Cisco has extended its Tetration analytics platform, announced in 2016, to provide security for multiple workloads on multiple clouds, in multiple data centers. Cisco claims the product can spot attacks based on currently-notorious vulnerabilities such as Spectre and Meltdown.

The features include application segmentation, whitelisting, the identification of software vulnerabilities, and spotting anomolous behavior which could be hostile or dangerous. This follows a previous update, Tetration 2.0, launched early in 2017, which also focused on security, so these improvements are presumably incremental. 

tetration diagram
– Cisco

Spot the flaw

”Segmentation of assets in the data center is not a new concept and has been a common practice as the first step to securing the applications,” said Yogesh Kaushik, senior director of product management for Tetration, in a blog post. “However, modern applications are not only within a company’s physical data center but also deployed across a multi-cloud environment, creating operational challenges.”

In the multi-cloud world, this increases complexity, he warned: “Imagine tagging 1,000 workloads! How about 10,000? Or, if you operate a mid to large operation, 100,000? Now, imagine what happens when new workloads are on-boarded, or some of these workloads change …”

Tetration can view “every packet, every flow, every speed,” according to the launch presentation made in June 2016.

Kaushik said the platform can gather data and improve its understanding of workloads using “unsupervised machine learning”. It is then possible to operate a whitelist or “zero trust” policy, where an action is only allowed if the policy says it should be. 

For added security, Tetraion provides an inventory of all software packages in the facility, and checks their version information against the Common Vulnerabilities and Exposure (CVE) database, so it can find which servers have flawed software, along with information about the severity. It then can set up policies to take actions, such as quarantining a host that is at risk.

Tetration also knows which user is running which process, so it can find servers that are running malicious processes, and spot who is the culprit. Suspicious behavior patterns can be identified by comparison against a baseline.

Tetration is integrated with Cisco’s portfolio of products, including NGFW, AMP, Talos, OpenDNS and StealthWatch.