1) The document discusses Cisco Tetration Analytics, a product that provides visibility and security for data centers through machine learning-powered network monitoring and analytics. 2) Tetration collects data from sensors on network devices, servers, and endpoints to generate metadata about all network traffic and identify anomalies, outliers, and deviations from baselines. 3) It offers capabilities like application dependency mapping, real-time whitelisting, inventory of software and open ports, and network forensics to help strengthen data center security, reduce mean time to identify issues, and enable compliance.

1. © 2018 Cisco and/or its affiliates. All rights reserved

2. Duc Le
Policy, Automation and Analytics
April 2018
How to strengthen DC Security with Cisco Tetration Analytics
Secure Data Center: Building a Secure Zero-Trust Infrastructure

3. © 2018 Cisco and/or its affiliates. All rights reserved
• How Analytics help in Security
• Tetration Analytics Overview
• Q&A

4. © 2018 Cisco and/or its affiliates. All rights reserved
I’ve already invested in many security vendors …

5. Massive ransomware cyber-attack
hits at least 150 countries and
infected 300,000 machines
… But am I safe?

6. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
National Security Agency(NSA) on securing your assets
1. When protecting your network, you have to know everything that is going
on.
2. Decrease attack surface. Lock down and disable services you are not
using.
3. Identify what is routine in your infrastructure and what is not. Monitor for
deviations.
4. Whitelisting is a must in today’s cyber security world
Usenix Enigma 2016 https://www.youtube.com/watch?v=bDJb8WOJYdA
Rob Joyce, Tailored Access Operations, NSA
https://techtalk.pcpitstop.com/2016/09/07/nsa-best-practices-whitelisting/
https://www.theregister.co.uk/2016/01/28/nsas_top_hacking_boss_explains_how_to_prote
ct_your_network_from_his_minions/
“If you really want to protect your network you have to know your network,
including all the devices and technology in it,” he said. “In many cases we
know networks better than the people who designed and run them.”

7. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
What if you could actually look at everything in your Data
Center that has ever traversed the network?

8. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
Tetration with Machine Learning answers your Critical
Questions
What’s normal
/Baseline?
What’s going on now
and 6 months ago?
What’s outlier?
Who is talking to who? Real time Whitelist
Policy?
How to enforce policy to
heterogenesis env.?
How to reduce MTTI?
How I know unused
port/unpatched package?

9. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
Application
Insight
Process
Inventory
Visibility and
Forensics
Cisco Tetration Platform
Security Use Cases
Cisco Tetration™
Platform
Foundation
Segmentation
Advanced Security
White-list Policy Policy
Compliance
Application
Segmentation
Process
Security
Software Inventory
Baseline

10. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
Introducing Tetration
APPLICATION
INSIGHT
FLOW SEARCH
& FORENSICS
SEGMENTATION
& COMPLIANCE
v
Open Access
Web Rest API Event Bus Lab
Billions of Events
Meta-Data generated
from every packet
Software & Network Sensors: See everything
OS Sensor
Windows
Linux
Mid-Range
Universal
Network Sensor
Cloud-Scale Nexus
Nexus 9000 ‘X’
Data Analytics & Machine Learning Engine
Analytics Cluster
Appliance model
On-Premise or Cloud
▸ Ingest
▸ Store
▸ Analyse
▸ Learn
▸ Simulate
▸ Act

11. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
Cisco Tetration analytics data sources
Main features
 Low CPU overhead (SLA enforced)
 Low network overhead
 New Enforcement point (software agents)
 Highly secure (code signed and authenticated)
 Every flow (no sampling) and no payload
*Note: Available for POC/Trail purposes only
Software sensors
Linux servers
(virtual machine and bare metal)
Windows servers
(virtual machines and bare metal)
Windows Desktop VM
(virtual desktop infrastructure only)
Cisco Nexus 9300 EX
Cisco Nexus 9300 FX
Network sensors
Next-generation Cisco Nexus® Series Switches
Other Sensors
Other types of sensorsAvailable today
Container Host
(Host OS – Linux Based)
ERSPAN Sensor
Netflow Sensor*

12. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
Tetration Analytics: Deployment Options
Cisco Tetration Analytics
(Large Form Factor)
• Suitable for deployments
more than 5000 workloads
• Built in redundancy
• Scales up to 25,000
workloads
Includes:
• 36 x UCS
C-220 servers
• 3 x Nexus
9300 switches
Cisco Tetration-M (Small
Form Factor)
• Suitable for deployments
under 5000 workloads
Includes:
• 6 x UCS C-220 servers
• 2 x Nexus 9300 switches
Cisco Tetration Cloud
• Software deployed in AWS
• Suitable for deployments
under 1000 workloads
• AWS instance owned by
customer
On-Premise Options Public Cloud
Amazon Web
Services

13. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
Tetration Use Cases
Digital
Transformation
SDN & Cloud
Adoption
Mergers &
Acquisitions
Hybrid
IT
De-Risk
Change
Cost Visibility
& Reduction
High Availability
Operations
Cyber
Hardening
Forensics Compliance
Technology and Business Transformation
Secure Cloud+DC Operational ExcellencePartnering with Cisco Security

14. © 2018 Cisco and/or its affiliates. All rights reserved
CISCO CONNECT 2018 . IT’S ALL YOU
Cisco Tetration Analytics: Ecosystem
Service visibility Layer 4-7 services integration
Security orchestration Service assurance
Insight exchange
Cisco Tetration
Analytics™