Cisco Blogs
Share
tweet

The Continuum Approach for Secure Mobility

- May 5, 2014 - 0 Comments

A couple weeks ago, we spoke about the mobility journey and the phases that organizations take as they embrace the widely accepted mode of mobility—Beyond BYOD to Workspace Mobility (device-focus, application-focus and experience-focus). Whatever phase your organization is in, security is a top priority. These phases can help determine your secure mobility approach but your risk aversion level will also define it. Whatever your risk tolerance, the mobile threat landscape is extremely active and clever—do not underestimate it.

The dynamic nature of mobile threats does not stop by simply entering from your mobile device but it can further propagate and manifest across the network, wired devices, virtual, cloud and data center environments. So your secure mobility approach must be non-stop, continuous and pervasive—end to end. To hinder the chance of threat damage or inappropriate access whether intentional or not, one must offer comprehensive secure mobile access controls at the access layer across each phase of an attack, before, during and after.

Let’s take a closer look at the initial mobile protection layer—Cisco’s secure access controls include: Identity Services Engine, AnyConnect, Trustsec and ISE integrations with Mobile Device Management (MDM) and SIEM.

continuous-protection-kt

Before:

Cisco ISE is the brains behind discovering and stopping any inappropriate mobile access. Working with MDM vendors, ISE determines access based on real-time contextual from MDM solutions (Is it registered? Does it have PIN-lock? Disk encryption? Etc.) ISE enforces centrally created mobile access policy across the networks. ISE also finds mobile devices that may not be registered with MDM. AnyConnect provides secure remote access coming in and redirects any web traffic to Cisco’s web security cloud services to ensure protection from a top source of threats. Ensuring the right person and device gets to the right IT assets starts the process of ensuring protection to applications and data—as well as setting a level of trust.

During:

Unfortunately, in today’s threat landscape threats can get through even if we minimize the threat vector. ISE also works to detect and defend during an attack with SIEM partners. The powers of both bring together a network wide of security events with relevant identity and device context from ISE. This additional identity insight does not require the security professional to translate or cross-reference IP addresses. It facilitates a quicker and more accurate remediation of the mobile threat.

After:

If a threat does enter your network, you need to scope the potential damage, contain and remediate. Leveraging the centralized secure access policy from ISE, the unique Trustsec tagging, an embedded security technology on network infrastructure can also enforce or contain a threat in a particular network segment. This means the network did the enforcement—we did not need yet another dedicated enforcement device (point-in-time appliance). Cisco demonstrated this at last year’s Black Hat and surprised many security professionals who could not believe the network switch did the enforcement. Security is woven into the network to increase efficiency and efficacy.

In addition to this initial layer of mobile secure access, Cisco offers a rich portfolio of next generation network security, market leading content security, proven protection for advanced persistent threats and data protection to address the mobile threats across this attack continuum in a very dynamic manner. Does your network or security provider offer this breadth and depth of mobile security?

Tags:
Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share
tweet