Wednesday, February 21, 2024
HomeCloud ComputingSafe Multicloud Infrastructure with Cisco Multicloud Protection

Safe Multicloud Infrastructure with Cisco Multicloud Protection


It’s a multicloud world!

At the moment functions are now not restricted to the boundaries of a knowledge middle; functions are deployed in all places – this transformation brings a necessity for an answer that may present end-to-end visibility, management, coverage administration, and ease of administration.

Market Pattern

Organizations are embracing the ability of the general public cloud as a result of it supplies agile, resilient, and scalable infrastructure, enabling them to maximise enterprise velocity. A latest examine exhibits that 82% of IT leaders have adopted hybrid cloud options, combining personal and public clouds. Moreover, 58% of those organizations are utilizing between two and three public clouds1, indicating a rising development in the direction of multicloud environments. As organizations lean additional into multicloud deployments, safety groups discover they’re taking part in catch up, tirelessly trying to construct a safety stack that may sustain with the agility and scale of their cloud infrastructure. Groups additionally face a scarcity of unified safety controls throughout their environments. By definition, cloud service supplier safety options usually are not designed to attain end-to-end visibility and management within the multicloud world, hardening silos and creating larger safety gaps. Organizations want a cloud-agnostic resolution that unifies safety controls throughout all environments whereas securing workloads at cloud velocity and scale.

Cisco Multicloud Protection is a extremely scalable, on-demand “as-a-Service” resolution that gives agile, scalable, and versatile safety to your multicloud infrastructure. It unifies safety controls throughout cloud environments, protects workloads from each course, and drives operational effectivity by leveraging safe cloud networking.

Safe cloud networking might be damaged down into three pillars:

  • Safety: Gives a full suite of safety capabilities for workload safety
  • Cloud: Integrates with cloud constructs, enabling auto-scale and agility
  • Networking: Seamlessly and precisely inserts scalable safety throughout clouds with out handbook intervention

One of many key advantages of Cisco Multicloud Protection is just not solely its skill to unify safety controls throughout environments however implement these insurance policies dynamically. With dynamic multicloud coverage administration, you’ll be able to:

  • Maintain insurance policies updated in near-real time as your atmosphere adjustments.
  • Join steady visibility and management to find new cloud property and adjustments, affiliate tag-based enterprise context, and mechanically apply the suitable coverage to make sure safety compliance.
  • Energy and defend your cloud infrastructure with safety that runs within the background through automation, getting out of the way in which of your cloud groups.
  • Mitigate safety gaps and guarantee your group stays safe and resilient.

One other key good thing about Multicloud Protection is the way it provides enforcement factors (PaaS) in each distributed and centralized architectures.

Cisco Multicloud Protection Overview

Cisco Multicloud Protection makes use of a standard precept in public clouds and software-defined networking (SDN) which decouples the management and information aircraft, translating to the Multicloud Protection Controller and the Multicloud Protection Gateways.

The Multicloud Protection Gateway(s) are delivered as Platform-as-a-Service (PaaS) in AWS, Azure, Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI). These gateways are delivered, managed, and orchestrated by a SaaS-based Multicloud Protection Controller.

Determine 1: Cisco Multicloud Protection Overview
  • Multicloud Protection Controller (Software program-as-a-Service): The Multicloud Protection Controller is a extremely dependable and scalable centralized controller (management aircraft) that automates, orchestrates, and secures multicloud infrastructure. It runs as a Software program-as-a-Service (SaaS) and is absolutely managed by Cisco. Clients can entry an online portal to make the most of the Multicloud Protection Controller, or they could select to make use of Terraform to instantiate safety into the DevOps/DevSecOps processes.
  • Multicloud Protection Gateway (Platform-as-a-Service): The Multicloud Protection Gateway is an auto-scaling fleet of safety software program with a patented versatile, single-pass pipelined structure. These gateways are deployed as Platform-as-a-Service (PaaS) into the client’s public cloud account(s) by the Multicloud Protection Controller, offering superior, inline safety protections to defend in opposition to exterior assaults, block egress information exfiltration, and forestall the lateral motion of assaults.

Multicloud Protection Gateways

Within the Cisco Multicloud Protection resolution, organizations can use the controller to deploy extremely scalable and resilient Egress Gateways or Ingress Gateways into their public cloud account(s).

Egress Gateway: Shield outbound and east-west visitors. The egress gateway supplies safety capabilities like FQDN filtering, URL filtering, information loss prevention (DLP), IPS/IDS, antivirus, ahead proxy, and TLS decryption.

Ingress Gateway: Protects inbound visitors and supplies safety capabilities like internet utility firewall (WAF), IDS/IPS, Layer-7 safety, DoS safety, antivirus, reverse proxy, and TLS decryption.

Word: Multicloud Protection Gateways are an auto-scaling fleet of cases throughout two or extra availability zones, offering agility, scalability, and resiliency.

Determine 2 exhibits safety capabilities of the ingress and egress Multicloud Protection Gateway.

Determine 2: Cisco Multicloud Protection Gateway

The gateway makes use of a single cross structure to offer:

  • Excessive throughput and low latency
  • Reverse proxy, ahead proxy, and forwarding mode
  • Flexibility in deciding on related superior community safety inspection engines, together with TLS decryption and re-encryption, WAF (HTTPS and internet sockets), IDS/IPS, antivirus/anti-malware, FQDN and URL filtering, DLP

Safety Fashions

This resolution supplies a versatile manner for safety insertion within the buyer’s infrastructure utilizing three extremely scalable and automatic deployment fashions (centralized, distributed, and mixed).

Centralized safety mannequin

Within the centralized safety mannequin, the Multicloud Protection Controller seamlessly provides gateways within the centralized safety VPC/VNet/VCN. On this structure, ingress and egress visitors is distributed to a centralized safety VPC/VNet/VCN for inspection earlier than it’s despatched to the vacation spot. This structure ensures scalability, resiliency, and agility utilizing cloud deployment finest practices.

Determine 3 exhibits egress and ingress gateways in a safety VPC/VNet/VCN.

  • For scalability, autoscaling is supported.
  • For resiliency, auto-scaled cases are deployed in multi-availability zones.
Determine 3: Centralized Safety Mannequin

In a centralized safety mannequin, gateways are deployed in a hub contained in the buyer’s cloud account. Nonetheless, clients can select to have a number of hubs throughout accounts/subscriptions.

Distributed safety mannequin

Within the distributed safety mannequin, the Multicloud Protection Controller seamlessly provides gateways in every VPC/VNet/VCN. On this structure, ingress, and egress visitors stays native within the VPC/VNet/VCN.

Based mostly on course, visitors stream is inspected by egress or ingress gateways. This deployment ensures scalability, resiliency, and agility utilizing cloud deployment finest practices.

Determine 4 exhibits egress and ingress gateways in every VPC/VNet/VCN.

  • For scalability, autoscaling is supported.
  • For resiliency, auto-scaled cases are deployed in multi-availability zones.
Determine 4: Distributed Safety Mannequin

Mixed safety mannequin (Centralized + Distributed)

This safety mannequin makes use of centralized and distributed fashions. On this case, some flows are protected by gateways deployed within the safety VPC/VNet/VCN, and a few flows are protected by gateways within the VPC/VNet/VCN.

Based mostly on the visitors stream, visitors is inspected by egress or ingress gateways. This deployment ensures scalability, resiliency, and agility utilizing cloud deployment finest practices.

Determine 5 exhibits egress and ingress gateways in a centralized safety VPC/VNet/VCN along with gateways deployed within the utility VCPs/VNets/VCNs.

  • For scalability, autoscaling is supported.
  • For resiliency, auto-scaled cases are deployed in multi-availability zones.
Determine 5: Centralized + Distributed Safety Mannequin

Use-cases

Egress safety

Determine 6 exhibits egress visitors safety in a centralized and distributed safety mannequin.

  • Within the centralized safety mannequin, visitors is inspected by gateways deployed within the safety VPC/VNet/VCN.
  • Gateways are auto-scale and multi-AZ conscious.
  • Within the distributed safety mannequin, visitors is inspected by gateways deployed within the utility VPC/VNet/VCN.
Determine 6: Egress visitors stream

Ingress safety

Determine 7 exhibits ingress visitors safety in a centralized and distributed safety mannequin.

  • Within the centralized safety mannequin, visitors is inspected by gateways deployed within the safety VPC/VNet/VCN.
  • Within the distributed safety mannequin, visitors is inspected by gateways deployed within the utility VPC/VNet/VCN.
  • Gateways are auto-scale and multi-AZ conscious.
Determine 7: Ingress visitors stream

Segmentation (east-west)

Determine 8 exhibits intra and inter-VPC/VNet/VCN visitors safety in a centralized and distributed safety mannequin.

  • Within the centralized safety mannequin, intra and inter-VPC/VNet/VCN visitors is inspected by gateways deployed within the safety VPC/VNet/VCN.
  • Within the distributed safety mannequin, intra-VPC/VNet/VCN visitors is inspected by gateways deployed within the utility VPC/VNet/VCN.
  • Gateways are auto-scale and multi-AZ conscious.
Determine 8: Segmentation (East-West) visitors stream

URL & FQDN filtering for egress visitors

URL & FQDN filtering prevents exfiltration and assaults that use command-and-control. The Multicloud Protection Gateway enforces URL & FQDN-based filtering in a centralized or distributed deployment mannequin.

  • URL filtering requires TLS decryption on the gateway.
  • FQDN-based filtering might be enforced on encrypted visitors flows.
Determine 8: URL & FQDN filtering for cloud egress

Coming quickly: Multicloud Networking use instances

In our upcoming launch (2HCY23), we’re including a set of Multicloud Cloud Networking use instances that allow safe connectivity — bringing all cloud networks collectively.

Multicloud Networking: Cloud-to-Cloud Networking

An egress gateway with VPN functionality supplies a safe connection to different cloud infrastructures. The egress gateway is delivered as-a-Service and supplies resiliency and autoscaling. This structure requires deploying the egress gateways with VPN functionality “ON.” These gateways use IPsec connectivity for a safe interconnection.

Determine 9: Cloud-to-Cloud Networking (IPsec)

Multicloud Networking: Website-to-Cloud Networking

An egress gateway with VPN functionality supplies a safe connection to on-premises infrastructure. This structure requires deploying the egress gateways with VPN functionality “ON” in safety VPC/VNet/VCN and a tool on the information middle edge for IPsec termination.

Determine 10: Website-to-Cloud Networking (IPsec)

Conclusion

It’s a multicloud world we stay in, and organizations want a cloud-agnostic resolution that unifies safety controls throughout all environments whereas securing workloads at cloud velocity and scale. With Cisco Multicloud Protection, organizations can leverage a simplified and unified safety expertise serving to them navigate their multicloud future with confidence.

For extra data on Cisco Multicloud Defends confer with cisco.com/go/multicloud-defense

Further Sources

Announcement weblog: Cisco Multicloud Protection

At-a-glance: Cisco Multicloud Protection

References

1 2022 World Hybrid Cloud Traits Report. S&P World Market Intelligence, 2022.


We’d love to listen to what you assume. Ask a Query, Remark Beneath, and Keep Linked with Cisco Safe on social!

Cisco Safe Social Channels

Instagram
Fb
Twitter
LinkedIn

Share:



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments