As cyberattacks become more sophisticated, organizations must constantly adapt with cutting-edge solutions to protect their critical assets. One such solution is Cisco Secure Workload, a comprehensive security solution designed to safeguard application workloads across diverse infrastructures, locations, and form factors.
Cisco recently announced version 3.9 of the Cisco Secure Workload, which introduces a new level of security and operational efficiency for businesses. It provides new capabilities to mitigate threats and vulnerabilities and greater flexibility for deploying microsegmentation. It also now extends to NVIDIA BlueField-3 DPUs, with their dedicated Arm cores, to accelerate hardware tasks and isolate specific operations, ensuring efficient data processing and robust security for a more streamlined and secure infrastructure.
Cisco Secure Workload key features
Cisco Secure Workload safeguards application workloads by providing unparalleled visibility into every workload interaction and leveraging the power of AI to automate tasks that would be overwhelming for human administrators.
Cisco Secure Workload offers a multitude of features, including:
- Microsegmentation: This technique isolates workloads and restricts lateral movement within the network, preventing threats from spreading and minimizing the attack surface.
- Workload encryption: Data encryption, both at rest and in transit, safeguards sensitive information even if attackers gain access to the system.
- Threat detection and prevention: Cisco Secure Workload employs advanced threat detection mechanisms to identify and thwart malicious activity in real time.
- Automated incident response: The solution automates incident response procedures, enabling organizations to swiftly contain and remediate threats.
Integration with NVIDIA BlueField-3 DPUs
Cisco Secure Workload integrates with NVIDIA BlueField DPUs to revolutionize workload security. BlueField DPUs are a category of programmable processors specifically designed to offload tasks from the CPU and enhance data center security. They reside on the server hardware, strategically positioned in the data path between the network and the virtual machines (VMs).
By leveraging BlueField DPUs, Cisco Secure Workload can offload security-critical workloads from VMs. This frees valuable CPU resources on the VMs, enabling them to focus on core application processing tasks and improving overall application performance.
The NVIDIA BlueField-3 DPU is a game-changer for the delivery of data center services. BlueField is a 400 gigabits per second (Gb/s) infrastructure compute platform with line-rate processing of cybersecurity, storage, and software-defined networking. BlueField DPU combines powerful computing, high-speed networking, and extensive programmability to deliver software-defined, hardware-accelerated solutions for the most demanding workloads.
Key features include:
- Hardware acceleration and offloading: BlueField DPUs include dedicated hardware accelerators for specific security functions such as encryption, decryption, and data compression. These accelerators offload these computationally intensive tasks from the CPU, resulting in significant performance improvements.
- Enhanced scalability: As the number of VMs in an environment grows, the traditional agent-based approach becomes cumbersome to manage. BlueField-3, with its hardware offloading capabilities, provides increased scale to accommodate more VMs without compromising performance.
- Fortified security: BlueField-3 provides a layer of isolation between the network and the VMs. This isolation strengthens the overall security posture by preventing malware or unauthorized access attempts from reaching the VMs directly. The BlueField-3 hardware-based security features also complement Cisco Secure Workload’s software-based protections. These features include:
- Secure boot: Ensures only authorized firmware is loaded during system startup, preventing unauthorized modifications.
- Memory isolation: Creates secure enclaves within memory to isolate security workloads from other applications, preventing malware from tampering with critical security processes.
- Hardware root of trust: Provides a tamper-proof foundation for cryptographic operations, enhancing the overall security posture of the system.
- Streamlined workload enforcement: By offloading security tasks to the DPU, Cisco Secure Workload 3.9 enforces security policies more efficiently. This is because BlueField-3 is specifically designed for high-performance data processing, enabling it to handle security operations with greater efficiency compared to traditional VM-based agents.
- Reduced latency: Offloading security functions to the BlueField-3 reduces the latency associated with security enforcement. This translates to faster application response times and improved user experience.
- Simplified operations: The centralized management of security policies on the BlueField-3 simplifies operational tasks. Administrators no longer need to manage individual agents on each VM, reducing the overall complexity of security management.
BlueField technical advantage
BlueField plays a pivotal role in the overall efficiency of the Cisco Secure Workload solution, which monitors network traffic and sends it to a central agent for analysis. The agent provides actionable intelligence to suggest optimized user behavior based on the observed patterns to prevent threats from spreading and minimizing the attack surface.
BlueField uses 16 Arm A78 cores v8.2+ with a SkyMesh fully coherent low-latency interconnect, 8 MB L2 cache, and 16 MB LLC system cache to provide the ability to optimize for high-performance packet processing applications and advanced packet handling. This makes BlueField ideal for offloading compute- and data-intensive tasks from the CPU, freeing it to focus on high-value business operations.
For Cisco Secure Workload, the combination of NVIDIA accelerated switching and packet processing (ASAP2) and NVIDIA DOCA enhances scalability and CPU efficiency. Offloading communication and Open vSwitch (OVS) processing to the BlueField DPU simplifies and reduces the need for agent instances for every VM. OVS enables VMs to communicate with each other and with the outside world. OVS traditionally resides in the hypervisor and switching is based on 12 tuple matching on flows.
The OVS software-based solution is CPU-intensive, affecting system performance and preventing full utilization of the available bandwidth. ASAP2 technology enables OVS offloading by handling the OVS data-plane in BlueField while maintaining the OVS control-plane unmodified. This enables significantly higher OVS performance, without the associated CPU load.
The result is a drastic improvement in efficiency, better CPU performance, and increased scalability.
From a security and programmability perspective, the BlueField hardware Access Control List (ACL) ensures robust security by offloading the processing of ACLs from the CPU to the DPU. This frees the CPU for other tasks and improves overall system performance.
Typically, the CPU would be responsible for checking every incoming and outgoing data packet against a set of ACL rules, which can be a time-consuming process for high-speed networks. When offloaded to BlueField, the DPU can take over the task of checking data packets against the ACL rules and can do this much faster since it is specifically designed to handle networking tasks.
The BlueField hardware acceleration also enables faster and more efficient encryption and decryption of data in transit between compute nodes and storage systems. This ensures data confidentiality without significantly impacting network performance.
The benefits of these security enhancements include improved data confidentiality, a reduced attack surface, and optimized security performance.
Summary
Cisco Secure Workload represents a significant step forward in security and operational efficiency. By integrating NVIDIA BlueField-3 DPU, Cisco has created a solution that delivers robust protection without compromising performance. The combination of hardware and software innovation paves the way for a more secure and agile future for businesses of all sizes.
By leveraging the combined power of Cisco Secure Workload and NVIDIA BlueField-3, organizations can achieve a new level of security that was previously unavailable. To learn more, visit Cisco Secure Workload.
Explore how you can transform your network’s efficiency and security and unleash the full potential of your data center with the NVIDIA BlueField DPU. To dive deeper with the community, check out the NVIDIA BlueField DPU forum.
