Please share with the community what you think needs improvement with Cisco Secure Workload.
What are its weaknesses? What would you like to see changed in a future version?
Support for all OS as currently they do not support AIX which is normally base OS for any critical Banking Workload
Solution should be able to provide micro Segmentation policy based on process rather then only IP base. Incase attacker gain access to application server and get to get application password from OS memory dump he can easily connect to database server as in case of cisco policy will be based on IP and Port rather then process
There is some overlap between Cisco Tetration and AppDynamics and there are few DC tools, It would be great to have a single pane of glass, rather than have to jump between different tools.
The scalability of this solution needs to be improved. For us, we are not yet at the breaking point, but it is a question. This is an agent-based system but it is not clear how to efficiently deploy an agent. If you discover new assets, you can ask the neighbor on the network for functional sites. You can't deploy the agent because they don't have the feature. Sometimes you deploy from a web server and you discover new assets, but it fails to deploy for some reason. The cartography has to be improved. We can add a new one, but we would like to be able to see the performance advantage of our changes over time. The interface is really helpful for technical people, but it is not user-friendly.
The multi-tenancy, redundancy, backup and restore functionalities, as well as the monitoring aspects of the solution, need improvement. The solution offers virtually no enterprise-grade possibility for monitoring. Example include: The onboard features do not allow remote detection of simple hardware failures. There is no backup option for the data lake. The cluster cannot be deployed in a geo-redundant setup. There is no hardware upgrade path.
A feature that I was looking for was emailed alerts and notifications so we'd get them right away. I don't know if it is there or not yet but I haven't had enough time to explore and find it. The search capabilities can be improved as well.
Cisco Tetration needs more flags and system alerts that we should get with network capture. We haven't gotten into the security aspects of it. From a troubleshooting perspective, there are a few areas they can improve. There should be more types of data.
While the product does its job and more than any organization currently needs, the entire interface could be improved. It's ugly and uninviting. The biggest competitor has a very nice, modern-looking GUI. Tetration tends to be a lot more cumbersome and it's not very intuitive. It is a good thing for consultants, but not for a typical end user.
Guys, what is the best solution for microsegmentation?
Today we have a 100% Cisco + AlgoSec equipment base. I'd like to hear about Guardicore - what can you tell me about it?