The most valuable feature of Cisco Secure Workload is its ability to streamline policy discovery. Once you create the workspace, it automatically identifies policies at various levels, whether you need finely-tuned micro-level or broader group policies. As data is gathered from all the agents, the system presents these policies, significantly reducing the need for multiple engineers who typically take much longer to create them. My IT risk colleagues utilize a process we call ADM, where they discover policies over a three to six-month period and present them to application owners. Once the application owners approve the policies, they can switch to enforcement mode in Cisco Tetration. This automation in policy presentation and access is incredibly valuable, as it minimizes manual intervention and the time required for policy discovery.

Micro-segmentation allows for precise enforcement of policies based on specific needs. You can implement tight risk postures, defining policies per IP, server, or port. This enables granular control or broader policies at the group level, grouping similar types of servers. The system automates this process; you specify your risk appetite and how detailed or general you want the policies to be. This approach protects servers that sit next to each other on the same VLAN without requiring large network firewalls to create multiple dependencies or DMZs. Instead, it leverages the existing firewalls on each server, allowing you to control policies centrally.

The only use case I can see that makes sense is micro-segmentation. I think there are other use cases for it. The main purpose of the product is to do micro-segmentation by collecting IP. That could be done by installing an agent, and then you have all the communication coming in and out. You could also use some flow sensors installed in the network that receive a copy of the traffic and then report that back to the system.

No matter where you're getting the flow from, the system calculates all those flows. You know what the front end, the middleware, the back end, the database, and so on are so that you can group them. The system's strength is actually in proposing the policy. So, all web servers need to have HTTPS access to it.

Then, you can start building the policy for your application. When you have a policy, you can push that situation for self-service, which means you're trying out the policies you created in a real environment. Then, you can spend time trying to see if you have any escaped traffic, which means you have traffic that does not match the policy. If you were in enforcement mode, that traffic would be dropped. So you have a period where you can monitor if you have done the correct mode, seen all the traffic, and so on. That could be for a couple of weeks, that could be a month, or it could be half a year, depending on the criticality and how important your system actually is.

From my point of view, the strength is the policy proposal you're receiving. It's really good. That's the biggest challenge for everybody - creating a policy you could use in Cisco Secure Workload itself. You could also export it and use it in your firewall if you want to do that if you have a Cisco firewall setup. But you could also use it in every other enforcement part. I'm seeing what people are struggling with in companies - to actually restructure your CMDB data correctly, then get a policy that you can use in your network. I think that the tool is good at that.

I used to be a big fan of Cisco Secure Workload and Cisco Tetration Platform. I used to really like it. However, the product has undergone significant modifications since then. Certain pieces of it have been moved into Cisco SD-Access, and the original DVR of the network functionality has been moved. As a result, the product has changed a lot since I was most familiar with it.

Regarding features, it's quite similar to scanning tools as it catalogs vulnerabilities and identifies their locations on your endpoints within the network. It operates on an agent-based system and uses a catalog and scoring function to determine where known vulnerabilities exist.

Secure Workload's best feature is that it's an end-to-end offering from Cisco.

The product provides multiple-device integration.

The solution is very user-friendly, which clients appreciate. 

The UI and GUI are fine.

It's stable. 

We can scale the product.

Technical support is helpful and responsive. 

The most valuable feature is micro-segmentation, which can be used to deploy endpoint security along with the visibility of application and connection matrix

This product is simple to deploy, and provides visibility of connectivity between the endpoints/application.

The most valuable feature of this solution is security. We check processes on the different components of the virtual machines.

The solution offers 100% telemetry coverage. The telemetry you collect is not sampled, it's not intermittent. It's complete. You see everything in it, including full visibility of all activities on your endpoints and in your network. 

Other valuable features include vast support for annotations, flexible user applications, machine learning, automatic classification, and hierarchical policies.

The most valuable feature right now is to do with having visibility on the network — especially on our servers — and to be able to enforce some type of security measures. This is mostly to combat processes that shouldn't be running on the servers.

The data analytics and all the data that it gathers are very useful. It creates a fast turn around to improve the speed of decision making so we can decide what we need to do to remain secure.

The most valuable feature of the solution is that we don't have to do packet captures on the network. 

While automated micro-segmentation is in itself valuable, application dependency mapping is time-saving and efficient. 

The most valuable feature is the auditing. They prove that we don't have out of scope conversations between servers that are not allowed.

Scalability is its most valuable feature.

The telemetry gives me the visibility on the particular path. It helps to analyze the whole fabric itself. I also get to know what condition we have and on which interfaces. We look at heavy traffic so we can share the particular load across to other interfaces as well.