Cisco announced security updates to its analytics platform Tetration, including workload protection for any data center or cloud.
Cisco announced its Tetration platform in 2016 as a way to provide total visibility across the data center using either server software sensors, network hardware sensors or a mix of both. Among the new security capabilities include software vulnerability detection, service process monitoring and identifying application behavior deviations from the baseline.
With respect to software vulnerabilities, Tetration uses the common vulnerabilities and exposure (CVE) database to detect servers with known vulnerabilities. It then provides a scorecard ranking the vulnerabilities based upon their severity and identifies servers running that may be impacted. IT organizations can also set up policies for specific actions, including quarantining a host where servers are deemed highly vulnerable.
Touching on server process monitoring, Cisco Tetration collects and maintains inventory about the process running on each of the servers on a real-time basis. This allows IT managers to search the inventory for servers either running or have ran a particular process. Process information includes ID, parameters, users, duration and hash information.
The addition of baseline deviation monitoring detects behavior patterns that deviate from the baseline. Specifically, Tetration monitors workloads and the network to discern an application behavior baseline, which recognizes what is typical for a particular application. It then monitors for process behavior deviations associated with malware behavior patterns to identify attacks. It can also search for specific process events, including privilege escalation, shell code execution and side channel attacks.
“You can’t protect what you can’t see,” said Yogesh Kaushik, senior director for Tetration at Cisco. “The Tetration visibility engine spans the hybrid cloud environment, knows what’s running on these workloads and what files it is touching.”
The updates follow Cisco publishing its 2018 Annual Cybersecurity Report, which involved feedback from 3,600 chief information security officers (CISOs). The authors of the report found cyber criminals are increasingly using encryption to evade detection, while security professionals are becoming more reliant on automation, machine learning and artificial intelligence (A.I.).