Video: A reminder to the IT industry that security is a mirage
Cisco is updating its Tetration data center analytics platform with security tools designed to segment applications, identify vulnerabilities, and exposure and manage processes.
Tetration, which rolled out last year, is Cisco's platform for monitoring and analyzing the data center. From an initial focus on the network, Cisco has broadened Tetration to provide visibility from its own gear to other parts of the data center and any public cloud.
Yogesh Kaushik, senior director of product management at Tetration analytics at Cisco, said the security enhancements are a natural extension of the visibility the platform provides and could prove as defense to threats such as Spectre and Meltdown.
"The Tetration visibility engine spans the hybrid cloud environment, knows what's running on these workloads and what files it is touching," said Kaushik, who noted that the system can connect to AWS and Microsoft Azure, as well as VMware, ServiceNow, and others.
On the security front, Tetration is adding the following:
- Software vulnerability detection by combining an inventory of all software packages, version information and publisher, and the Common Vulnerabilities and Exposure (CVE) database. From there, Tetration detects the software packages with known CVEs and develops a scorecard.
- Server process monitoring. Tetration collects and maintains an inventory of processes running on servers by the minute. The process information--ID, parameters, users, duration, and signature -- is key for security.
- Baseline deviation monitoring. Tetration can now detect behavior patterns that stray from the baseline. This deviant behavior can highlight privilege escalation and side channel attacks.
Using Tetration analytics, the platform can automate process changes and other functions in the data center chain.
Kaushik said the Tetration ecosystem has a couple of dozen partners, and Cisco will be expanding to more security vendors and data center gear providers.