understand the applications that run over it. It has always been a challenge for the network administration side to understand that.

This provides more accurate visibility into what is actually happening. It tells the network team why traffic is moving the way it is. If you have a troublesome application, you may not realize that it’s spanning multiple catastrophic and saturating links. Now you can see where that’s coming from, how it’s happening, and how often it’s happening. If something does get through your firewall or your IPS and it’s now on your network, you can see that, act on it, report on it, and close the port. Cisco Tetration enables you to not only report against it, but actively make changes. This is the future of how companies will build and monitor applications, as it gives so much more insight into what people are traditionally used to. In a world where you need to segregate everything, Cisco Tetration gives you the power to do that and more.

Next Steps: Look for a continuation on this topic in next week’s blog post to learn about the benefits and challenges that come along with Cisco Tetration. In the meantime, learn more about WEI’s experience implementing in this case study featuring a major data center relocation initiative for a Fortune 100 company.

The post Achieve 100% Network Visibility with Cisco Tetration appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.