Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to [Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
Similar to [Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center (20)
More from Nur Shiqim Chok
More from Nur Shiqim Chok (20)
Recently uploaded
Recently uploaded (20)
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
- 1. © 2018 Cisco and/or its affiliates. All rights reserved
- 2. Duc Le Policy, Automation and Analytics April 2018 How to strengthen DC Security with Cisco Tetration Analytics Secure Data Center: Building a Secure Zero-Trust Infrastructure
- 3. © 2018 Cisco and/or its affiliates. All rights reserved • How Analytics help in Security • Tetration Analytics Overview • Q&A
- 4. © 2018 Cisco and/or its affiliates. All rights reserved I’ve already invested in many security vendors …
- 5. Massive ransomware cyber-attack hits at least 150 countries and infected 300,000 machines … But am I safe?
- 6. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU National Security Agency(NSA) on securing your assets 1. When protecting your network, you have to know everything that is going on. 2. Decrease attack surface. Lock down and disable services you are not using. 3. Identify what is routine in your infrastructure and what is not. Monitor for deviations. 4. Whitelisting is a must in today’s cyber security world Usenix Enigma 2016 https://www.youtube.com/watch?v=bDJb8WOJYdA Rob Joyce, Tailored Access Operations, NSA https://techtalk.pcpitstop.com/2016/09/07/nsa-best-practices-whitelisting/ https://www.theregister.co.uk/2016/01/28/nsas_top_hacking_boss_explains_how_to_prote ct_your_network_from_his_minions/ “If you really want to protect your network you have to know your network, including all the devices and technology in it,” he said. “In many cases we know networks better than the people who designed and run them.”
- 7. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU What if you could actually look at everything in your Data Center that has ever traversed the network?
- 8. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU Tetration with Machine Learning answers your Critical Questions What’s normal /Baseline? What’s going on now and 6 months ago? What’s outlier? Who is talking to who? Real time Whitelist Policy? How to enforce policy to heterogenesis env.? How to reduce MTTI? How I know unused port/unpatched package?
- 9. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU Application Insight Process Inventory Visibility and Forensics Cisco Tetration Platform Security Use Cases Cisco Tetration™ Platform Foundation Segmentation Advanced Security White-list Policy Policy Compliance Application Segmentation Process Security Software Inventory Baseline
- 10. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU Introducing Tetration APPLICATION INSIGHT FLOW SEARCH & FORENSICS SEGMENTATION & COMPLIANCE v Open Access Web Rest API Event Bus Lab Billions of Events Meta-Data generated from every packet Software & Network Sensors: See everything OS Sensor Windows Linux Mid-Range Universal Network Sensor Cloud-Scale Nexus Nexus 9000 ‘X’ Data Analytics & Machine Learning Engine Analytics Cluster Appliance model On-Premise or Cloud ▸ Ingest ▸ Store ▸ Analyse ▸ Learn ▸ Simulate ▸ Act
- 11. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU Cisco Tetration analytics data sources Main features Low CPU overhead (SLA enforced) Low network overhead New Enforcement point (software agents) Highly secure (code signed and authenticated) Every flow (no sampling) and no payload *Note: Available for POC/Trail purposes only Software sensors Linux servers (virtual machine and bare metal) Windows servers (virtual machines and bare metal) Windows Desktop VM (virtual desktop infrastructure only) Cisco Nexus 9300 EX Cisco Nexus 9300 FX Network sensors Next-generation Cisco Nexus® Series Switches Other Sensors Other types of sensorsAvailable today Container Host (Host OS – Linux Based) ERSPAN Sensor Netflow Sensor*
- 12. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU Tetration Analytics: Deployment Options Cisco Tetration Analytics (Large Form Factor) • Suitable for deployments more than 5000 workloads • Built in redundancy • Scales up to 25,000 workloads Includes: • 36 x UCS C-220 servers • 3 x Nexus 9300 switches Cisco Tetration-M (Small Form Factor) • Suitable for deployments under 5000 workloads Includes: • 6 x UCS C-220 servers • 2 x Nexus 9300 switches Cisco Tetration Cloud • Software deployed in AWS • Suitable for deployments under 1000 workloads • AWS instance owned by customer On-Premise Options Public Cloud Amazon Web Services
- 13. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU Tetration Use Cases Digital Transformation SDN & Cloud Adoption Mergers & Acquisitions Hybrid IT De-Risk Change Cost Visibility & Reduction High Availability Operations Cyber Hardening Forensics Compliance Technology and Business Transformation Secure Cloud+DC Operational ExcellencePartnering with Cisco Security
- 14. © 2018 Cisco and/or its affiliates. All rights reserved CISCO CONNECT 2018 . IT’S ALL YOU Cisco Tetration Analytics: Ecosystem Service visibility Layer 4-7 services integration Security orchestration Service assurance Insight exchange Cisco Tetration Analytics™