Cisco Systems is extending the reach and scope the security capabilities of the Tetration analytics platform to include identification of software vulnerabilities and exposures, baselining process behavior and identifying any deviations. The goal is to provide finer-grained controls over workloads for organizations embracing DevSecOps, said Yogesh Kaushik, senior director for Tetration at Cisco.
“You can’t protect what you can’t see,” said Kaushik.
Tetration is a big data analytics platform Cisco crafted using open source technologies such as the Apache in-memory computing framework and Apache Kafka streaming data software. Once all that data is collected, Cisco applies machine learning algorithms to identify IT management issues. Since launching Tetration in 2016, Cisco has been steadily expanding the cybersecurity capabilities of the platform beyond application whitelisting and the implementation of a zero-trust model for accessing applications.
To detect vulnerabilities Tetration now makes use of the Common Vulnerabilities and Exposure (CVE) database. Armed with that data, Tetration can identify servers that have software packages with known CVEs. It provides a scorecard ranking the severity of specific vulnerabilities, and identifies all servers running that may be affected. Filters to search for one or more vulnerabilities can be created.
Tetration also now can maintain a real-time inventory of processes running on each of the servers. IT managers can search inventory for the servers that are running or have run a specific process.
Finally, Tetration now monitors applications to create a baseline view of their normal behavior. Any deviation from that behavioral pattern generates an alert.
Cisco positions Tetration as a complement to AppDynamics, the application monitoring tool Cisco acquired last year. Over time integration with AppDynamics, along with other third-party application monitoring tools, will function as a data source for Tetration using either REST application programming interfaces (API) or Apache Kafka software, said Kaushik.
Tetration can be deployed using a physical appliance or on a public cloud. Cisco expects that as DevSecOps continues to evolve, most organizations will employ hybrid approaches to security analytics.
The biggest challenge, however, may not the technology. There are already several approaches that make use of Big Data to drive security analytics. The issue is determining who inside any organization is charged with the task. In some instances, there’s a 50-50 split in responsibility between the security and networking teams. In other cases, DevSecOps is becoming more prevalent as application developers are now exercising more control and security becomes more integrated within a larger DevOps set of processes.
More IT organizations today are focusing their efforts on detection rather than simply trying to strengthen the network perimeter, under the assumption that significant amounts of malware have already penetrated their defenses. The primary task now becomes discovering where that malware lies and the containing whatever damage is being inflicted. Along with that effort, security-savvy organizations are putting more effort into discovering the vulnerabilities that are most commonly exploited by cybercriminals.
There may never be such a thing as perfect security. But most IT organizations are more aware than ever that it’s still easy for their application workloads to be compromised by even the most rudimentary classes of cyberattacks.