We actively seek improvements in integrating the Infoblox DDI platform with Cisco Secure Workload. This integration allows Cisco Secure Workload to learn about our networks and network tags, providing valuable insights into vulnerabilities related to the operating system and various applications installed on our servers.

Recently, Cisco announced a new product called HyperShield, an AI-based autonomous micro-segmentation solution. While Cisco has not stated that HyperShield will replace Cisco Secure Workload, it represents a natural evolution for the company. HyperShield features dynamic policy discovery and enforcement; however, once policies are enforced, they do not change until a discovery occurs, requiring a re-enforcement process. This new platform operates autonomously, minimizing the need for user or security engineer intervention. 

I would have expected Cisco to incorporate more automatic discovery and enforcement features within the existing Cisco Secure Workload product. Instead of enhancing the current product, they have introduced a new solution. Cisco plans to honor existing Tetration licenses, allowing users to transition to HyperShield without additional costs, reflecting the investment enterprises have already made.

From Cisco’s perspective, this represents a natural progression in their product line. While the product name changes, it seems more of a rebranding effort. The enhancements are greater autonomy, improved discovery, and automatic enforcement, which are now being introduced in HyperShield.

Cisco Secure Workload offers automatic policy enforcement but cannot adjust policies dynamically as the application needs to change. Having used the platform for the past five years, the recent announcement has been reassuring. Cisco has confirmed that our investment in the platform will not go to waste. They will honor our existing licenses, providing a natural migration path to the new solution without any disruption

There's room for improvement when it comes to Cisco Secure Workload. A couple of internal areas could be refined a little bit. They are trying to solve it, depending on where you suppose the agent is. Suppose you have the agent on both the server and the client, which could be the front-end server or web server connecting to the. In that case, if those two are communicating on RPC, the server can look into its configuration. It could go down and find the configuration file on the FTP server and then set the policies to it. But there are a lot of different FTP servers out there. It's also a complex case for the tool to support all FTP servers.

Some things are related to Windows, Unix, Linux, and IBM AIX. We have been working on all platforms, but the support for IBM AIX isn't that good compared to normal operating systems. Support is much better for Windows compared to IBM AIX.

On the client side, Cisco Secure Workload orchestrates host firewalls for micro-segmentation, which is crucial for zero trust security for whitelisting in networking. Before speaking of areas for improvement, I would like to say that I have always been fond of Cisco Tetration Platform and Cisco Secure Workload. There was a controversy when Cisco reduced the amount of data they kept, and the solution became quite cost-intensive, which made its adoption challenging. Although they have modified it now, I preferred the previous version, and I wish all the functionality were back under the same product. Currently, it is integrated into Cisco SD-Access, but not all customers want access to this product.

Secure Workload is a little complicated to use, and the dashboard isn't intuitive, so it takes a while to learn how to use it.

The product must be integrated with the cloud.

I'm in pre-sales. I have no technical complaints in regard to the product.

The integration could be better, especially with different types of solutions.

The scalability of this solution needs to be improved. For us, we are not yet at the breaking point, but it is a question.

This is an agent-based system but it is not clear how to efficiently deploy an agent. If you discover new assets, you can ask the neighbor on the network for functional sites. You can't deploy the agent because they don't have the feature. Sometimes you deploy from a web server and you discover new assets, but it fails to deploy for some reason.

The cartography has to be improved. We can add a new one, but we would like to be able to see the performance advantage of our changes over time.

The interface is really helpful for technical people, but it is not user-friendly.

The multi-tenancy, redundancy, backup and restore functionalities, as well as the monitoring aspects of the solution, need improvement. The solution offers virtually no enterprise-grade possibility for monitoring. Example include: The onboard features do not allow remote detection of simple hardware failures. There is no backup option for the data lake. The cluster cannot be deployed in a geo-redundant setup. There is no hardware upgrade path.

There is some overlap between Cisco Tetration and AppDynamics and there are few DC tools, It would be great  to have a single pane of glass, rather than have to jump between different tools.

A feature that I was looking for was emailed alerts and notifications so we'd get them right away. I don't know if it is there or not yet but I haven't had enough time to explore and find it.

The search capabilities can be improved as well.

Cisco Tetration needs more flags and system alerts that we should get with network capture. We haven't gotten into the security aspects of it. 

From a troubleshooting perspective, there are a few areas they can improve. There should be more types of data.

While the product does its job and more than any organization currently needs, the entire interface could be improved. It's ugly and uninviting. The biggest competitor has a very nice, modern-looking GUI. Tetration tends to be a lot more cumbersome and it's not very intuitive. It is a good thing for consultants, but not for a typical end user.

They should scale down the hardware a bit. The initial hardware investment is two million dollars so it's a price point problem. The issue with the price comes from the fact that you have to have it with enormous storage and enormous computes.

I would also like to see them develop more flexible export from other trades to third-party products or to form links to a third-party product. Make reports in the form that the auditor wants using a third-party product, for example.

It is not so easy to use and configure. It needs a bunch of further resources to work, which is mainly the biggest downside of it. The deployment is huge.

The problem is that we can only deploy the particular solution where we have the hardware with Cisco. This is only FX series switches, which have the hardware sensor built, and we have to deploy the software sensor.