Trust nobody. Trust nothing. Those are good principles when it comes to secure enterprise computing, and it’s the mindset behind what’s called the “zero-trust” IT security model—that is, assume that all traffic crossing a network is potentially dangerous until it is verified. It requires enforcing controls so that users and applications can access only the resources they absolutely require, and ensuring that monitoring systems have full visibility into, well, everything.
The zero-trust model is at the heart of Tetration, a workload protection and cybersecurity system offered by Cisco Systems—and which is delivered as a software-as-a-service offering running on Oracle Cloud Infrastructure.
The Tetration service goes both broad and deep. Broad, in that it aims to protect all of a company’s users, applications, data, compute infrastructure, virtual machines, containers, and network traffic. Deep, because Tetration looks at every process interaction, at metadata from every network packet, at the metadata that describes each application process, at the storage and file systems containing corporate data, and even at employee and customer user activity.
While a company’s applications are running, the data is flowing, shoppers are buying, and employees are working, Tetration is protecting. It uses real-time telemetry from applications—down to the individual end user or software process—to detect changes such as abnormal activity caused by a hacker or malware, or by attempts to exploit newly discovered flaws.
Back to the zero-trust model: Tetration uses high-level IT security policies merged with automatically discovered policies based on baseline application behavior, software vulnerabilities, threat telemetry, indicators of attack. Using those policies, it can segment application components, microservices, and data sources into their own network spaces, to ensure that digital access to important resources is permitted only on an as-needed basis to users or other application components that have a safe posture and operating behavior. Of course, in a large enterprise, the IT environment changes all the time, so no administrator or team of administrators can understand all the changes and their ramifications. That’s where Tetration uses artificial intelligence and machine learning to eliminate the burden of whitelist policy lifecycle management and application management.
Tetration’s software agents see all those changes to the network architecture, applications, users, and workloads. The Tetration analytics engine uses AI and ML to update the segmentation while assessing whether those changes increase risk and could lead to future vulnerabilities. The Tetration AI identifies the applications and databases in the environment and the dependencies, whether in the cloud or in the on-premises data center.
The AI also interprets application and user activity to determine what is normal, and what is anomalous, with all of that happening in real time. Tetration can also analyze the results of new security policies, such as those that might restrict access to specific resources and predict the effects those policies will have on applications and user workloads.
That’s a lot of data to manage, analyze, and correlate, and that’s why Cisco recommends that IT organizations run Tetration as SaaS running on Oracle Cloud Infrastructure, says Navindra Yadav, founder of Tetration, head of Tetration Engineering, and Cisco Fellow. It also offers the option of dedicated Cisco UCS server racks running the Tetration software and installed within a customer’s data center.
The Tetration SaaS option is “better on a cost-benefit basis,” Yadav says. “We get about two-and-a-half times the performance out of the Oracle Cloud Infrastructure version of Tetration than we do with our own UCS hardware.” That’s because Tetration uses Oracle Cloud Infrastructure for its high performance compute infrastructure, and Oracle Cloud’s bare metal servers offer significantly higher processor, memory and storage densities compared to Cisco’s UCS servers, Yadav says.
Oracle Cloud Infrastructure’s bare metal servers use the latest-generation microprocessors, network connections, high-performance memory, and solid-state storage. For security, the servers are isolated from network traffic belonging to any other user, or even from Oracle’s own cloud-management traffic. The cloud customer—in this case, Cisco—has full control over the service’s software configuration, including operating systems and software.
Another reason to prefer the Tetration SaaS offering: Scalability up and down. Customers can use only the cloud resources needed to handle their data center applications and workloads, and can scale very quickly. By contrast, when using the Cisco UCS server racks, the hardware has to be purchased, which can take some time. Also, because it’s slower to scale hardware, IT organizations will always need to buy excess capacity.
“Customers are paying for latent capacity with our service appliances on premises, whereas in SaaS, they pay for only what they use,” Yadav says.
Maintenance is another factor: With SaaS version of Tetration, all software maintenance is carried out by Cisco, while Oracle takes care of the physical hardware. With the Cisco UCS hardware version, the customer has to take administer the server hardware and software. “It’s good to have Cisco manage the SaaS version because Tetration is our software, and the employees inside the Tetration team understand it better than anyone,” Yadav says. “We can offer much higher availability to our SaaS customer and keep the software up to date.”
Cisco continues selling the hardware-appliance version of Tetration to support legacy customers, and for some very large, very nervous organizations, such as government agencies, that run Tetration inside very secure facilities that are not connected to the internet or to any external services. “The only reason new customers would choose to go with the appliance is really because they are air-gapped, or they have very specific security concerns,” he says.
A final benefit to Tetration as SaaS in Oracle Cloud is speed to deployment. Customers can go live within a day after they place the order with Cisco. When an organization realizes that it needs a comprehensive security system like Tetration to protect the data center and its workloads, nobody wants any delays.