Cisco launched new security capabilities protecting workloads running "in any data center and for any cloud," part of the company's Tetration analytics, Cisco said Monday.
Security is becoming more and more critical, even as it becomes more difficult to achieve. Businesses and government are transforming themselves, becoming reliant on services running digitally. The Internet of Things and cloud makes security more complicated by distributing digital systems worldwide, creating a vastly bigger attack surface. Crooks, often backed by national governments, are becoming more sophisticated. And enterprises need to face these mounting challenges using constrained budgets. (See Cisco: Attackers 'Weaponize' Cloud Services.)
Vendors are stepping up to help enterprises meet these threats through automation, providing analytics-based tools that act quickly, with vastly reduced need for expensive staff intervention.
Cisco Systems Inc. (Nasdaq: CSCO) has been part of that trend toward security automation, and the latest development, announced Monday, involves upgrades to its Tetration analytics service.
The new Tetration capabilities protect bare-metal, virtualized and containerized workloads by installing lightweight sensors on Linux and Microsoft Corp. (Nasdaq: MSFT) Windows operating systems. Tetration inventories all software packages and cross-references them against the Common Vulnerabilities and Exposures database. IT organizations can set up policies to take action, such as quarantining an infected server. For additional protection, Tetration monitors processes running on servers.
Additionally, Tetration identifies application behavior deviating from the baseline that indicates possible threats. Tetration looks for applications behaving abnormally, indicative of a possible infection. Abnormal behavior includes applications seeking to obtain privileged access that they should not normally have -- "privilege escalation" -- as well as executing shell code.
This behavior-based approach can protect networks against "high severity security events" such as Spectre and Meltdown, Cisco says. (See 'Spectre' & 'Meltdown' – What Cloud Users Need to Know.)
Alphabet Inc. recently launched Chronicle, a subsidiary building security systems that protect against attacks by looking for deviations from normal behavior. (See Alphabet's Cybersecurity Moonshot: It's Deja Vu All Over Again.)
And Juniper Networks Inc. (NYSE: JNPR) introduced automated security tools in December designed to centralize products from multiple vendors into a single control panel. (See Juniper Automates to Speed Up Security.)
Cisco claims Tetration can identify anomalies in minutes using behavior deviations and reduce human intervention by 70%. Tetration can protection up to 25,000 servers per cluster in real time.
Last month, Cisco debuted analytics designed to detect security threats in the growing percentage of network traffic that is encrypted. (See Cisco Plugs Encryption Hole in Network Security.)
Security is key to Cisco's transition from selling products to recurring revenue based on software and services. Security revenue was up 6% in the company's most recent quarterly report. (See Cisco's 'Network Intuitive': A Risky Transition and Cisco Returns to Growth, With Help From Network Automation.)
Cisco bought Skyport Systems, a privately held company that provides security infrastructure using hyperconverged systems managed over the cloud, in January. (See Cisco to Buy Skyport Systems for Cloud Security.)
- Users Value Security Over Convenience – Finally
- Cisco: Attackers 'Weaponize' Cloud Services
- Check Point & Palo Alto Beef Up Multicloud Security
— Mitch Wagner Editor, Enterprise Cloud News