Constructing community and workload safety architectures could be a daunting job. It entails not solely selecting the best resolution with the suitable set of capabilities, but in addition guaranteeing that the options supply the proper degree of resilience.
Resilience is commonly thought of a community operate, the place the community should be sturdy sufficient to deal with failures and supply alternate paths for transmitting and receiving information. Nonetheless, resilience on the endpoint or workload degree is incessantly missed. As a part of constructing a resilient structure, it’s important to incorporate and plan for eventualities during which the endpoint or workload resolution would possibly fail.
After we study the present panorama of options, it normally boils down to 2 completely different approaches:
Agent-Primarily based Approaches
When selecting a safety resolution to guard software workloads, the dialogue usually revolves round mapping enterprise necessities to technical capabilities. These capabilities usually embrace security measures similar to microsegmentation and runtime visibility. Nonetheless, one side that’s usually missed is the agent structure.
Typically, there are two foremost approaches to agent-based architectures:
- Userspace putting in Kernel-Primarily based Modules/Drivers (in-datapath)
- Userspace clear to the Kernel (off-datapath)
Safe Workload’s agent structure was designed from the bottom as much as defend software workloads, even within the occasion of an agent malfunction, thus stopping crashes within the software workloads.
This robustness is because of our agent structure, which operates fully in userspace with out affecting the community datapath or the appliance libraries. Subsequently, if the agent had been to fail, the appliance would proceed to operate as regular, avoiding disruption to the enterprise.
One other side of the agent structure is that it was designed to offer directors management over how, when, and which brokers they wish to improve by leveraging configuration profiles. This strategy supplies the pliability to roll out upgrades in a staged vogue, permitting for essential testing earlier than going into manufacturing.
Agentless-Primarily based Approaches
One of the best ways to guard your software workloads is undoubtedlythrough an agent-based strategy, because it yields the most effective outcomes. Nonetheless, there are cases the place putting in an agent will not be doable.
The principle drivers for selecting agentless options usually relate to organizational dependencies (e.g., cross-departmental collaboration), or in sure circumstances, the appliance workload’s working system is unsupported (e.g., legacy OS, customized OS).
When choosing agentless options, it’s necessary to grasp the constraints of those approaches. As an illustration, with out an agent, it isn’t doable to realize runtime visibility of software workloads.
Nonetheless, the chosen resolution should nonetheless present the mandatory security measures, similar to complete community visibility of visitors flows and community segmentation to safeguard the appliance workloads.
Safe Workload gives a holistic strategy to getting visibility from a number of sources similar to:
- IPFIX
- NetFlow
- Safe Firewall NSEL
- Safe Consumer Telemetry
- Cloud Movement Logs
- Cisco ISE
- F5 and Citrix
- ERSPAN
- DPUs (Knowledge Processing Items)
… and it gives a number of methods to implement this coverage:
- Safe Firewall
- Cloud Safety Teams
- DPUs (Knowledge Processing Items)
Key Takeaways
When selecting the best community and workload microsegmentation resolution, all the time take into accout the dangers, together with the menace panorama and the resilience of the answer itself. With Safe Workload, you get:
- Resilient Agent Structure
- Utility runtime visibility and enforcement with microsegmentation
- Various characteristic set of agentless enforcement
Be taught extra about Cisco Safe Workload
Â
We’d love to listen to what you suppose. Ask a Query, Remark Under, and Keep Related with Cisco Safety on social!
Cisco Safety Social Channels
Share: