<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=4393876&amp;fmt=gif">

Securing Workloads with CSW Features

By
2 Minutes Read

Cisco Secure Workload (CSW) formerly "Tetration" is a powerful tool to be leveraged on the journey to Zero Trust security. Business Technology Architects' S.I.M.P.L.E. method for CSW adoption helps customers deploy quickly, delivering immediate visibility and a proven process that accelerates policy development and the realization of a sustainable and scalable framework for zero trust enforcement and operations in weeks versus months or years.

POLICY RE-USABILITY

One of the significant customer challenges BTA sees with our customers is difficulty enforcing segmentation at different points in the network, such as translating CSW discovered policy and enforcing that in Data Center Fabrics, Firewalls (Internet Edge, Data Center, Campus, etc.) or other policy enforcement points. CSW sees all traffic in the environment and can provide a global view of flows into, out of and within the Data Center and Cloud workload environments. This allows us to create a hierarchical policy that can be optimized for enforcement in various places in the network. With CSW, we develop a common policy higher in the tree that can be used by other platforms or enforced by CSW. The key here is that we deploy only the application-specific "whitelist" or allowed policy to the workload and do not burden it unnecessarily with a bloated rule set.

VERIFICATION/VISIBILITY

When considering the integrity and security of an environment, ensuring that policies have been and continue to be successfully enforced is crucial. Insight into the performance of policies is straightforward in CSW, and is easily confirmed on the platform. There, the user can check on the deployed policy and identify unauthorized traffic being dropped. A great example here is securing jump hosts, by creating a rule set for all hosts that only a group of selected jump hosts can perform remote management tasks you mitigate that direct vector to the workloads. Additionally building a strict policy for connectivity to jump hosts similarly protects them so they cannot be accessed from a non-company owned network segment or authorized VPN environment.

IN-DEPTH FORENSICS

The inability to identify and research suspicious traffic or activity is a serious liability. CSW solves this problem by facilitating rapid investigation of incidents and will provide detailed data on how traffic entered the network and all endpoints that are communicated with for every host that has an agent on it. A real-world example recently found in a customer environment:

  • A host without an agent in development mistakenly has production credentials put on a public file share (which is why you should put CSW agents on dev hosts).
  • The CSW platform can still show any server in the environment with an agent that it has communicated with the compromised host.
  • Had an agent been deployed on the dev host, a simple network traffic rule not allowing dev to speak to production, or the internet could have mitigated the exposure

CSW Features

Flow Sampling does not tell the whole story.

Sampled flow data is not sufficient for security applications, as some advanced persistent threats and malware are incredibly quiet during the reconnaissance phase and may only send a single packet to report in or request instructions. This is where sampling does not meet the baseline requirement for complete visibility. The potential to miss a single critical communication that may not have been sampled will obviate your security controls. With CSW, every packet/flow is accounted for; all flows, even a single "innocuous" UDP query packet with no response will be accounted for and visible. CSW can run as a standalone as a service platform and is also part of the Cisco SecureX integrated portfolio of security products delivering a high degree of confidence and auditability of policy that is developed and deployed throughout the enterprise. Working with BTA is S.I.M.P.L.E. To learn more about protecting your environment with Cisco Secure Workload, visit us at www.GoBTA.com.

Protect Your Business: The Cyber Impact of Current Escalating Threats

Given the escalation of Cyber Attacks, what should you do? Watch as BTA Founder and CEO Ken Fee and Principal Architect Dana Blair to learn more about how to protect your business.

 

Register for our Zero Trust Strategy Workshop
Picture of Ken Fee

Ken Fee

Ken Fee is an accomplished technology executive with over 25 years of operational, information technology, architecture and educational experience. A 13-year veteran of the United States Marine Corps in operations and information technology military occupational specialties, he served in Operations Desert Storm in Saudi Arabia and Restore Hope in Somalia. In 1998, Ken left the USMC to join an IT solutions integration firm and lead an engineering team for a major transformation and deployment effort for the University System of Georgia that included a high-speed network of over 600 locations. In 2000, he joined Cisco Systems as a Systems Engineer focusing on public sector solution design. Ken achieved his CCIE in 2001. In 2003, he moved into a Global Systems Engineering role for Cisco working with Fortune 500 clients to define data center architecture and service delivery models. In 2006, he left Cisco to join a Cisco learning partner that focused on data center solutions and sales enablement activities. His roles included instructor, business development and ultimately VP of sales and chief operating officer. During his tenure, the company grew revenue over 90% per year. In 2010, Ken was a founding principal for BTA with the vision to provide on-demand end-to-end virtualized architecture consulting and the real-world implementation services that turn architectures into revenue generation. Ken currently maintains his CISSP certification and focuses on aligning technology architecture to business requirements.

Author

Recommended For You