Security is a topic that is a top-of-mind for every CIO out there. It is interesting to know that according to a study performed by Research 451, 64% of enterprises report information security is not a separate line in terms of budget, instead, it is part of their IT infrastructure one.
In other words, most of us take security for granted until something bad happens. Pete Johnson ("Cloud Unfiltered") even referred to it as "insurance" and I believe that it is the appropriate term for it.
We all know we need insurance, but what is the right-coverage for me? Well, it really depends on what are the type of assets you are trying to protect and how your business would be impacted if something happened.
If we think about our daily lives, imagine having 20 doors/windows wide open and then just locking or adding video-surveillance to the one in the backyard (because your neighbor just told you he had been robbed the night before and that the thief broke into his house through the backyard door). Well, that's a good start, however there are still more than 19 doors & windows still wide open and vulnerable for anybody to access right?
Well, that's pretty much what happens in IT and only securing a few "doors" is called "black-listing". Let me explain: every server has 65535 ports open (for TCP and the same amount for UDP). If we consider the black-listing approach, we may just close a few ports based on common vulnerabilities knowledge. Most of the times, we don't know which ports our apps need to work on, therefore we need to follow this approach and just block a few ports while permitting the rest of them.
In today's Multicloud world, constant and more sophisticated threats are a fact and black-listing security is definitely not enough.
Here's where analytics solutions like Tetration along with the Cisco Security Portfolio may help.
All we must do is install a Tetration software sensor on top of Operating Systems like Windows, Linux, Solaris, AIX among others, it does not matter if they are running bare-metal, virtualized, container-based or even on any Public Cloud or non-Cisco hardware. Once installed, the sensors will continuously feed every flow going in and out of that host to the Tetration Engine, which will show us the Application Dependency Mappings.
Think of the sensors as continuous-feed cameras while the Tetration Engine performs as that person in the SoC watching 24