Cisco Tetration Analytics

2018: Tetration - SaaS and the virtual device

Cisco provided two models of use of the solution Cisco Tetration for DPC and a cloud in April, 2018: Tetration SaaS (a cloud solution for the organizations which use exclusively cloud computing or give them preference) and Tetration-V (the program version based on the virtual device for small implementations). The functionality and characteristics of both models are similar to the initial versions of Tetration for deployment on platforms of the customer. The solution Tetration the politician of "white lists" automates process of mapping of applications and also generation and application, protecting cloud loadings and doing transparent parameters of network performance. Program interfaces (API) of the solution give the chance to create proprietary applications with access to Tetration data sources, allowing to export the created Tetration of security policy and to apply them on SDN controllers and security appliances.

Thanks to new models of use an implementation time of Tetration was reduced till several o'clock, at the same time the customer has an opportunity of flexible payment in process of development without the need for serious initial investments.

Advantages of completely managed Cisco of the Tetration SaaS model:

• protection of workloads without the need for installation of the hardware on the customer's objects;
• protection of workloads in local, public and private clouds;
• scaling up to 25 thousand workloads;
• long data storage within many months;
• the accelerated deployment for fast obtaining results;
• built-in means of ensuring of high availability and disaster recovery;
• the quality of the provided service is guaranteed by the agreement on the service level (SLA) of a world class;
• the managed services provided by partners of Cisco.

The organizations at which the number of workloads does not exceed 1000 and which prefer software solutions can unroll Tetration on the virtual device. Installation process differs in simplicity, at the same time use of own servers and DWH is possible.

Both models of use Tetration provide the solution ready for operation for identification of applications of DPC, their detailed dependences and the main the politician of interaction between different levels of applications. Operators will be able to implement model of "zero trust" using segmentation and white lists, to perform monitoring of functioning of server processes and to reveal program vulnerabilities. The solution Tetration, using anomalies of behavior, reveals the events bearing high risks for security such as certain Spectre and Meltdown exploits and also allows to place in a quarantine servers subject to threat proactively. Such approach allows to provide complete protection of cloud workloads everywhere.

Architectural approach of Cisco to security

Tetration is an also central technology in Cisco product portfolio for protection of workloads and security of DPC. Interacting with Cisco ACI and also with such solutions of security as Cisco Firepower NextGeneration Firewall (NGFW), Next-Generation IPS (NGIPS), Advanced Malware Protection (AMP) and Stealthwatch, the Tetration platform ensures high safety wherever workload was located. Now operators will be able to see everything that happens in their networks, to narrow the horizon of the attacks and to stop distribution of invasions into DPC. Detailed information see in article Redefining Security for the Modern Data Center in a Multi-Cloud World.

Services of Cisco in the solution Tetration

For the purpose of acceleration of implementation of Tetration, optimization the politician and safety provides to Cisco on demand support and professional services for the solutions Tetration SaaS and Tetration-V, including support of the Tetration installation and support on options of application (use-case support) that reduces Tetration payback periods.

2017: Cisco upgraded functionality of Tetration Analytics

On February 3, 2017 the Cisco company provided the upgraded functionality of the Cisco Tetration Analytics platform for execution automation the politician (allows the organizations to create safe configurations for business applications), options of installation of the platform.

Politicians are applied irrespective of where the application, on the virtual, hardware or physical server, in a private or public cloud, infrastructure of any vendor is performed. The innovation model of implementation ties politicians to characteristics and operation modes of the performed tasks, providing preserving the politician even when moving a task.

Politicians it is possible to send to the firewall of any vendor, to apply at the network layer. Tetration in the dynamic mode offers the relevant results based on the analysis of functioning of billions of flows, processes and characteristics of the performed tasks. Using agents uniform politicians are implemented for any tasks where they were performed.

Cisco offers two additional models of implementation Tetration Analytics:

• the solution Tetration-M supporting up to 1 thousand applied loadings.
• cloud Tetration Cloud option (supports up to 1 thousand applications), image of the virtual machine which is loaded into a public cloud of Amazon Web Services (AWS).

Irrespective of the used model of implementation, Tetration provides monitoring of tasks, both in private, and in public clouds.

For better work with the data which are stored on the Tetration Analytics platform, customers and ecosystem partners are given an opportunity to create proprietary applications. Users of Tetration can apply own analytical algorithms to creating applications, exporting data and notifications in open formats which correspond to requirements of their business.

2016: Cisco Tetration Analytics

Cisco Tetration Analytics is a monitoring system in real time of the events in a data processing center.

On June 17, 2016 Cisco announced creation of the Tetration Analytics platform for data processing centers. A system allows to control in real time the events in a data processing center — each packet, each flow, each speed.

The platform obtains data of telemetry from program and hardware sensors and then processes them using advanced methods of machine learning.

The platform is focused on work in critical for DPC of tasks - ensuring compliance to politicians, the "criminalistic" analysis of applications (application forensics) and transition to model of information security on the basis of white lists. Tetration Analytics conducts continuous monitoring and the analysis, allowing IT managers to understand more deeply the processes happening in DPC that simplifies ensuring operational reliability, execution of operations on models of zero trust (zero-trust operations) and migration of applications in a cloud and on solutions.

The Cisco Tetration Analytics platform provides:

• identification of dependences of applications from each other in DPC and in a cloud;
• transition from the reacting model to anticipating thanks to adoption of the justified operational decisions and assessment of effect of change the politician before their implementation;
• implementation of search in billions of flows less than in a second using the search Tetration mechanism and the user interface;
• permanent monitoring of functioning of applications for operational identification of any deviations.

According to Cisco, for June, 2016 there is no uniform tool intended for collecting of telemetered informations on all DPC and the large-scale analysis of large volumes of data in real time. The organizations carry out separate tasks without correlation, necessary for the comprehensive solution of operational questions. At the same time difficult, slow, separate tools are used that is very costly in terms of money, time and a lost profit.

Cisco Tetration Analytics platform, (2016)

Tetration provides a comprehensive review of processes in DPC, using or the server program sensors requiring the minimum transfer of the service information or hardware network sensors which execute monitoring of each packet with line speed, or their combination, than the maximum completeness of the solution is reached. Tetration in real time makes advanced data analysis and presents results in easily readable form.

Reports join information, critical for functioning of DPC:

• analysis of applications,
• the automated recommendations about politicians of the white list,
• analysis of results of emulation politician,
• compliance to requirements of the regulator
• "criminalistic" analysis of network flows.

Art representation of Tetration Analytics Data Center Time Machine, (2016)

For DPC the Tetration platform works as some kind of time machine, allowing to see an event in the past and the events at the moment of time, to model the probable future:

• modeling of changes for understanding of their influence on applications and acceptances of reasoned decisions;
• check of real effect of application changed the politician;
• emulation the politician in real time and in historical perspective (long-term data storage gives the chance to reproduce last network events at any time).

Program sensors are installed on terminal hosts: virtual machines or hardware servers. In the first version of Tetration program sensors support servers Linux and Windows, and equipment rooms — are built in chips of the Cisco switches Nexus 9200-X and Nexus 9300-EX, collecting with line speed data on flows from all ports. One Tetration device can execute monitoring to one million unique flows per second.

Program and hardware sensors in real time transfer data on flows to the analytical Tetration Analytics platform (it can be set in any DPC with any servers and network switches).

The Tetration platform does not require adjustment — servers and switches are in advance connected, the software is already set. For the Tetration setup and configuring of a cluster it is required to answer on several questions of a configuration of DPC. All complexity of work with Big Data is hidden from the user — for installation of the Tetration platform and work with it no special knowledge of Big Data is required.

Pragmatic representation of Cisco Tetration Analytics, (2016)

The first Tetration platform will be available in July, 2016 in the form of the full-rack device installed in DPC in the territory of the customer.