Cisco: Take Control of Your Hybrid Environments with Cisco Secure Workload 3.6


Business requirements are driving significant changes in today’s data centers. Companies not only migrate applications from local data centers to the cloud, but also develop multi-cloud strategies that use availability, global presence and cost-saving structures. In fact, IDC has forecast that more than 90% of IT organizations will adopt multi-cloud architectures by 2022.

In addition, data centers run applications in a mixture of heterogeneous private, public and hybrid cloud computing environments and use bare metal, virtualized and container-based workloads. Managing security control configurations for on-premises, cloud, hybrid, and multi-cloud environments can quickly become complex, expensive, and tedious.

And in the middle of this journey to cloud transformation, the oldest cybersecurity challenge still stands: How can applications and data be better secured without compromising agility?

Cisco Secure Workload 3.6 addresses these critical security challenges by:

  • Providing comprehensive workload protection features that bring security closer to applications

  • Adjust the security status based on the behavior of the application

  • Simultaneous enforcement of segmentation and security policies on Cisco Secure Firewalls

Secure Workload’s design leverages extensive traffic flow telemetry (agentless and agentless data collection), advanced machine learning, and behavioral analysis techniques to support key data center security use cases:

  • Behavioral baselining, analysis and identification of workload anomalies

  • Zero trust model adoption that enables list-based microsegmentation

  • Detection of general weaknesses and risks in connection with the software installation on servers

  • Proactively quarantine servers if vulnerabilities are detected and block communication

  • Faster response to cyber threats – improving the company’s security

Cisco Secure Workload also provides one-click enforcement in multi-cloud data centers to reduce the attack surface and enforce the security framework using application segmentation. Secure Workload normalizes policies for each server and eliminates human intervention for further policy identification.

From the user experience, Cisco Secure Workload provides an intuitive point-and-click web interface to find information using visual queries and visualize statistics using a variety of charts and tables. In addition, all administrative functions and cluster monitoring can be performed from the same web user interface.

New orchestration of Amazon Web Services

The integration with Amazon Web Services (AWS) Virtual Private Cloud (VPC) harmonizes security configurations, coordinates north-south, east-west traffic of the AWS security groups and offers an agentless approach with AWS VPC flow protocols for policy discovery and segmentation the workload.

Equally important, the new coordinated orchestration provides the user with a simpler cloud onboarding workflow that accelerates secure application delivery and increases the responsiveness of the security infrastructure when applications change dynamically. As part of the new functionality introduced in 3.6, Secure Workload also supports the automatic collection of the instance inventory while it is running or stopped from an AWS Region. This functionality makes it much easier to create and maintain areas and guidelines.

In addition, the integration reduces the need for manual data releases during policy implementation, simplifies administration, and reduces the formation of security silos with separate controls that lead to inefficient and ineffective security operations.

Visibility and policy discovery for Kubernetes workloads

The need to maximize resource utilization makes Kubernetes the market standard for container management because it allows the flexibility to scale across multiple servers in a cluster and replicate instances or pods across different nodes.

However, running different applications on the same Kubernetes cluster can put a compromised workload at risk of attacking a neighboring workload. The microsegmentation ensures that containers can only communicate as intended. One of the biggest challenges in Kubernetes deployments is creating network segmentation between pods, services, and containers. This is an inherent challenge due to the dynamic nature of container network identities and the fact that containers can communicate both within the same node and between nodes.

The integration of Secure Firewall with the new Application Dependency Mapping (ADM) of Secure Workload 3.6 reduces the communication security risks of Kubernetes. Secure Workload now discovers network policies across applications, both inside and outside the Kubernetes deployment tiers.

With Cisco Secure Workload 3.6, Kubernetes security is enhanced by:

  • Easier process of defining areas and guidelines through automated collection of environmental inventory

  • Better management and monitoring of Kubernetes environment resources such as nodes, pods, and services

  • Ability to provide enforcement policies in Kubernetes resources (pods, nodes) using the new automated recording

In summary

Cisco’s hybrid and multi-cloud security capabilities give you unparalleled control, efficiency, and effectiveness across your networks and closer to your applications. In your application infrastructure, you promote the micro-segmentation of application workloads in connection with common and coordinated guidelines in the AWS security groups as well as physical and virtual Cisco Secure Firewalls.

Additional resources

Cisco Secure Workload website

Cisco Secure Workload FAQ

Cisco Secure Workload Datasheet

The why, what, and how of the Cisco Secure Workload Solution

Configure Secure Firewall and Secure Workload – Unified segmentation and policy



Comments are closed.