Constructing community and workload safety architectures is usually a daunting job. It includes not solely choosing the proper resolution with the suitable set of capabilities, but in addition making certain that the options supply the best degree of resilience.
Resilience is commonly thought of a community perform, the place the community have to be strong sufficient to deal with failures and supply alternate paths for transmitting and receiving knowledge. Nevertheless, resilience on the endpoint or workload degree is incessantly ignored. As a part of constructing a resilient structure, it’s important to incorporate and plan for situations by which the endpoint or workload resolution would possibly fail.
After we look at the present panorama of options, it often boils down to 2 totally different approaches:
Agent-Based mostly Approaches
When selecting a safety resolution to guard utility workloads, the dialogue typically revolves round mapping enterprise necessities to technical capabilities. These capabilities usually embrace security measures similar to microsegmentation and runtime visibility. Nevertheless, one facet that’s typically ignored is the agent structure.
Typically, there are two most important approaches to agent-based architectures:
- Userspace putting in Kernel-Based mostly Modules/Drivers (in-datapath)
- Userspace clear to the Kernel (off-datapath)
Safe Workload’s agent structure was designed from the bottom as much as defend utility workloads, even within the occasion of an agent malfunction, thus stopping crashes within the utility workloads.
This robustness is because of our agent structure, which operates fully in userspace with out affecting the community datapath or the applying libraries. Due to this fact, if the agent had been to fail, the applying would proceed to perform as regular, avoiding disruption to the enterprise.
One other facet of the agent structure is that it was designed to provide directors management over how, when, and which brokers they need to improve by leveraging configuration profiles. This method supplies the pliability to roll out upgrades in a staged trend, permitting for mandatory testing earlier than going into manufacturing.
Agentless-Based mostly Approaches
One of the simplest ways to guard your utility workloads is undoubtedlythrough an agent-based method, because it yields the very best outcomes. Nevertheless, there are situations the place putting in an agent shouldn’t be potential.
The principle drivers for selecting agentless options typically relate to organizational dependencies (e.g., cross-departmental collaboration), or in sure circumstances, the applying workload’s working system is unsupported (e.g., legacy OS, customized OS).
When choosing agentless options, it’s essential to grasp the constraints of those approaches. As an example, with out an agent, it isn’t potential to attain runtime visibility of utility workloads.
Nonetheless, the chosen resolution should nonetheless present the mandatory security measures, similar to complete community visibility of visitors flows and community segmentation to safeguard the applying workloads.
Safe Workload gives a holistic method to getting visibility from a number of sources similar to:
- IPFIX
- NetFlow
- Safe Firewall NSEL
- Safe Shopper Telemetry
- Cloud Circulate Logs
- Cisco ISE
- F5 and Citrix
- ERSPAN
- DPUs (Knowledge Processing Models)
… and it gives a number of methods to implement this coverage:
- Safe Firewall
- Cloud Safety Teams
- DPUs (Knowledge Processing Models)
Key Takeaways
When choosing the proper community and workload microsegmentation resolution, at all times take note the dangers, together with the risk panorama and the resilience of the answer itself. With Safe Workload, you get:
- Resilient Agent Structure
- Software runtime visibility and enforcement with microsegmentation
- Various function set of agentless enforcement
Be taught extra about Cisco Safe Workload
We’d love to listen to what you suppose. Ask a Query, Remark Under, and Keep Linked with Cisco Safety on social!
Cisco Safety Social Channels
Share: