Network analytics provides insight to the traffic flow between applications and endpoints. Telemetry data is streamed in real-time from software sensors and network devices to big-data clusters. Implementing the policy to create a whitelist-based segmentation and zero-trust model requires automation when dealing with tens of thousands of workloads and complex rules.
This session examines how Cisco Tetration Analytics provides an accurate inventory of devices, software packages and version information to detect software vulnerabilities and implement a zero-trust policy model on network fabrics, firewalls and application delivery controllers.
Using Ansible Tower to implement security policies and telemetry streaming for hybrid clouds
1. AUSTIN 2018
Using Ansible Tower to implement security policies and
telemetry streaming for hybrid clouds
2. Network analytics provides insight to the traffic flow between applications and endpoints.
Telemetry data is streamed in real-time from software sensors and network devices to big-data
clusters. Implementing the policy to create a whitelist-based segmentation and zero-trust model
requires automation when dealing with tens of thousands of workloads and complex rules.
This session examines how Cisco Tetration Analytics provides an accurate inventory of devices,
software packages and version information to detect software vulnerabilities and implement a
zero-trust policy model on network fabrics, firewalls and application delivery controllers.
Using Ansible Tower to implement security policies and
telemetry streaming for hybrid clouds
3. o How did I get started using Ansible?
Wrote NX-API module for Cisco
Nexus switches
o How long?
Since January 2015
o Favorite thing to do with Ansible?
Mentor network engineers on
infrastructure programmability
4. o Joel W. King
Principal Architect
World Wide Technology
Research Triangle Park, NC
o Experience
AMP Incorporated, Network Architect
Cisco, Cisco Validated Designs (CVDs)
NetApp, Big Data: Video Surveillance Storage
o Facts and Contact Info
CCIE 1846 (ret.)
2016 Phantom Cyber Hall of Fame
linkedin.com/in/programmablenetworks
@joelwking joel.king@wwt.com
DevNet Create 2018
7. SHARE
ACT
TRACE
HUNT
BEHAVIORS
THREATS
TRIAGE
DETECTION
TELEMETRY
INVENTORY
Can you collaborate with trusted partners to disrupt adversary campaigns?
Can you deploy proven countermeasures to evict and recover?
During an intrusion, can you observe adversary activity in real time?
Can you detect an adversary that is already embedded?
Can you detect adversary activity within your environment?
Who are your adversaries? What are their capabilities?
Can you accurately classify detection results?
Can you detect unauthorized activity?
Do you have visibility across your assets?
Can you name the assets you are defending?
What is it doing?
Should it?
What’s on my network?
12. o Deploy Software Sensors
setup_tetration_sensor.yml
o Dynamic Inventory
inventory/sensors.py
o Network Policy Publisher
library/tetration_network_policy.py
PLUGINS
MODULES
ANSIBLE PLAYBOOK
DATA
REST API
https://github.com/joelwking/ansible-tetration
15. o Extensive matrix of Windows | Unix | Linux
o Package and version dependencies
e.g. rpm (even in Ubuntu/Debian)
o Different agent RPMs for …
o Agent type, e.g. enforcement, visibility
o Target system, e.g. CentOS 6.0 vs 7.0
o Latest version covers 34 RPMs
o Agent downloaded from GUI
16. o Rather than PDF …
o ./setup_tetration_sensor.yml
[administrator@centos-ansible-1 ~]$ uname
Linux
[administrator@centos-ansible-1 ~]$ -r
-bash: -r: command not found
[administrator@centos-ansible-1 ~]$ uname -r
3.10.0-862.el7.x86_64
command: uname -r value: 3.10.0-862.el7.x86_64
command: cat /etc/shells value: /bin/sh
command: dmidecode -V value: 3.0
command: openssl version -a value: OpenSSL 1.0.2k-fips
command: cpio --version value: cpio (GNU cpio) 2.11
command: sed --version value: sed (GNU sed) 4.2.2
command: awk --version value: GNU Awk 4.0.2
command: flock -V value: flock from util-linux 2.23.2
command: iptables --version value: iptables v1.4.21
command: ipset --version value: ipset v6.29,
ansible-tetration/setup_tetration_sensor.yml
24. DevNet Create 2018
Export whitelist policy
GUI SAVE AS
[ JSON, XML or YAML ]
https://github.com/joelwking/ansible-aci/blob/master/aci_contracts_filters.yml
No SQL
ANSIBLE PLAYBOOK
CISCO ACI NETWORK
MODULES
python
25. Network Policy Publisher
ANSIBLE PLAYBOOK
aci_create_filters.yml
BROKER
message publisher
policy subscription
MODULES
tetration_network_policy.py
Alerts every minute for enforcement
Released in 2.3.1.41 April 2018
27. UPDATE_START UPDATE UPDATE_END
Tetration Network Policy
Kafka message(s)
topic
partition
offset
key
value
Google Protocol Buffer
Network Policy Network Policy
len( value ) == 8
28.
29. o AnsibleFest 2018: Using Ansible Tower to implement security
policies and telemetry streaming for hybrid clouds
https://github.com/joelwking/ansible-tetration
o DevNetCreate 2018: Applying a whitelist policy generated by
Cisco Tetration to an ACI network fabric.
https://www.wwt.com/all-blog/devnet-create-2018/
o Cisco Tetration Light-board: Cloud Workload Protection
https://youtu.be/Hd56GVVr_AE
o WWT AnsibleFest
https://www.wwt.com/event/ansiblefest/
30. David Goeckler, EVP / GM of Cisco's Networking and Security
… turning the whole network into essentially a big software system where you define your
policy in one place …
That policy gets translated into what you want the network to do, and then you have an
automation layer that activates all of those changes across your network fabric.
https://www.networkworld.com/article/3280959/lan-wan/cisco-s-david-goeckeler-talks-security-networking-software-and-sd-wan-outlook.html