Cisco Tetration / Basic facts

What is Cisco Titration: Cisco Tetration is a hybrid-cloud workload protection program designed
to secure compute instances in both the on-premises data center and public cloud.

It uses machine learning, behavior analysis and algorithm approaches to offer this holistic workload
protection strategy. From customer’s point of view, the key challenge is how to provide a secure
infrastructure without compromising agility.

There has been a rapidly increasing complexity in data centers due to increase in east west traffic,
application onboarding, virtualization, security threats and cloud migration.

Architecture:

Data Center uses: Cisco Tetration allows workload protection for multicloud data center by using:
 Whitelist-based segmentation, which allows for implementation of Zero trust model.
 Detection of common vulnerabilities and exposures associated with the software packages
installed on the server.
 The ability to act proactively, such a quarantining server when vulnerabilities are detecting and
blocking communication when policy violations are detected.
How it works?
Cisco titration provides unparalleled visibility to the applications, application packages, system processes
and lines of communication between systems and services. Once it has a picture of its environment it
begins modelling the communication between systems, services and processes and uses this
information to derive a visual mapping which provides us a clear understanding of which processes are
communicating between systems.

It uses real time telemetry from application- down to the individual end user or software process to
detect changes such as abnormal activity caused by hackers or malware, or by attempts to exploit newly
discovered flaws.

The titration analytics engine uses AI and ML to update segmentation while assessing whether those
changes increase risk and could lead to future vulnerabilities. The AI also interprets application and user
activity to determine what is normal, and what is anomalous, with all of that happening in real time.
Tetration can also analyze the results of new security policies, such as those that might restrict access to
specific resources and predict the effects those policies will have on applications and user workloads.

Summary: The Cisco Tetration platform offers a ready-to-use solution that enables network
administrators, security operations, and application owners to:

 Gain complete visibility into application components, communications, and dependencies to

enable implementation of a zero-trust model in the data center.
 Automatically generate whitelist policy based on application behavior. It also provides a
mechanism for including any existing security policy based on business requirements.
 Enforce this segmentation policy across a multicloud infrastructure consistently, to minimize
lateral movement.
 Identify software vulnerabilities and exposures to reduce attack surface.
 Provide process behavior baselining and identify deviations for faster detection of any IOCs.