How to Navigate a ‘Zero Trust’ Environment
Trust nobody. Trust nothing. Those are good principles when it comes to secure enterprise computing, and it’s the mindset behind what’s called the “zero-trust” IT security model—that is, assume that all traffic crossing a network is potentially dangerous until it is verified. The zero-trust model requires enforcing controls so that users and applications can access only the resources they absolutely require, and ensuring that monitoring systems have full visibility into, well, everything.
The zero-trust model is at the heart of Tetration, a workload protection and cybersecurity system offered by Cisco Systems—and delivered as a software-as-a-service offering running on Oracle Cloud Infrastructure.
The Tetration service goes both broad and deep. Broad, in that it aims to protect all of a company’s users, applications, data, compute infrastructure, virtual machines, containers and network traffic. Deep, because Tetration looks at every process interaction, at metadata from every network packet, at the metadata that describes each application process, at the storage and file systems containing corporate data, and even at employee and customer user activity.
While a company’s applications are running, the data is flowing, shoppers are buying, and employees are working, Tetration is protecting. It uses real-time telemetry from applications—down to the individual end user or software process—to detect changes such as abnormal activity caused by a hacker or malware, or by attempts to exploit newly discovered flaws.
Back to the zero-trust model: Tetration combines the enterprise’s high-level IT security policies with AI-discovered patterns of baseline application behavior. Tetration also factors in industry data about software vulnerabilities, threat telemetry and indicators of attack. Using those policies, it can segment application components, microservices and data sources into their own network spaces, to ensure that digital access to important resources is permitted only on an as-needed basis to users or other application components that have a safe posture and operating behavior. Of course, in a large enterprise, the IT environment changes all the time, so no administrator or team of administrators can understand all the changes and their ramifications. That’s where Tetration uses artificial intelligence and machine learning to eliminate the burden of whitelist policy lifecycle management and application management.
Tetration’s software agents see all those changes to the network architecture, applications, users and workloads. The Tetration analytics engine uses AI and ML to update the segmentation while assessing whether those changes increase risk and could lead to future vulnerabilities. The Tetration AI identifies the applications and databases in the environment and the dependencies, whether in the cloud or in the on-premises data center.