There’s Never Been A Better Time: Cyber Security Defence

Jakarta, 14 Desember 2016. Saat ini perkembangan digital ekonomi dan teknologi semakin pesat. Hal ini tentunya menciptakan kesempatan bagi perusahaan untuk terus berkembang pula, namun disaat yang bersamaan para hacker dan cyber crime juga tentunya mengambil peluang ditengah-tengah perkembangan yang terjadi. Dengan melihat kondisi tersebut, PT Perkom Indah Murni menyelenggarakan seminar setengah hari dengan tema “There’s Never Been A Better Time: Cyber Security Defence.”

Cyber Security Defence - PT Perkom Indah Murni

Sesi ini dibawakan oleh Arief Santoso dari Cisco. Di acara ini, Microsoft juga memberikan sesi dengan tema Modern Mail System yang dibawakan oleh Erika Untung.

Dengan diberikan pembekalan mengenai cara kerja para hacker dan cyber crime, serta bagaimana melakukan tindakan preventif, serta cara mengatasi hal tersebut, Perkom berharap perusahaan dapat terlindungi dari para hacker dan cyber crime. Tak hanya itu, Perkom juga ingin perusahaan memiliki keamanan secara jaringan maupun email pula yang merupakan sarana komunikasi utama dalam perusahaan.

Kegiatan ini berlangsung di Jasmine Room, Hotel Intercontinental Jakarta.

Supply chain digitization and positive impact

Our supply chains are in drastic need of a makeover from the inside out. According to the British Standard Institute’s 2016 study on supply chain risk, global supply chains have incurred $56 billion in extra costs related to catastrophic events ranging from weather disasters, to power outages, to theft, to a myriad of other issues. From a corporate social responsibility standpoint, supply chain transparency is vital for increasing prosperity, promoting sustainability and saving lives.

A vast majority of businesses have supply chain policies in place to prevent labor violations and slavery, lower their carbon footprint, and promote sustainable sourcing. However, labor violations continue to occur across the globe on a daily basis. For this reason, the need for data-driven CSR initiatives is soaring, and open source systems and communication are growing in importance. This is where digitization comes into play.

See also: Cisco: Partnerships, shared value key to driving emissions reductions throughout a supply chain

The 2016 Supply Chain Digitization Benchmark Survey was conducted by Supply Chain Digest. Its 203 online survey respondents represented a diverse range of manufacturing and retail businesses. Nearly 44 percent of them said they find IoT to provide a major opportunity in terms of improving supply chain performance and reducing costs.

How is digitization being used to increase supply chain sustainability, and what digital platforms or apps are being used?

The Electronic Industry Citizenship Coalition (EICC), which supports the rights of workers and communities affected by the global electronics supply chain, is using IoT and digitization to improve its internal and external communications and drive positive impact.

See also: Pushing the Sustainability Envelope: Cisco Supply Chain to Cut 1 Million Metric Tonnes of Greenhouse Gas Emissions by 2020

“Because we have a global industry, our members are all around the world, and it’s technology that holds us together,” says EICC Executive Director Rob Lederer. “Every day we are conducting task force calls around the world with hundreds of key members who are engaged through teleconferencing calls and webinars.”

Specific examples of how tech is aiding EICC’s work with supply chains include:

  •  Enabling companies to analyze massive amounts of data.
  •  Educating consumers on the sustainability of the products they use through websites and mobile apps.
  •  Online training courses that teach factories and CSR managers how to improve conditions in the supply chain.
  •  Mobile apps that survey workers and allow them to report grievances.

Bringing all these activities together, the EICC is leveraging digitization across three platforms including EICC-ON, an e-Learning Academy, and its Workplace of Choice program.

EICC-ON is an online data management system and the cornerstone of how EICC functions.

“It really centers around an extensive risk assessment process, where members can assess risk against EICC’s code of conduct,” explains Lederer.

Using the system, EICC members manage and share sustainability data, including information from EICC’s Validated Audit Process and self-assessment questionnaires that assess risk at the corporate and facility level. And, the connectivity doesn’t end there. Access to other applications provided via the EICC-ON platform include a document sharing library, a GRI (Global Reporting Initiative) tool, the EICC Environmental Reporting Module, and a conflict minerals app.

What do corporations and factories need to learn about supply chain management? 

In 2014, EICC launched its e-Learning Academy, which offers EICC members with best-in-class online trainings on a range of sustainability topics from CSR program management to methods on combatting trafficked and forced labor in the supply chain. The curriculum includes more than 50 courses in 14 languages. At the end of May, more than 26,000 online courses were completed via the e-Learning Academy, which has over 30,000 users.

See also: Making Manufacturing Sustainable – Starting with Our Supply Chain

“Audits tell you a problem in a factory, but they don’t tell you how to address and solve the problem. The goal of the academy is to enact change and protect the lives of workers.”

Rob Lederer, EICC executive director

Lederer says that the academy exists to take companies beyond risk audits. “Audits tell you a problem in a factory, but they don’t tell you how to address and solve the problem,” he explains. “The goal of the academy is to enact change and protect the lives of workers.”

EICC’s upcoming Workplace of Choice program is an educational and capacity-building initiative that will link key stakeholders (industry leaders, factory management, civil society organizations, and workers) to help secure safe and fair labor migration practice. Currently being piloted in Malaysia, the program will offer factories free technology that tracks interactions with the worker helplines through the use of digital dashboards and an interactive voice response system.

The plan is for workers to be allowed to call a phone number and select the language of their choice. If it’s a factory-related issue, the call will go to the factory for resolution. If it’s a non-factory issue, it will go to local assistance desks, and if it’s a crime it goes to the local police authority.

There is more work to be done. But it’s safe to say that from corporate executives to factory workers, digitization is helping make the supply chain a more efficient network.

###

The contents or opinions in this feature are independent and may not necessarily represent the views of Cisco. They are offered in an effort to encourage continuing conversations on a broad range of innovative technology subjects. We welcome your comments and engagement.

We welcome the re-use, republication, and distribution of “The Network” content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.

Cisco 2016 Midyear Cybersecurity Report Predicts Next Generation of Ransomware; New Tactics Emerging to Maximize Profit

As attackers innovate, many defenders continue to struggle with maintaining the security of their devices and systems. Unsupported and unpatched systems create additional opportunities for attackers to easily gain access, remain undetected, and maximize damage and profits. The Cisco 2016 Midyear Cybersecurity Report shows that this challenge persists on a global scale. While organizations in critical industries such as healthcare have experienced a significant uptick in attacks over the past several months, the report’s findings indicate that all vertical markets and global regions are being targeted. Clubs and organizations, charities and non-governmental organization (NGOs), and electronics businesses have all experienced an increase in attacks in the first half of 2016. On the world stage, geopolitical concerns include regulatory complexity and contradictory cybersecurity policies by country. The need to control or access data may limit and conflict with international commerce in a sophisticated threat landscape.

Attackers Operating Unconstrained

For attackers, more time to operate undetected results in more profits. In the first half of 2016, Cisco reports, attacker profits have skyrocketed due to the following:

Expanding Focus: Attackers are broadening their focus from client-side to server-side exploits, avoiding detection and maximizing potential damage and profits.

  • Adobe Flash vulnerabilities continue to be one of the top targets for malvertising and exploit kits. In the popular Nuclear exploit kit, Flash accounted for 80 percent of successful exploit attempts.
  • Cisco also saw a new trend in ransomware attacks exploiting server vulnerabilities – specifically within JBoss servers – of which, 10 percent of Internet-connected JBoss servers worldwide were found to be compromised. Many of the JBoss vulnerabilities used to compromise these systems were identified five years ago, meaning that basic patching and vendor updates could have easily prevented such attacks.

Evolving Attack Methods: During the first half of 2016, adversaries continued to evolve their attack methods to capitalize on defenders’ lack of visibility.

  • Windows Binary exploits rose to become the top web attack method over the last six months. This method provides a strong foothold into network infrastructures and makes these attacks harder to identify and remove.
  • During this same timeframe, social engineering via Facebook scams dropped to second from the top spot in 2015.

Covering Tracks: Contributing to defenders’ visibility challenges, adversaries are increasing their use of encryption as a method of masking various components of their operations.

  • Cisco saw an increased use of cryptocurrency, Transport Layer Security and Tor, which enables anonymous communication across the web.
  • Significantly, HTTPS-encrypted malware used in malvertising campaigns increased by 300 percent from December 2015 through March 2016. Encrypted malware further enables adversaries to conceal their web activity and expand their time to operate.

Defenders Struggle to Reduce Vulnerabilities, Close Gaps

In the face of sophisticated attacks, limited resources and aging infrastructure, defenders are struggling to keep pace with their adversaries. Data suggests defenders are less likely to address adequate network hygiene, such as patching, the more critical the technology is to business operations. For example:

  • In the browser space, Google Chrome, which employs auto-updates, has 75 to 80 percent of users using the newest version of the browser, or one version behind.
  • When we shift from looking at browsers to software, Java sees slow migrations with one-third of the systems examined running Java SE 6, which is being phased out by Oracle (the current version is SE 10).
  • In Microsoft Office 2013, version 15x, 10 percent or less of the population of a major version are using the newest service pack version.

In addition, Cisco found that much of their infrastructure was unsupported or operating with known vulnerabilities. This problem is systemic across vendors and endpoints. Specifically, Cisco researchers examined 103,121 Cisco devices connected to the Internet and found that:

  • Each device on average was running 28 known vulnerabilities.
  • Devices were actively running known vulnerabilities for an average of 5.64 years.
  • More than 9 percent have known vulnerabilities older than 10 years.

In comparison, Cisco also looked across software infrastructure at a sample of over 3 million installations. The majority were Apache and OpenSSH with an average number of 16 known vulnerabilities, running for an average of 5.05 years.

Browser updates are the lightest-weight updates for endpoints, while enterprise applications and server-side infrastructure are harder to update and can cause business continuity problems. In essence, the more critical an application is to business operations, the less likely it is to be addressed frequently, creating gaps and opportunities for attackers.

Cisco Advises Simple Steps to Protect Business Environments

Cisco’s Talos researchers have observed that organizations that take just a few simple yet significant steps can greatly enhance the security of their operations,  including:

  • Improve network hygiene, by monitoring the network; deploying patches and upgrades on time; segmenting the network; implementing defenses at the edge, including email and web security, Next-Generation Firewalls and Next-Generation IPS.
  • Integrate defenses, by leveraging an architectural approach to security versus deploying niche products.
  • Measure time to detection, insist on fastest time available to uncover threats then mitigate against them immediately. Make metrics part of organizational security policy going forward.
  • Protect your users everywhere they are and wherever they work, not just the systems they interact with and when they are on the corporate network.
  • Back up critical data, and routinely test their effectiveness while confirming  that back-ups are not susceptible to compromise.

Supporting Quotes

“As organizations capitalize on new business models presented by digital transformation, security is the critical foundation. Attackers are going undetected and expanding their time to operate. To close the attackers’ windows of opportunity, customers will require more visbility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities.

“As attackers continue to monetize their strikes and create highly profitable business models, Cisco is working with our customers to help them match and exceed their attackers’ level of sophistication, visbility and control.”

– Marty Roesch, Vice President and Chief Architect, Security Business Group, Cisco

About the Report

The Cisco 2016 Midyear Cybersecurity Report examines the latest threat intelligence gathered by Cisco Collective Security Intelligence. The report provides data-driven industry insights and cybersecurity trends from the first half of the year, along with actionable recommendations to improve security posture. It is based on data from a vast footprint, amounting to a daily ingest of over 40 billion points of telemetry. Cisco researchers translate intelligence into real-time protections for our products and service offerings that are immediately delivered globally to Cisco customers.

Supporting Resources

Cisco Video with David Goeckeler, Steve Martino: Cisco 2016 Midyear Cybersecurity Report

Cisco 2016 Midyear Cybersecurity Report

Cisco Blog: Time is of the Essence: Announcing the Cisco 2016 Midyear Cybersecurity Report 

Cisco Infographic

Cisco 2016 Midyear Cybersecurity Report Graphics

Follow Cisco on Twitter @CiscoSecurity

Like Cisco Security on Facebook

About Cisco

Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow’s digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.

Cisco, the Cisco logo, Cisco Systems and Cisco IOS are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.  All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. This document is Cisco Public Information.

Cisco 2016 Midyear Cybersecurity Report Predicts Next Generation of Ransomware

New Tactics Emerging to Maximize Profit

The Cisco® (NASDAQ: CSCO) 2016 Midyear Cybersecurity Report (MCR) finds that organizations are unprepared for future strains of more sophisticated ransomware. Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate. According to the report’s findings, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation. Other key findings in the MCR include adversaries expanding their focus to server-side attacks, evolving attack methods and increasing use of encryption to mask activity.

So far in 2016, ransomware has become the most profitable malware type in history. Cisco expects to see this trend continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage. New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities.

Visibility across the network and endpoints remains a primary challenge. On average, organizations take up to 200 days to identify new threats. Cisco’s median time to detection (TTD) continues to outpace the industry, hitting a new low of approximately 13 hours to detect previously unknown compromises for the six months ending in April 2016. This result is down from 17.5 hours for the period ending in October 2015. Faster time to detection of threats is critical to constrain attackers’ operational space and minimize damage from intrusions. This figure is based on opt-in security telemetry gathered from Cisco security products deployed worldwide.

Fortinet Unveils New Security Fabric, High-Performance Firewalls

Fortinet Unveils New Security Fabric and Firewalls Designed to Tackle Challenges of Encrypted Network Traffic 

Network security firm Fortinet made two new product announcements this week, including its new Fortinet Security Fabric architecture and a powerful new firewall designed to tackle the increasing demands from encrypted network traffic.

The company’s new Security Fabric is an architecture designed to integrate different silos of network security into a cohesive whole, while the new firewall is tailor-made to cope with the growing throughput and demands from remote workers, VPNs and SSL traffic.

Fortinet’s vision with its Security Fabric is to allow different segments of network security to integrate seamlessly and to cooperate actively under the management of a central control. The problem for many organizations is that different point products have been employed for different security functions without adequate integration and actionable threat sharing.

Fortinet’s John Maddison told SecurityWeek that its new Security Fabric solves these issues with collaborative intelligence (shared between security devices locally and with global threat intelligence); segmentation into functional security zones that provides deep and seamless visibility into traffic as it moves across the network); and a centrally coordinated security policy that establishes trust levels and distributes orchestrated policy enforcement across the network – whether that is local or cloud.

This is achieved by bringing the company’s existing security controls together into the Fabric environment. “Using a cloud-based management tool (FortiManager), a common operating system (FortiOS), and a single threat intelligence source for consistent enforcement (FortiGuard), organizations can weave together a single, integrated security fabric for complete visibility and control across their entire distributed network environment,” explained Bill McGee in a blog post .

The design principles behind the Security Fabric, said Maddison, are five-fold: scalability, both vertically and horizontal to allow for growth in both networks and threats; awareness throughout the Fabric, where each network segment integrates sufficiently to allow the whole to operate as a single entity; security, where threat intelligence and mitigation information is shared across the whole fabric seamlessly; actionable where local and global intelligence is shared in real time; and open, where APIs allow the inclusion of third party products into the Fabric.

For now, the individual segments of the Security Fabric are Fortinet’s own security products. The plan is to extend options to include third party products that can be incorporated into individual customers’ own fabric via APIs. This is currently limited to CarbonBlack.

Fortinet’s second major launch is a new and powerful network firewall, the FortiGate 6040E. While organizations are increasingly adopting XaaS solutions, many decide (and some are compelled by regulations) to keep the corporate crown jewels in a local or private network. This has resulted in an almost exponential increase in traffic between the insecure Internet and the local private network. This traffic is increasingly SSL/TLS encrypted.

The computational overhead required for SSL inspection is a challenge and already too heavy for many organizations’ perimeter defenses: many existing firewalls simply cannot handle the workload without introducing unacceptable latency. There is a choice: security or business efficiency; and since business invariably wins over security, many companies have simply abandoned SSL decryption at or by the firewall. This is dangerous since criminals are also increasingly using SSL to disguise the delivery of malware and communicate with C&C servers.

The usual solution is to hand off the crypto functions to separate devices designed for high computational work – but this involves additional cost and complexity that is also sometimes avoided. Fortinet’s new firewall seeks to solve this problem by adding computational power to the single device through the use of the CP9 ASIC, a Content Processor designed by Fortinet itself.

“The Fortinet CP9 security ASIC,” notes McGee in a separate blog post, “provides for high-speed deep content inspection, and increases the performance of IPS full-signature matching, and advanced VPN (including support for the NSA’s ‘Suite B’ elliptical curve cryptography algorithms.)”

The company also launched two smaller enterprise firewalls, the FortiGate 2000E and2500E, which also leverage the CP9 ASIC processors to decrypt network traffic on the fly.

Set to be available during Q2 2016, the FortiGate 6040E claims 320Gbps basic enterprise firewall throughput, and 80Gbps of throughput with all next-generation firewall features enabled.

Preparing Your Network for the IoT Revolution

26 Connected Devices Per Human by 2020 Changes the Security Equation: How to Make Sure Your Network is Prepared

We seem to be hearing about Internet of Things (IOT) and the security challenges related to it everywhere these days…

While there is no denying that IP-based connectivity continues to become more and more pervasive, this is not a fundamentally new thing. What is new is the target audience is changing and connectivity is becoming much more personal. It’s no longer limited to high end technology consumers (watches and drones) but rather, it is showing up in nearly everything from children’s toys to kitchen appliances (yes again) and media devices.  The purchasers of these new technology-enabled products are far from security experts, or even security aware. Their primary purchasing requirements are ease of use.

Technology personalization is not a new thing. It has been underway for decades now. For those of us that have been in this industry long enough, the first tangible occurrence of technology personalization was the appearance of the Personal Computer (PC) powered Local Area Network, going all the way back to the mid 80’s.  This enabled more employees to gain access to corporate data faster and easier, and to make the use and presentation of that data their own (spreadsheets, word processors, etc.) This quickly included access to the holy grail of corporate data: the information stored in the mainframe computers that previously had very limited access.

As the first few generations LANs and Personal Computing emerged, there was very little if any thought put into security. It was really only when we started connecting these LANs to critical corporate assets (data on mainframes and Un*X systems) as well as to customers, whether via dedicated connections or through the fledgling Internet, that security began to be a concern.  Unfortunately, as the range of access continued to grow it was too late to integrate security directly into this technology. Instead, we began bolting things onto the side, connection gateways became rudimentary packet filters, we implemented additional identification methods, and incorporated ad hoc authorization levels.  Eventually, these strategies became the disparate, highly varied, and specialized sets of security technologies that we all know and “love” today.

The one saving grace was that the scale of these solutions was relatively manageable. There was one, maybe two end devices per employee. We also only had one or maybe two Operating Systems to deal with, each with relatively long upgrade and patch release cycles. Then along came wireless and the BYOD challenge, which we are still struggling with as an industry to deal with effectively, and everything began to change. Gartner now predicts that by 2020, humans will each have 26 connected devices that gather, send, and sometimes even correlate some sort of data.

Unlike the previous stages of technology personalization, IoT brings challenges in spades. There are now thousands of vendors implementing thousands of unique  combinations of software and implementing dozens of technologies (WiFi, Bluetooth, NFC, zigbee, RFID) on literally billions of new devices. In the US alone we’re looking at nearly 8.7 billion IP enabled devices by 2020. In other more technology friendly countries the numbers are even more unfathomable. And nearly all of these implementations rely on complimentary software components running on an ever-increasing variety of smart devices, and/or in some version of the cloud. And of course, the very price competitive nature of this market (the primary market being consumers and not corporations) means that developers will limit their investment of time and money in security.

For Enterprises, all of this means the security risks related to this new era of technology personalization are both significant and unplanned. The majority of these IoT devices will not be part of a corporate deployment; it wouldn’t really be personal otherwise now would it? Employees will simply bring them from home, sync them to their Smart Devices, connect to the corporate WiFi network, and then connect to the cloud-based services deployed across the corporate network. Or depending on the actual IoT devices, even leave them at home, but still have the sync software installed on their Smart Devices.

Even more challenging, the traditional approach of bolting security onto inherently unsecure devices that we adopted way back in the 1980s – and which we currently do with MDM clients on smartphones and tablets – isn’t an option for many of these devices. IoT devices, for example, are headless. They can’t be patched, and you can’t install a client on them. We need to develop and adopt a security strategy that looks very different from the approach we have been using.

The emergence of IoT may finally be the technology that brings security from a network afterthought and bolt-on technology to an integral, persistent, omnipresent part of the network. We need secured trustworthy networking as opposed to networking plus security.  We need to create even smaller security domains to limit the scope and exposure of an exploited device. And the response to complexity needs to be simplicity, not endlessly adding more single-purpose devices to our security racks. IoT, for example, needs economical security inspection services at the actual connection point for every device, as opposed to trying to funnel all traffic through a small number of typically over-burdened systems that are hard to maintain and upgrade given the continued expectation of always-on, always available connectivity.

So, what do we do next? Here are four things to consider when planning for the coming tsunami of data and devices hitting your networks.

1. Control network access.

The vast majority of these new IoT devices are headless, which means that you can’t patch them, update them, or add security clients to them. So you need to weed out high-risk, compromised, or unauthorized devices and traffic before your let them enter your network.

2. Assume you will be breached.

If you knew an attacker could get past your perimeter defenses, what would you do differently? Most organizations spend the majority of their security dollars on building a better front door. Those resources need to be shifted to actively monitoring your network and identifying anomalous behavior inside your perimeter.

3. Intelligently segment your network.

The attacks that do the most damage are the ones that can move freely inside your environment once perimeter security has been bypassed. Secure internal segmentation ensures that a breach is limited to a small area of your network, and that attempts at unauthorized lateral movement can be detected. It also allows you to quickly identify infected devices for quarantine and remediation.

4. The answer to complexity is simplicity.

Unless you have unlimited IT staff and budget, you can’t keep throwing one-off security devices onto your security rack to be managed and maintained. You need tools that scale dynamically, are provisioned easily, and that work together as a cooperative security fabric to share threat intelligence from across your distributed environment in order to coordinate a response to a threat.

We all need to understand that we are at a critical point in our transition to a digital economy, and failure to rethink what security looks like in this new world will have far-reaching consequences.

Cisco Tetration Analytics: the most Comprehensive Data Center Visibility and Analysis in Real Time, at Scale

Cisco today announced Cisco Tetration AnalyticsTM, a platform designed to help customers gain complete visibility across everything in the data center in real time– every packet, every flow, every speed. Cisco Tetration Analytics gathers telemetry from hardware and software sensors, and then analyzes the information using advanced machine learning techniques. Tetration addresses critical data center operations such as policy compliance, application forensics, and the move to a whitelist security model. Through continuous monitoring, analysis, and reporting, the Tetration Analytics platform provides IT managers with a deep understanding of the data center that will dramatically simplify operational reliability, zero-trust operations and application migrations to SDN solutions and the cloud.

tetrationpacketflowscreenshot1

With Cisco Tetration Analytics, organizations can:

  • Understand what applications are dependent on each other throughout their data center and into the cloud
  • Move from reactive to proactive: make informed operational decisions and validate the effect of policy changes before they are implemented
  • Search across billions of flows in less than a second using Tetration’s forensics search engine and user interface
  • Continuously monitor application behavior to quickly identify any deviation in communication patterns

Tetrationinfographic_1920x1080

The Challenge

There is currently no single tool designed to collect consistent telemetry across the entire data center and analyze large volumes of data in real time, at scale. Up till now, organizations have performed fragmented tasks without the correlation necessary to address operational issues comprehensively. As a result, these complex, slow and disjointed tools are costly in terms of time, money and lost opportunity. IT managers today are hampered by a lack of visibility and knowledge.

  • They lack pervasive visibility into data center infrastructure and how applications are interacting, which results in operational challenges.
  • They are unable to migrate applications to the cloud or set up a Disaster Recovery site effectively with precision and speed.
  • They’re unable to adopt a zero trust model because they lack the critical information and resources to implement or maintain it.

The Solution: Cisco Tetration Analytics Platform

Tetration is designed to help enable pervasive and complete visibility across the data center using either server software sensors that require very low overhead, network hardware sensors that monitor packet-by-packet meta data, or both combined for the most complete solution. Tetration executes advanced data center analytics in real time and presents actionable analysis with easy to understand visuals. Tetration delivers information critical for data center operations, such as: application insights, automated white list policy recommendations, policy simulation and impact analysis, compliance management, and network flow forensics.

Tetration is like a time machine for the data center, enabling organizations to rewind what has happened in the past, view what is happening in the present in real time, and model what could happen:

  • Model a change before it’s executed to understand the impact on applications to enable informed operational decisions;
  • Validate that policy changes have actually been applied and taken full effect;
  • Do real-time and historical policy simulation – replay what happened in the network at any time, with long term data storage capabilities.

Early Field Trial: Cerner Corporation 

“We were delighted to engage with Cisco to gain experience with Tetration as an early field trial participant,” said Brett Jones, director of infrastructure technology for Cerner. “With the Tetration Analytics trial, we better understand application behavior and dependencies across our data center.” Cerner is a global leader in health care technology. Cerner’s health information technologies connect people, information and systems at more than 20,000 facilities worldwide.

How it works

Software sensors are installed on end hosts: either virtual machine or bare metal servers. In the first Tetration release, software sensors support Linux and Windows server hosts, while hardware sensors are embedded in the ASICs of Cisco Nexus 9200-X and Nexus 9300-EX network switches to collect flow data at line rate from all the ports. A single Tetration appliance will monitor up to one million unique flows per second. Both software and hardware sensors communicate the flow information in real time to the Tetration Analytics platform. The platform can be installed in any data center with any servers and any network switches.

The Tetration platform is a “one-touch” appliance: the servers and switches are prewired and the software is pre-installed. Setting up Tetration is easy: answering a few questions regarding the data center environment allows the Cluster to be configured. The big data complexity is hidden- no special big data expertise is needed to deploy or operate Tetration. Available in July 2016, the first Tetration platform will be a full rack appliance that is deployed on-premise at the customer’s data center.

Cisco Advanced Services

Although Tetration Analytics is easy to deploy in just hours to start gaining immediate benefits, some organizations may wish to engage Cisco Tetration Advanced Services expertise to gain even faster time to value through guidance on optimizing policies and application performance, and support for comprehensive adoption of the solution in their data centers. In addition, Cisco Solution Support for Tetration provides 24/7 global solution expertise for centralized issue management and resolution for Cisco Tetration Analytics and Tetration ecosystem partner products, with hardware, software and solution-wide support in a single service.

Supporting Quotes

“Real-time analytics – based on recent advances in unsupervised machine learning, behavior analysis, and visualization – facilitate the pervasive visibility required to gain insight into and control over application mobility, security, and datacenter-wide infrastructure,” said Brad Casemore, Research Director, Data Center Networks, IDC.  “In announcing the Tetration Analytics Platform, Cisco is delivering on the rich promise of real-time analytics, with application-behavior insights, policy simulation and impact analysis, automated whitelist policy generation, long-term data retention for forensics and analysis, and the capacity to detect policy deviations within minutes.”

“You can’t manage or secure what you can’t see,” said Zeus Kerravala, Principal Analyst, ZK Research.  “The problem today is that customers do not have adequate visibility into application behaviors, traffic flows or dependencies, resulting in operational problems and security challenges.  Tetration provides unprecedented visibility, enabling customers to search billions of flows to get actionable insight in less than a second, gaining insight into the past (with forensics), present (with real-time analysis) and future (with impact analysis).”

“Gaining much deeper visibility into the data center and automating actionable analysis across a company’s infrastructure marks a critical technology advancement in building secure digital business models like cloud, mobile and IoT,” said David Goeckeler, senior vice president and general manager of Cisco’s Networking and Security Business Group. “We believe the insights we gain from applications and the data center overall will enhance existing software solutions and drive the future development of new advanced software that will improve business operations, efficiency and customer experiences.”