Google Analytics Enhanced Ecommerce Reports - Superweek 2015
Enhanced security and operations with real time analytics · Le Anh Duc Solution Architect - ASEAN...
Transcript of Enhanced security and operations with real time analytics · Le Anh Duc Solution Architect - ASEAN...
Le Anh Duc
Solution Architect - ASEAN
11 Jan 2018
How to strengthen DC Security with Cisco Tetration Analytics
Enhanced Security and Operations with Real Time Analytics
© 2018 Cisco and/or its affiliates. All rights reserved.
• Security Landscape and Overview
• Tetration usecases demo
• ADM and Whitelisting
• Security
• Pervasive Visibility
• Q&A
© 2018 Cisco and/or its affiliates. All rights reserved.
I’ve already invested in many security vendors …
© 2018 Cisco and/or its affiliates. All rights reserved.
… But am I safe?
Reference: http://map.norsecorp.com/
How can we secure our DC?
© 2018 Cisco and/or its affiliates. All rights reserved.
National Security Agency(NSA) on securing your assets
1. When protecting your network, you have to know everything that is going
on.
2. Decrease attack surface. Lock down and disable services you are not
using.
3. Identify what is routine in your infrastructure and what is not. Monitor for
deviations.
4. Whitelisting is a must in today’s cyber security world
Usenix Enigma 2016 https://www.youtube.com/watch?v=bDJb8WOJYdA
Rob Joyce, Tailored Access Operations, NSA
https://techtalk.pcpitstop.com/2016/09/07/nsa-best-practices-whitelisting/
https://www.theregister.co.uk/2016/01/28/nsas_top_hacking_boss_explains_how_to_prote
ct_your_network_from_his_minions/
“If you really want to protect your network you have to know your network,
including all the devices and technology in it,” he said. “In many cases we
know networks better than the people who designed and run them.”
© 2018 Cisco and/or its affiliates. All rights reserved.
Whitelist – highly strengthens security posture!
1. Whitelist
2. Patch Apps
3. Patch OS
4. Restrict Admin Priv
https://www.asd.gov.au/infosec/mitigationstrategies.htm
© 2018 Cisco and/or its affiliates. All rights reserved.
Reason #1: NWL Blocks Zero-day Attacks (compromised
server is not allowed to talk)
Reason #2: It Prevents Unintended Applications from
communication
Reason #3: Reduces IT Support Expenses
Source: http://blog.secureaplus.com/3-reasons-application-whitelisting-is-essential-for-enterprise-it
© 2018 Cisco and/or its affiliates. All rights reserved.
What if you could actually look at everything in your Data
Center that has ever traversed the network?
© 2018 Cisco and/or its affiliates. All rights reserved.
Tetration with Machine Learning answers your Critical Questions
What’s normal
/Baseline?
What’s going on now
and 6 months ago?
What’s outlier?
Who is talking to
who?Real time Whitelist
Policy?
How to enforce policy to
heterogenesis env.?
How to reduce
MTTI?
How to Lock down un-
used services/VMs?
• Provide Visibility in the traffic flow within Data Centers.
What’s next - NPMD Use case
vEPC
(S-GW, PGW, MME)
ACI as SDN fabric
Gi-LAN (LB, FW, IPS, Large Scale NAT)
ACI as Gi- LAN Fabric
Service Domain
The InternetIP
Backbone
Where is the
“congested
areas”? What
applications
(flows) are
impacted?
What applications
(flows) use which
links? What’s the
latency
through the
fabric?
Packet
drop?
What does
the hop by
hop path
look like for
this
application
(flow)?
© 2018 Cisco and/or its affiliates. All rights reserved.
Common Use Cases
Automated Application Dependency Mapping (ADM)
• Cloud/DC Migrations
• Operation and Troubleshooting
• Isolating Legacy Applications
• Software Defined Networks (ACI)
• Zero-Trust Security – automated whitelist policy generation
• Application Segmentation
Simulation – “Try” before you “Apply”
• Compliance
• Audits
Forensics/Trouble Shooting – Single Source of Truth
• Reduce MTTI (Mean time to investigate)
• Investigate performance issues
• Identify Zombie servers/VMs
Security
• Whitelist Policy
• Reduce Attack/Breach
Cisco IT reduced greater than 40% of their VM’s and 70% of ACI deployment time after using
Tetration
© 2018 Cisco and/or its affiliates. All rights reserved.
Cisco TetrationArchitecture overview
Software sensor and
enforcement
Embedded network
sensors(telemetry only)
ERSPAN sensors(telemetry only)
Analytics engine
Web GUI REST API Event notification Cisco Tetration apps
Third-party
sources(configuration data)
Data collection layer
Access mechanism
Bring your own
data(streaming telemetry)
© 2018 Cisco and/or its affiliates. All rights reserved.
Cisco Tetration analytics data sources
Main features
Low CPU overhead (SLA enforced)
Low network overhead
New Enforcement point (software agents)
Highly secure (code signed and authenticated)
Every flow (no sampling) and no payload
*Note: No per-packet telemetry; not an enforcement point
Software sensors
Universal*(basic sensor for other OS)
Linux servers(virtual machine and bare metal)
Windows servers(virtual machines and bare metal)
Windows Desktop VM(virtual desktop infrastructure only)
Cisco Nexus 9300 EX
Cisco Nexus 9300 FX
Network sensors
Next-generation Cisco Nexus® Series Switches
Third-party sources
Asset tagging
Load balancers
IP address
management
CMDB
…
Third-party data sourcesAvailable today
© 2018 Cisco and/or its affiliates. All rights reserved.
• Dedicated virtual machines on each host with 4 software sensors in each virtual machine
• Each sensor binds to a separate vNIC
• ERSPAN terminates on the virtual machine vNIC
• Each sensor terminates one ERSPAN session
• Sensor generates telemetry based on the data-plane traffic
• Horizontally scalable
Layer 3 connection
ERSPAN
Layer 3
switch
Cisco Tetration telemetry: ERSPAN option
Expanded telemetry
collection option
• Augment telemetry from other
parts of the network
• Useful when software sensor
or hardware sensor is not
feasible
Cisco Tetration™
telemetry
Cisco
Tetration™
Platform
Productio
n network
Productio
n network
© 2018 Cisco and/or its affiliates. All rights reserved.
Tetration Analytics: Deployment Options
Cisco Tetration Analytics
(Large Form Factor)
• Suitable for deployments more than 5000 workloads
• Built in redundancy
• Scales up to 25,000 workloads
Includes:
• 36 x UCS C-220 servers
• 3 x Nexus 9300 switches
Cisco Tetration-M (Small Form Factor)
• Suitable for deployments under 5000 workloads
Includes:
• 6 x UCS C-220 servers
• 2 x Nexus 9300 switches
Cisco Tetration Cloud
• Software deployed in AWS
• Suitable for deployments under 1000 workloads
• AWS instance owned by customer
On-Premise Options Public Cloud
Amazon Web
Services
© 2018 Cisco and/or its affiliates. All rights reserved.
Cisco Tetration Analytics: Ecosystem
Service visibility Layer 4-7 services integration
Security orchestration Service assurance
Insight exchange
Cisco Tetration
Analytics™