Cisco is expanding its security analytics capabilities with the launch of the Tetration 2.0 platform. Tetration was first announced in June 2016, though the initial focus was largely around data center visibility.
“What we did with the first release of Tetration is provide machine learning that observes the behavior of applications,” Yogesh Kaushik, product management lead for Cisco Tetration, told eWEEK.
In the new release of Cisco Tetration Analytics, the platform is now able to automate security policies across a distributed virtual and physical network deployment. Kaushik explained that Cisco is using application segmentation to help provide the automated security policy enforcement.
“We believe that policies should be tied to applications and application behavior,” Kaushik said.
He added that Cisco can now help to define the boundaries of applications with segmentation and then can help enforce the boundary. The Tetration platform includes a hardware appliance as well as end-point agents that are installed on either physical or virtual servers. The Tetration agent collects information on network packets, users and applications that traverse the network. The Tetration agent can also be deployed on a Cisco Nexus switch, providing further network insights and visibility.
With the latest update of Cisco Tetration, organizations can also integrate the system with Cisco’s Identity Services Engine (ISE) as well, providing further granularity into user and device access control.
Going a step further is the new Tetration Apps capability that enables third party developers to build applications that can tap into the Tetration data analytics resources. Cisco does not currently have an App Store for Tetration apps though Kaushik said that Cisco is considering that as a model for some point in the future. Tetration Apps are all isolated on the platform and are restricted by role based access control to mitigate any potential security risks.
Security policies can also potentially have unintended adverse affects on network and application access, which is a problem that the updated Tetration platform also aims to solve. Kaushik explained that organizations now have the ability to test a policy before it is put in place to understand impact.
“We can show with real-time traffic, what applications might break and where they would be blocked,” Kaushik said. “You can also go back in time and playback everything like a Digital Video Recorder (DVR), to see what impact a policy might have on a certain date.”
Kaushik said that data can be stored for several months, showing users all the seasonality of application traffic and the potential impact of security policies. The Tetration security policy is based on application attributes that can change as a workload moves, for example from on-premises to the cloud.
From a network orchestration perspective, Kaushik said that Tetration is able to push out policy in a way that different technologies, including Cisco’s ACI (Application Centric Infrastructure), can consume.
Among the many different network virtualization technologies in the market today is VMware’s NSX. Kaushik said that to date, none of Cisco’s early Tetration customers have been using NSX.
“As we expand, there is no technical reason why we couldn’t support NSX,” Kaushik said.
Cisco recently announced a $3.7 billion deal to acquire application visibility vendor AppDynamics, which will complement the Tetration platform in the future. Kaushik explained that AppDynamics is focused on application performance as it instruments applications. In contrast, with Tetration Cisco is instrumenting the server and the networking stack, with a focus on security policy.
“When you look at applications the two things that people worry about are performance and security,” Kaushik said. “So we see a lot of areas of possible innovationy between AppDynamics and Tetration.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.