Thursday, October 22, 2020

Security Field Day 4 - Cisco Security Update - Tetration all the things

This time around Security Field Day 4 was all about Cisco Tetration. It seems they are focusing on how to solve security policy creation and management via big data and machine learning.

Rob Tappenden did the overview of Tetration, giving the background about why the product is around and why it is important. The goal is securing application workloads across on-premises Data Centers, Campus ang Cloud. It ingests IP data and is able to make policy enforcement decisions based on that data set, which is collected and analyzed over time. Tetration is doing data correlation and pattern matching to help define policies and also to determine if an application is currently matching an existing policy already defined.

Here is Rob's video:

Tim Garner then walked through the details around the policy process and operations of how Tetration does what it does. It was an interesting demo to watch, mainly because I have not had the chance to be hands on with Tetration at all myself. You can learn a lot about how a product functions by watching others use it. Tetration leverages both an agent and also flow data. The combination is likely the approach many with take as it gives the most complete view of the network. The demo had systems running in AWS with the agent installed, therefore exposing all the IP and network connectivity. The agent is able to do policy enforcement based off what you publish through Tetration and it is possible to run a simulation of your policy to see the impact prior to deploying it.

Here is Tim's video:

Then a more developer focused presentation was given by Remi Philippe, walking through a standard CI/CD workflow using Github and Jenkins to show how a developer would integrate and use/interact with Tetration. It was useful to see, but I am skeptical how many companies have operational team that are adopting Tetration and teaming with their developers in this way. I'm sure they are out there, but I am guessing that the majority of application developers are for more interesting in APM solutions like AppDynamics (owned by Cisco), New Relic, DataDog or Dynatrace than accommodating the operations team around Tetration. Because APM is code integrated and has an agent, I am doubting the desire of the app teams to run multiple agents on a host. The moment something goes wrong in an environment, the first thing that is turned off is security policy, firewalls and anything that might prevent the application to talk on the wire to each other. If that fixes it, then that agent or process isn't turned back on again.

Here is Remi's video:

I believe, over the long term, Tetration has to be integrated with AppDynamics and ThousandEyes (owned by Cisco) and have a single agent able to provide data to all those services. It also needs to support third party APMs because not all teams chose the same tooling and Cisco needs to open up there ecosystem to support that. I'm not sure that Tetration really isn't just the big data part (with a security angle) that all the APM providers already include as part of their product and that Cisco, over the long haul with have to reposition the produce around that story. I am speculating that it is a feature of a bigger product family over time. Only time will tell.

I will update the post when the video becomes available but you should be able to find them here when they post. You can also check out some of the other delegate's thoughts on the presentation such as Michael Davis, go check out his thoughts.

- Ed

In a spirit of fairness (and also because it is legally required by the FTC), I am posting this Disclosure Statement. It is intended to alert readers to funding or gifts that might influence my writing. My participation in Tech Field Day events was voluntary and I was invited to participate in XFD4. Tech Field Day is hosted by Gestalt IT and my hotel, transportation, food and beverage was/is paid for by Gestalt IT for the duration of the event if travel was involved. In addition, sometimes small swag gifts were/are provided by some of the sponsors of the event to delegates. It should be noted that there was/is no requirement to produce content about the sponsors and any content produced does not require review or editing by Gestalt IT or the sponsors of the event.

No comments: