Constructing community and workload safety architectures could be a daunting job. It entails not solely selecting the best answer with the suitable set of capabilities, but in addition making certain that the options supply the appropriate stage of resilience.
Resilience is usually thought-about a community perform, the place the community should be strong sufficient to deal with failures and supply alternate paths for transmitting and receiving information. Nonetheless, resilience on the endpoint or workload stage is often ignored. As a part of constructing a resilient structure, it’s important to incorporate and plan for situations by which the endpoint or workload answer may fail.
After we look at the present panorama of options, it often boils down to 2 totally different approaches:
Agent-Based mostly Approaches
When selecting a safety answer to guard software workloads, the dialogue usually revolves round mapping enterprise necessities to technical capabilities. These capabilities usually embrace security measures comparable to microsegmentation and runtime visibility. Nonetheless, one facet that’s usually ignored is the agent structure.
Typically, there are two principal approaches to agent-based architectures:
- Userspace putting in Kernel-Based mostly Modules/Drivers (in-datapath)
- Userspace clear to the Kernel (off-datapath)
Safe Workload’s agent structure was designed from the bottom as much as defend software workloads, even within the occasion of an agent malfunction, thus stopping crashes within the software workloads.
This robustness is because of our agent structure, which operates fully in userspace with out affecting the community datapath or the appliance libraries. Subsequently, if the agent had been to fail, the appliance would proceed to perform as regular, avoiding disruption to the enterprise.
One other facet of the agent structure is that it was designed to offer directors management over how, when, and which brokers they need to improve by leveraging configuration profiles. This method gives the pliability to roll out upgrades in a staged trend, permitting for mandatory testing earlier than going into manufacturing.
Agentless-Based mostly Approaches
One of the best ways to guard your software workloads is undoubtedlythrough an agent-based method, because it yields the most effective outcomes. Nonetheless, there are situations the place putting in an agent will not be doable.
The primary drivers for selecting agentless options usually relate to organizational dependencies (e.g., cross-departmental collaboration), or in sure circumstances, the appliance workload’s working system is unsupported (e.g., legacy OS, customized OS).
When choosing agentless options, it’s essential to grasp the restrictions of those approaches. As an illustration, with out an agent, it’s not doable to attain runtime visibility of software workloads.
However, the chosen answer should nonetheless present the required security measures, comparable to complete community visibility of site visitors flows and community segmentation to safeguard the appliance workloads.
Safe Workload presents a holistic method to getting visibility from a number of sources comparable to:
- IPFIX
- NetFlow
- Safe Firewall NSEL
- Safe Consumer Telemetry
- Cloud Move Logs
- Cisco ISE
- F5 and Citrix
- ERSPAN
- DPUs (Information Processing Models)
… and it presents a number of methods to implement this coverage:
- Safe Firewall
- Cloud Safety Teams
- DPUs (Information Processing Models)
Key Takeaways
When selecting the best community and workload microsegmentation answer, at all times take note the dangers, together with the menace panorama and the resilience of the answer itself. With Safe Workload, you get:
- Resilient Agent Structure
- Utility runtime visibility and enforcement with microsegmentation
- Various function set of agentless enforcement
Be taught extra about Cisco Safe Workload
We’d love to listen to what you assume. Ask a Query, Remark Beneath, and Keep Related with Cisco Safety on social!
Cisco Safety Social Channels
Instagram
Fb
Twitter
LinkedIn
Share: