In the past, manufacturers would build a tool to monitor a domain element. A business would then...
CSW Deployment
Starter Pack Install Services
CSW Deployment Services with BTA
BTA's Starter Pack service is designed to bring up CSW SaaS and provide segmentation value quickly, safely, and securely. Cisco Secure Workload (CSW, formerly Tetration) is the premier Microsegmentation & Workload Protection Platform. Its deep and broad capabilities are key components in building and automating a Zero Trust strategy. BTA's years of CSW experience will ensure that you fully realize CSW's full range of security & visibility advantages.
Get in Touch
Cisco Secure Workload
Cisco Secure Workload (formerly Tetration) seamlessly delivers a zero-trust approach to securing your application workloads across any cloud and on-premises data center environments by reducing the attack surface, preventing lateral movement, identifying workload behavior anomalies, and remediating threats quickly.
Cisco Secure Workload SaaS (Software-as-a-Service)
This is the easiest and most cost-effective way to deploy a secure workload. It’s ideal for small businesses, as it can be deployed in minutes without any hardware or software purchases.
Cisco Secure Workload M (small form factor)
This option is best suited for companies that need an enterprise-grade solution but doesn’t want to invest in large capital assets. The small form factor of this model means that you won’t need room for a large server rack at your office, which makes deploying it easier than an LTM or PTX system would be.
Cisco Secure Workload Platform (large form factor)
Large enterprises should consider using this platform because its larger size will allow them to handle more applications than other models available from Cisco can handle at one time—and with greater security capabilities as well.
CSW Deployment Services from BTA
1. Workload Security Planning
This includes workload type identification, potential risks to the workloads, and an assessment of how you want to reduce the risk based on what’s happening in your environment.
2. Designing Security Support
Once you have this information, you can work on designing how you would secure each type of workload (for example with microsegmentation). You can also identify which applications are running in each segment and create a policy that will allow them to be managed as a group--even though they may be scattered across multiple data centers.
3. Identifying Workload Types
This is one of the most important steps. Different workloads have different security requirements, so it’s critical to identify what each type of workload is and how it will be managed. Workloads can be broken down into three categories: data center infrastructure (DCI), production applications, and nonproduction applications.
4. Evaluate Application Behavior
After identifying your workloads, you need to determine how they’re used by your organization and how they behave. For example, if an application is used for high-volume transactions or has very strict SLAs, it will be more critical than a low-volume database that stores internal HR records.
5. Create a Microsegmentation Policy
Once you’ve identified the workloads in your environment, you can create a microsegmentation policy and implement it. The policy should include roles, responsibilities, and rules that define how traffic will be allowed to flow through the network.
6. Simulate a Test Environment
It’s best to test a new microsegmentation policy before deploying it into production. You can simulate different types of attacks in your test environment and then validate that the policy blocks the attack without affecting legitimate traffic.
7. Apply Zero Trust microsegmentation
Once you have created and validated your microsegmentation policy, you can apply it to your production environment. You should also ensure that all new workloads are deployed with microsegmentation enabled.
8. Implement a Policy For All Workloads
Microsegmentation can be applied to all cloud and infrastructure workloads. You should also ensure that the policy is applied to any new workloads that are deployed into your environment.
9. Review Policy Compliance
Once you have implemented the policy, it’s important to review its compliance. You should validate that your microsegmentation policy is being enforced and that you are blocking all unwanted traffic from entering your environment. This will help ensure that you are protected from attacks in the future.
10. Apply SIEM Systems
When you have implemented the microsegmentation policy, it’s important to set up SIEM systems to monitor your environment. You should review any alerts that are generated by these systems and investigate any issues that arise. This will help ensure that you are alerted if your security policies are being violated by an unauthorized user or application.
The CSW Deployment Process
How does this work?
BTA will work with your team to deploy CSW SaaS agents to your server workloads - on-prem or cloud-based. We'll then build foundational Scope design and Annotation inputs to optimize CSW's application discovery.
After collecting live flow data from your agents, BTA will cooperatively design application enforcement for Core and Custom applications.
- Core applications are typical rulesets that BTA has developed, based on live field experience, such as DNS, NTP, Active Directory or Jump Host protection.
- Custom apps would be something unique to your environment.
With these apps secured, we'll start showcasing CSW's extensive reporting capabilities for workload vulnerabilities and open, risky server ports. We'll also build a Flow Report of interesting traffic flows, and for Medium Starter Packs we'll report on MITRE ATT&CK workload forensics. Every engagement includes detailed as-built documentation, and a CSW Foundations course to further enable your team.
Starter Pack Deliverables
Small | Medium | Large | |
Agents | 200 | 500 | 1000 |
Scope Design | Y | Y | Y |
Annotations | Y | Y | Y |
Enforcements | 1 Core, 1 Custom | 1 Core, 2 Custom | 10 |
CVE Reports | Standard | Custom | Custom |
Attack Surface | Standard | Custom | Custom |
Flow Report | Y | Y | Y |
Forensics | Y | Y | |
As-Built | Y | Y | Y |
Training | Mentoring | Mentoring | 2-day ILT |
Why CSW? Business Use Cases
Join us for a conversation with Founder and CEO Ken Fee to discover how the powerful features of Cisco Secure Workload can be applied to a host of complex use cases to secure your environment.
- Small: 200 agents, scope design, annotations, 1 core & 1 custom enforcements, standard CVE reports, standard attack surface, flow report, as-built, mentoring
- Medium: 500 agents, scope design, annotations, 1 core & 2 custom enforcements, custom CVE reports, custom attack surface, flow report, forensics, as-built, mentoring
- Large: 1,000 agents, scope design, annotations, 10 enforcements, custom CVE reports, custom attack surface, flow report, forensics, as-built, 2-day ILT training
Why Choose BTA?
Business Technology Architects is able to support your business in a wide range of activities related to the delivery of technology services. These include: technical project management, IT project management, application development and delivery support, and infrastructure planning, network planning and design, and implementation. If you're looking for more information on how to protect your data center infrastructure and workloads, send us a message or give us a call today.