Industrial cybersecurity: know the biases that can derail collaboration between OT and IT
November 3, 2021
BIM surge: New study reveals dramatic acceleration of digital transformation
November 4, 2021

Taking Full Control of your Telemetry with the Intelligent Telemetry Plane

Categories
Tags

Earlier this year, we introduced the Cisco Telemetry Broker (CTB) and showed customers how it can free their telemetry from proprietary protocols and allow them to use the tools and solutions they already have in place to coexist seamlessly. Today, we would like to introduce you all to the notion of the Intelligent Telemetry Plane. Products in the market today like the UDP Director (UDPD) and all its competitors are effectively single box solutions that take in telemetry such as Netflow and Syslog, apply some rules to it and send it out to the manually configured destinations.

With the Cisco Telemetry Broker, we are laying the foundation of a much larger vision. We treat all telemetry in a holistic, enterprise-wide manner and not just as separate streams of data that need to be individually routed.  So, while UDPD was deployed as individual telemetry brokers, CTB is deployed as set of broker nodes that work in tandem to satisfy the telemetry requirements of an organization.

Overview

Cisco Telemetry Broker enables the next-generation Intelligent Telemetry Plane by giving customers the features and outcomes they desire most:

  • Control – the ability to control and manage your telemetry using a single pane of glass
  • Reliability – ensuring that telemetry from all possible sources is being tracked and sent reliably to destinations
  • Availability – being able to handle any outages speedily
  • Visibility – an unprecedented view into how telemetry is traversing the network
  • Extensibility – an architecture that has the ability to add new functionality and customizations easily
Diagram of Single Broker vs Intelligent Telemetry Plane
Figure 1: Single Broker vs. Intelligent Telemetry Plane

The figure above shows how a single telemetry broker traditionally operates compared to an Intelligent Telemetry Plane that treats telemetry in a globally holistic manner.

Let’s take a closer look at each of these aspects in more detail.

Control

The Intelligent Telemetry Plane gives incredible control over the management of all telemetry in the network. Features include:

  • Single pane of glass view and control over all the CTB Broker Nodes. This greatly simplifies the overall configuration of how telemetry should be managed in the entire network
  • Ability to apply global policies across the entire network, such as the ability to route all IPFIX traffic to a specific destination
  • Support for both pull and push models for ingesting telemetry – for example, syslog can be pushed to the nodes today, while AWS VPC flow logs are pulled from the cloud
  • Simplifying the configuration of how sources send telemetry using virtual IPs and anycast addresses
  • Fine-grained control over all your telemetry using the brokering, filtering and transform operations

Reliability

With the Intelligent Telemetry Plane, the goal is to ensure that all telemetry can be delivered from any source to any destination in the desired format. We have added several features to ensure that the telemetry plane is always operating reliably.

  • Detect when sources become inactive
  • Detect if sources are misconfigured
  • Detect if a destination goes down (and stop traffic until they are back up)
  • Ensure that telemetry is flowing as per global policy.

All of this is now possible at performance levels never seen before because the Cisco Telemetry Broker nodes have been purposefully designed to operate on telemetry. Furthermore, the Cisco Telemetry Broker architecture can scale seamlessly both horizontally and vertically.

Availability

High Availability is an absolute requirement of the Intelligent Telemetry Plane. Nodes can fail and connections can get severed for a variety of reasons. We have implemented a robust set of features to handle failures. With Cisco Telemetry Broker, you can setup multiple clusters consisting of two or more broker nodes and assign various resources to them (for example a virtual IP). There is always one Active node for a resource and the remaining nodes in that cluster are in hot standby, ready to take over instantly if the Active node happens to fail.

Additional features are being planned like operating in Active/Active mode as well as automatically balancing cluster resources (for example, if you assign both a virtual IPv4 and a virtual IPv6 address, the cluster automatically assigns them to different active nodes).

Even when it comes to upgrading the Cisco Telemetry Broker infrastructure, nodes are upgraded in a sequential manner making judicious use of failover such that downtime is completely eliminated.

As we build out the availability capabilities, the goal is for Cisco Telemetry Broker to intelligently manage processing resources as well. For example, if a node in a cluster is heavily over-worked, Cisco Telemetry Broker can shunt traffic to other nodes in the cluster and perform the brokering, filtering, and transformation operations there.

Visibility

With Cisco Telemetry Broker as the foundation of the Intelligent Telemetry Plane, we give you unprecedented visibility into telemetry in the network. We are just scratching the surface on the visibility feature set. Today we give you end-to-end visibility into telemetry flows, everything from how much telemetry is being generated from each source to where it is going. We have added the ability to classify most telemetry automatically (in a port agnostic manner) so that you know what are all the different telemetry types that are present in the network. And we monitor everything that can be monitored from a health perspective.

Extensibility

We have made sure that the architecture of the Intelligent Telemetry Plane is extensible as we add more features and functionality. The Cisco Telemetry Broker architecture is a very modern one and can easily be extended to add new forms of telemetry for both ingest and egest, customizable transforms and filters, support for Model Driven Telemetry (which is the gaining traction in the telemetry world), and additional deployment options.

All of this is built on a high-performance architecture that is capable of scaling seamlessly to 100Gbps ports and beyond without the need for expensive hardware.

Summary

When it comes to managing an organization’s telemetry, there’s no better solution than Cisco Telemetry Broker. No other product is able to leverage the entire telemetry plane of an organization in a seamless and holistic manner, giving customers greater insight into their network. Cisco Telemetry Broker can enhance an organization’s extended detection and response (XDR) strategy. Working alongside Cisco Secure products like SecureX and Secure Analytics, Cisco Telemetry Broker provides the simplicity, visibility, and efficiency security teams need for a more proactive approach to security.

To learn more visit http://cs.co/telemetrybroker

 

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

glocompmarketing
glocompmarketing