Constructing community and workload safety architectures generally is a daunting job. It includes not solely selecting the best resolution with the suitable set of capabilities, but additionally making certain that the options provide the suitable stage of resilience.
Resilience is commonly thought of a community operate, the place the community have to be sturdy sufficient to deal with failures and provide alternate paths for transmitting and receiving information. Nonetheless, resilience on the endpoint or workload stage is steadily ignored. As a part of constructing a resilient structure, it’s important to incorporate and plan for situations wherein the endpoint or workload resolution may fail.
Once we study the present panorama of options, it normally boils down to 2 completely different approaches:
Agent-Based mostly Approaches
When selecting a safety resolution to guard utility workloads, the dialogue usually revolves round mapping enterprise necessities to technical capabilities. These capabilities usually embrace safety features reminiscent of microsegmentation and runtime visibility. Nonetheless, one facet that’s usually ignored is the agent structure.
Typically, there are two principal approaches to agent-based architectures:
- Userspace putting in Kernel-Based mostly Modules/Drivers (in-datapath)
- Userspace clear to the Kernel (off-datapath)
Safe Workload’s agent structure was designed from the bottom as much as shield utility workloads, even within the occasion of an agent malfunction, thus stopping crashes within the utility workloads.
This robustness is because of our agent structure, which operates utterly in userspace with out affecting the community datapath or the applying libraries. Due to this fact, if the agent have been to fail, the applying would proceed to operate as regular, avoiding disruption to the enterprise.
One other facet of the agent structure is that it was designed to provide directors management over how, when, and which brokers they wish to improve by leveraging configuration profiles. This strategy supplies the pliability to roll out upgrades in a staged style, permitting for vital testing earlier than going into manufacturing.
Agentless-Based mostly Approaches
One of the best ways to guard your utility workloads is undoubtedlythrough an agent-based strategy, because it yields the very best outcomes. Nonetheless, there are cases the place putting in an agent will not be attainable.
The principle drivers for selecting agentless options usually relate to organizational dependencies (e.g., cross-departmental collaboration), or in sure circumstances, the applying workload’s working system is unsupported (e.g., legacy OS, customized OS).
When choosing agentless options, it’s essential to grasp the restrictions of those approaches. As an example, with out an agent, it’s not attainable to attain runtime visibility of utility workloads.
Nonetheless, the chosen resolution should nonetheless present the required safety features, reminiscent of complete community visibility of visitors flows and community segmentation to safeguard the applying workloads.
Safe Workload affords a holistic strategy to getting visibility from a number of sources reminiscent of:
- IPFIX
- NetFlow
- Safe Firewall NSEL
- Safe Shopper Telemetry
- Cloud Circulate Logs
- Cisco ISE
- F5 and Citrix
- ERSPAN
- DPUs (Knowledge Processing Items)
… and it affords a number of methods to implement this coverage:
- Safe Firewall
- Cloud Safety Teams
- DPUs (Knowledge Processing Items)
Key Takeaways
When selecting the best community and workload microsegmentation resolution, at all times be mindful the dangers, together with the risk panorama and the resilience of the answer itself. With Safe Workload, you get:
- Resilient Agent Structure
- Utility runtime visibility and enforcement with microsegmentation
- Numerous function set of agentless enforcement
Be taught extra about Cisco Safe Workload
We’d love to listen to what you assume. Ask a Query, Remark Beneath, and Keep Linked with Cisco Safety on social!
Cisco Safety Social Channels
Instagram
Fb
Twitter
LinkedIn
Share: