Greater Dynamic Controls for Secure Access and Mobility
Businesses today are required to meet multiple challenges with respect to connecting users to applications.
First, it is no secret that the demands of employees and users are great–they expect access to enterprise resources and their work via more mediums than ever before–by personal laptops, tablets and smartphones, both at home and on the road. The Internet of Things (IoT) is the latest technology where we must now prepare for a world where everything is connected. From Wi-Fi-enabled sensors for treatment care to vending machines for restocking or even sensors linked to power controls.
In addition to meeting demands of workers and all of these connected devices, there are also security challenges associated with connecting these devices into business networks to balance productivity with keeping advanced security threats, insider misuse and data breaches at bay.
According to the Ponemon Institute 2013 State of the Endpoint Report, 80 percent of respondents believe laptops and other mobile data-bearing devices such as smart phones pose a significant security risk to their organization’s networks or enterprise systems because they are not secure.
Increased security risk, coupled with the employee expectations noted above, means we need technology that offers users the right access to only the right resources they should be able to access (i.e., engineering shouldn’t have access to finance) regardless of how they connect. This requires a lot more context into who and what is connecting to the network, as well as when and how.
IT professionals are saddled with threading the needle to support these enterprise mobility initiatives while mitigating security risks and cutting down on complexity in their environments, all on tighter budgets and under the watchful eye of government and other compliance requirements.
In order to address these challenges, today Cisco is releasing the newest versions of Cisco Identity Services Engine (ISE) and AnyConnect. Cisco ISE unifies and automates secure access control to enforce role-based access to networks and network resources. ISE uses visibility and intelligence, allowing for dynamic controls that see and learn more to adapt and enforce quickly. These dynamic controls allow high degrees of automation, where security systems automatically respond to threats, changing the trust profile of a user, device or application in near real-time.
With today’s news, only Cisco ISE allows companies to address the main challenges of secure access and mobility:
Secure enterprise mobility
Cisco ISE also enhances visibility with our profiling engine and device profile feed service, accurately identifying the majority of devices connecting to the network. Now, ISE can reduce the number of unknown devices on the network by an average of 74 percent. This greatly reduces the attack surface that can be exploited by malicious users. ISE has now further simplified onboarding experiences with new Guest and “BYOD” implementations for granting the right levels of access out of the box, while ensuring only authorized access to these network resources. Better yet, these new experiences have been shown to vastly reduce IT costs associated with creating, managing and supporting new custom portals for onboarding Guest and Mobile users.
Finally, the ability to apply consistent access policy across the extended network
Only ISE centralizes and streamlines visibility, management and control for consistent secure access control across wired, wireless and remote access by mapping connected business assets to defined access policies. No other secure access technologies can span all three environments. ISE applies proactive and automated business access policy decisions, based on rich contextual data so the right users have the right access to only the appropriate resources, regardless of how they connect. In addition, Cisco ISE works with Cisco TrustSec to extend secure access and enforcement of access policy more deeply across the entire network to realize “software defined segmentation” based on user and device context in real-time and inline.
Gathering and sharing more context resolves issues faster
ISE actively and passively collects more contextual data than any other solution for increased visibility, utilizing and sharing contextual data, identity and telemetry using Cisco pxGrid technology.
With this update, ISE now works with even more network and security ecosystem partners powered by Cisco pxGrid technology to improve threat defense, visibility and sharing of contextual information to make better policy and security decisions. We’ll expand on the partner ecosystem in another post this week.
We are also unveiling innovations for AnyConnect 4.0. Customers can now achieve tighter security controls while enabling direct, secure, one-click per-app access to corporate applications via remote mobile devices. With AnyConnect, enterprises can now extend unified access policies to off-premises mobile endpoints through secure application-aware endpoint VPN. Access to network resources from mobile devices is only given to enterprise-approved applications, reducing threats from non-approved applications. In addition, AnyConnect can now work with and prioritize both LAN or Wi-Fi connections using a unified agent to make sure remote connections to resources are based on the most secure connectivity.
As part of improving how enterprises can quickly identify and mitigate cyber threats, lowering their impact, Cisco is introducing a new version of the Cyber Threat Defense 2.0 solution stack detailed in a new Cisco Validated Design for implementing Cyber Threat Defense in secure network infrastructures.