Cisco and Nvidia: Redefining Workload Security


There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access the network, it becomes an “all you can eat” buffet as they move laterally around the environment, taking control, and either exfiltrating sensitive data, or locking it up with ransomware. Enterprises traditionally use two approaches to mitigate these risks: implementing intrusion detection solutions and defining micro-perimeters around their applications and data.

Cisco Secure Workload allows enterprise customers to proactively microsegment their applications in an infrastructure, location, and form factor agnostic manner. This helps to ensure that workloads communicate with only the necessary services and can significantly reduce the blast radius. Cisco Secure Workload uses the Agent software installed on application workload instances to capture telemetry, apply machine learning to determine microsegment/zero trust policies for applications and enforce these policies by programming the OS-specific firewalling layer.

Nvidia Bluefield family of Data Processing Units (DPUs), are leaders in the smart Network Interface Card (NIC) market, are hugely popular with server vendors and cloud service providers (CSPs). As customers are clamoring to offload necessary support functions such as data transfer, optimization, security, and analytics to the DPU, making the workload resources exclusively available to run their business application.

Last month, Cisco and Nvidia announced a partnership uniting their expertise to create an infrastructure powered by artificial intelligence. The goal of this collaboration is to equip enterprises with the necessary technology and know-how to effectively construct, implement, oversee, and safeguard AI solutions at scale.

With Cisco Secure Workload 3.9, we introduced the Nvidia Bluefield DPU integration which allows the offloading of Secure Workload Agent functionality from hosts to Nvidia Bluefield DPUs. The purpose of this integration was to enhance application performance, scalability, and administrator productivity. The agent deployed on the DPUs gathers the flow telemetry and enforces the policy on the DPU to achieve microsegmentation.

Under the hood, the control plane logic of the Cisco Secure Workload agent operates on the ARMv8+ CPUs. Essential telemetry, including connection tracking and the allowed/denied packet, is gathered seamlessly via the ASAP2 framework directly from the eSwitch hardware module, with minimal impact on latency and throughput. Subsequently, the agent exports summarized telemetry to the Cisco Secure Workload for thorough processing. Cisco Secure Workload then uses unsupervised machine learning algorithms to discern allow-list policies, which are rigorously analyzed against live traffic to assess their impact before deployment to the production environment. These analyzed policies are then transmitted to the agent for enforcement. Leveraging the Nvidia-provided OVS API layer, the agent programs policies into OpenFlow rules on the eSwitch, enabling hardware-accelerated traffic firewalling. This architectural design prioritizes minimal software intervention during telemetry capture and policy enforcement to avoid overwhelming the DPU’s embedded CPU.

Cisco Secure Workload and Nvidia teams are jointly exploring new capabilities and opportunities, including bolstering Cisco Secure Workload agent support for Nvidia Bluefield DPU-enabled smart switches, enhancing DPU agent capabilities to facilitate host-to-host data-in-motion encryption, and joint go-to-market with the leading CSPs offering DPU/SmartNIC as a part of their IaaS offerings.

With the support for Nvidia Bluefield family of DPUs, Cisco Secure Workload customers can now seamlessly deploy agentless microsegmentation with equivalent effectiveness to agent-based solutions across their virtualized, containerized, and bare metal hosts spanning multicloud environments. Cisco Secure Workload – Nvidia DPU integration fosters a flexible deployment approach which reduces organizational barriers, greatly enhances practitioner experiences, and accelerates the time to value. Cisco Secure Workload tackles the complexities of safeguarding legacy and ephemeral application landscapes through comprehensive visibility, precise control, and automated policy enforcement. It empowers enterprises to safeguard vital assets against advanced threats, reduce susceptibility to attacks, and ensure adherence to regulatory standards, while optimizing operational productivity.

Reserve your spot today to experience an interactive, hands-on Secure Workload virtual Test Drive.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn

Share:





Source link