Home
»
2024
»
August
»
7
»
Health
»
Constructing a Resilient Community and Workload Safety Structure from the Floor Up

Constructing a Resilient Community and Workload Safety Structure from the Floor Up

Aug 7, 2024

0

0

You must Register or Login to Like or Dislike this video

Constructing community and workload safety architectures generally is a daunting job. It includes not solely selecting the best resolution with the suitable set of capabilities, but additionally making certain that the options supply the precise degree of resilience. Resilience is commonly thought-about a community operate, the place the community have to be sturdy sufficient to deal with failures and supply alternate paths for transmitting and receiving knowledge. Nevertheless, resilience on the endpoint or workload degree is ceaselessly missed. As a part of constructing a resilient structure, it's important to incorporate and plan for eventualities through which the endpoint or workload resolution would possibly fail. After we study the present panorama of options, it often boils down to 2 totally different approaches: Agent-Primarily based Approaches When selecting a safety resolution to guard utility workloads, the dialogue usually revolves round mapping enterprise necessities to technical capabilities. These capabilities sometimes embody security measures comparable to microsegmentation and runtime visibility. Nevertheless, one facet that's usually missed is the agent structure. Typically, there are two foremost approaches to agent-based architectures: Userspace putting in Kernel-Primarily based Modules/Drivers (in-datapath) Userspace clear to the Kernel (off-datapath) Safe Workload’s agent structure was designed from the bottom as much as defend utility workloads, even within the occasion of an agent malfunction, thus stopping crashes within the utility workloads. This robustness is because of our agent structure, which operates fully in userspace with out affecting the community datapath or the appliance libraries. Due to this fact, if the agent have been to fail, the appliance would proceed to operate as regular, avoiding disruption to the enterprise. Determine 1: Safe Workload’s Agent Structure One other facet of the agent structure is that it was designed to provide directors management over how, when, and which brokers they need to improve by leveraging configuration profiles. This method supplies the pliability to roll out upgrades...

Constructing community and workload safety architectures generally is a daunting job. It includes not solely selecting the best resolution with the suitable set of capabilities, but additionally making certain that the options supply the precise degree of resilience.

Resilience is commonly thought-about a community operate, the place the community have to be sturdy sufficient to deal with failures and supply alternate paths for transmitting and receiving knowledge. Nevertheless, resilience on the endpoint or workload degree is ceaselessly missed. As a part of constructing a resilient structure, it’s important to incorporate and plan for eventualities through which the endpoint or workload resolution would possibly fail.

After we study the present panorama of options, it often boils down to 2 totally different approaches:

Agent-Primarily based Approaches

When selecting a safety resolution to guard utility workloads, the dialogue usually revolves round mapping enterprise necessities to technical capabilities. These capabilities sometimes embody security measures comparable to microsegmentation and runtime visibility. Nevertheless, one facet that’s usually missed is the agent structure.

Typically, there are two foremost approaches to agent-based architectures:

Userspace putting in Kernel-Primarily based Modules/Drivers (in-datapath)
Userspace clear to the Kernel (off-datapath)

Safe Workload’s agent structure was designed from the bottom as much as defend utility workloads, even within the occasion of an agent malfunction, thus stopping crashes within the utility workloads.

This robustness is because of our agent structure, which operates fully in userspace with out affecting the community datapath or the appliance libraries. Due to this fact, if the agent have been to fail, the appliance would proceed to operate as regular, avoiding disruption to the enterprise.

Transparent Agent to Applications — Determine 1: Safe Workload’s Agent Structure

One other facet of the agent structure is that it was designed to provide directors management over how, when, and which brokers they need to improve by leveraging configuration profiles. This method supplies the pliability to roll out upgrades in a staged vogue, permitting for vital testing earlier than going into manufacturing.

Determine 2: Agent Config Profile and On-Demand Agent Upgrades

Agentless-Primarily based Approaches

The easiest way to guard your utility workloads is undoubtedlythrough an agent-based method, because it yields the perfect outcomes. Nevertheless, there are situations the place putting in an agent just isn’t potential.

The principle drivers for selecting agentless options usually relate to organizational dependencies (e.g., cross-departmental collaboration), or in sure circumstances, the appliance workload’s working system is unsupported (e.g., legacy OS, customized OS).

When choosing agentless options, it’s necessary to know the constraints of those approaches. For example, with out an agent, it isn’t potential to attain runtime visibility of utility workloads.

However, the chosen resolution should nonetheless present the mandatory security measures, comparable to complete community visibility of visitors flows and community segmentation to safeguard the appliance workloads.

Safe Workload gives a holistic method to getting visibility from a number of sources comparable to:

IPFIX
NetFlow
Safe Firewall NSEL
Safe Consumer Telemetry
Cloud Move Logs
Cisco ISE
F5 and Citrix
ERSPAN
DPUs (Knowledge Processing Models)

… and it gives a number of methods to implement this coverage:

Safe Firewall
Cloud Safety Teams
DPUs (Knowledge Processing Models)

Cisco Secure Workload - Microsegmentation from on-premise to cloud — Determine 3: Agentless Enforcement Factors with Safe Workload

Key Takeaways

When selecting the best community and workload microsegmentation resolution, all the time consider the dangers, together with the risk panorama and the resilience of the answer itself. With Safe Workload, you get:

Resilient Agent Structure
Utility runtime visibility and enforcement with microsegmentation
Numerous characteristic set of agentless enforcement

Be taught extra about Cisco Safe Workload

We’d love to listen to what you suppose. Ask a Query, Remark Under, and Keep Related with Cisco Safety on social!

Cisco Safety Social Channels

Instagram
Fb
Twitter
LinkedIn

Share:

Category

Health

Show more

0 Comments