As we think about security in 2019, let’s consider the theme for this year’s RSA Conference: Better
But as RSAC asks, what defines better? It is better security tools? Better threat intelligence, Better machine learning classifiers? Yes. And more.
Much like RSAC suggests, better security that keeps organizations safer means doing a better job ensuring everybody in an organization, from the CEO to the remote employee, plays a role. With that said, better security postures don’t just stop threats but also verify trust.
A better security posture begins with continuous threat detection that blocks attacks and malware outright and also continuously detects and remediates the most advanced threats. We are the very best in this world at this given that Talos threat intelligence backs our products.
The second element of better security is continuously verifying trust. At Cisco, we call our trust-centric approach to security Cisco Trusted Access.
This concept of trust may seem familiar to many due to Forrester’s Zero Trust eXtended (ZTX) approach and more recently, Gartner’s Continuous Adaptive Risk & Trust Assessment (CARTA), focusing on the need to make better access security decisions.
Why is this important? We have users, devices and apps accessing the network like always but also accessing data beyond IT’s traditional control points. Application access decisions are often happening off-network when mobile users go straight to cloud apps. This trust-centric approach enforces controls around access to sensitive data and apps and verifies trust in users, workloads and IoT devices.
As we think about Trusted Access at Cisco, we divide it into three areas that we’ll explore in a few upcoming blogs:
Establish Trust Levels
Workforce trust – users and device hygiene: We begin by verifying user identity to ensure employees are indeed who they say they are and not attackers with stolen credentials. Our approach is elegant multi-factor authentication often via push messages to workers. While we do this, as devices seek to connect, we confirm a device meets security standards to safeguard against vulnerable endpoints with out-of-date software connecting.
We consider this user and device trust a foundation of Trusted Access and often a good place to start since it allows users and employees to contribute to a better security posture.
We must also consider establishing trustworthiness in the headless devices that connect to our networks. In many verticals this includes IoT devices like connected HVAC, POS systems, badge readers, conference rooms – the list goes on. With these devices connecting and operating, Trusted Access ensures we actively verify these devices—that is—verify IoT trust, where we can’t install agents or authenticate users.
It is no secret data centers are designed more and more around the applications that run business. This means any conversation on Trusted Access must account for application workload trust. We do this by baselining application traffic in the data center traffic to understand and verify its behavior. With this verification of applications in place, we then generate an automatic whitelist policy for application segmentation, thus creating a zero trust model in the data center.
Software-defined network access: Once we establish trust, we then must enforce it. We begin with software-defined access to extend the right amount of access to users connecting to the network. Continuous trust verification also means once we extend access, we then verify with automatic software-defined segmentation. Should we find a device may be infected and should no longer be trusted, we automatically quarantine or downgrade access levels.
We can’t forget our earlier example of users going straight to cloud apps, which is more and more common in the modern enterprise. Trusted Access ensures we not only verify a user’s identity and device hygiene as they connect to an app, but also put application access controls in place to grant or block application access based on identity or device or contextual factors like location, network, address ranges, biometrics, device security etc.
Automate adaptive policy
Trusted Access has many examples of automation. Whether it be automatically quarantining a laptop or dynamically adjusting application access levels due to out-of-date device software we offer compelling automation today. We will continue to expand our automations between products moving forward for even more consistent policy enforcement, even more integrated threat responses and thus even more trusted access.
Using the combination of user, device and workload context, intent-based access can be applied for both the network and applications, providing the right access to the right apps and data, from the right users and devices.
Achieving better security is a journey – and we feel Trusted Access is a step in the right direction. If you happen to be at the RSA Conference this week, please swing by the Cisco booth (#6045, north expo) to discuss how we can all work together for better security.
Click here to subscribe to our RSAC blog series.