Does Security Belong Near Endpoints?
As you’d expect, Cisco did a great job of presenting at #NFD16. I’d have to say they dazzled us, with some solar contribution. In this post, I’ll summarize Cisco’s presentation, but for details, you’ll want to watch the video recordings.
Cisco split its time across two topics:
(Love the pun, since the latter product is also inter-site. One might even say the goal of the product is the ex-site-ing of UCS management.)
My first impression: Tetration is clearly evolving and improving. It may be just me, but I think I heard more emphasis on agents and third-party sources, and less on Nexus 9K hardware. That makes sense in terms of not holding up purchase until hardware refresh time — something that previously may have deferred some/many ACI and Tetration buying decisions. Admittedly, hardware-based approaches have fewer touch points.
Initial customer interest in Tetration was light due to high price until recently, when smaller models became available.
The key point to me with anything like this or NetFlow, particularly for security applications, is that you really need to have ubiquitous coverage. Tetration does appear to potentially solve a lot of the problems with partial NetFlow deployments, or with performing a Network Packet Broker deployment. The Cisco presentation also certainly makes it appear the product is getting a lot of attention within Cisco and is rapidly maturing.
If you’ve read my prior blog posts, you know I’m a fan of using flows to understand applications better, especially before moving components to cloud or remote datacenters. That was the initial push with Tetration, in part since you need that info to migrate to ACI-based security.
More recently, and notably in the NFD16 presentation, Tetration is now also rapidly becoming more of a security alerting and mitigation tool.
Complementing all that, Tetration now has:
The presenters went on to talk about feeding Splunk and Phantom (see also my NFD16 Gigamon blog post), and Service Now. Yes, Cisco also talked about “Ecosystem”, as one would expect.
Hey, this was an X (X = Tech, Network) Field Day event, so of course there were demos and more! (Hint: see the videos.)
We got a pre-announcement view of Cisco Intersight. By the time these words appear, it will be well past launch date for that.
Concerning Intersight, I heard someone comment “Meraki-ize” UCSM, and that might not be far off base. Strength AND weakness: CI/CD (can you say: “instant bugs and quick fixes”?). There are some potentially compelling aspects for customers in the future (not initially):
Think about it: With customer UCS systems feeding data to Cisco in an automated and ongoing way, Cisco will get great crowd-sourced data on failing components, common problems, etc. — particularly if they can correlate your gear with your TAC calls.
Other early impressions:
There is one aspect of Intersight that I really appreciate Cisco presenting on. There was a very strong effort that apparently went into securing the product. Cisco clearly does not want to become a vector by which their customers get hacked, via the tunnels from the SaaS offering back to the site UCSM. It sounds like security got baked into Intersight (and the coding and management teams) from day one.
See the videos for details. I imagine as the offering matures the slide decks will get more polished and detailed, but what’s in the videos gets things off to a great start!
My fellow NFD16 delegates and Cisco have been busily blogging boldly, per below:
Comments are welcome, both in agreement or constructive disagreement about the above. I enjoy hearing from readers and carrying on deeper discussion via comments. Thanks in advance!
Does Security Belong Near Endpoints?
Replicating at Speed
Practice Safe BGP
Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.
John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services. Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.
He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.