By Don Meyer The applications we need to do business are no longer just residing in a single, physical data center. Sure, there are some applications running in your on-premises data center. But some are also running in offsite data centers. Or in your private cloud. Or on Amazon Web Services. Many are likely moving in between these various platforms on a regular basis – for example, from on-prem to cloud, and back.
Recent research conducted as part of our CISO Benchmark Survey indicates that organizations are deploying roughly a third of their new technology via physical infrastructure, a third virtually, and another third in the cloud. So how do we effectively control and secure this new, dynamic environment without hindering productivity and user experience?
Moving Security Closer to the Application
Due to the shifts in the way organizations deploy and access applications, the concept of application security must expand. It’s no longer just about testing for software vulnerabilities (though, that is of course part of it). Today’s application security must be multi-faceted, taking into account concepts including visibility, segmentation, access control, performance monitoring, and more. Many of the security concepts already applied to the network must now also be applied directly to the applications themselves.
This week at Cisco Live, we are unveiling our new approach to this challenge, called Cisco Application-First Security.
Cisco Application-First Security for 360°Application Protection
Cisco Application-First Security is designed to leave no stone unturned when it comes to protecting an application. It combines several of our security products into one holistic solution for making sure applications are protected no matter where they go and how they are used. Application-First Security allows organizations to:
See which applications are running and what they are doing – regardless of where they are – to baseline behaviors and uncover any software vulnerabilities or suspicious processes.
Enable automated microsegmentation and application whitelisting to minimize the spread of attacks laterally throughout the data center and network.
Enforce security policies at scale, for thousands of applications, and across hybrid, multi-cloud data centers – without impacting reliability and performance.
Cisco Application-First Security helps you secure your applications running anywhere at the speed of your business with protection that is continuous, adaptive, and closer to the applications. This Application-First Security model allows you to confidently move your business in any direction you demand with security being an enabler for your development teams. With greater insight and control over your applications, you are able to make intelligent decisions, achieve compliance, and reduce risk.
Our new Application-First Security solution consists of the following products:
Cisco Tetration provides holistic workload protection for multi-cloud data centers. It automatically discovers and baselines application behaviors and dependencies, then generates policy for microsegmentation. Policies are enforced at scale, consistently across workloads. Tetration can also track behavior changes to keep the policy up to date as applications move and evolve.
The Tetration platform can also detect issues such as software vulnerabilities, process behavior anomalies, and malware. If issues are identified, it can proactively quarantine servers and block communication. Tetration enforces policy across thousands of applications and hundreds of millions of policy rules – and across bare metal servers, virtual machines, and containers.
Cisco Stealthwatch Cloud
Visibility into the rest of the network is just as critical as application visibility. Cisco Stealthwatch Cloud is a SaaS service that provides complete visibility into network and cloud traffic. It collects telemetry data across the entire network to automatically monitor traffic and identify anomalies that could signify risk – even in encrypted communications.
Stealthwatch can uncover both known and unknown, internal and external threats, improving incident detection and response. In addition to monitoring on-premises infrastructure and private clouds, Stealthwatch can monitor all public cloud environments including Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Duo Beyond from Duo Security (now a part of Cisco) allows you to: 1) identify corporate versus personal devices trying to connect to your environment, 2) block untrusted endpoints, and 3) give your users secure access to internal applications without using VPNs. Duo Beyond expands secure access past traditional, perimeter-based network security with the power to grant access to any application, to any user, from any device, while maintaining security.
With Duo Beyond, you can:
Differentiate between corporate and personal devices.
Limit sensitive data access to only corporate devices.
Limit remote access to specific applications without exposing the network.
Security and performance go hand in hand. It’s crucial to verify that thorough security measures do not result in a slower network. That’s why our Application-First Security solution includes powerful application performance monitoring from AppDynamics, now a part of Cisco. AppDynamics provides details needed to quickly resolve issues, make user experience improvements, and ensure that applications are always meeting performance expectations – even in the most complex, multi-cloud environments.
In today’s threat environment, no one solution can protect corporate infrastructure. Together, the above products provide the visibility and control needed to quickly identify and remediate attack attempts or other risks to application security. Application-First Security also works in conjunction with the rest of Cisco’s comprehensive security portfolio.
Get started on the path to effective, application-first security. And find out how South Africa’s oldest bank powers and protects its data center and applications with Cisco – decreasing problem resolution time from tens of hours to just minutes.
“In addition to security, visibility, and availability, Cisco technologies give all of us the ability to sleep at night.” – First National Bank, South Africa
Subscribe to our Cisco Live blog series to stay updated on all of our Cisco Live 2019 announcements.
Source:: Cisco Security Notice