By Amanda Rogerson Cybersecurity – the final frontier, these are the trials and tribulations that network admins face on an ongoing basis. Sometimes it feels like network admins are Starfleet captains navigating unknown galaxies as the infrastructure of organizations become more complex. Using a complicated mix of cloud apps, on-prem systems, BYOD, IoT, and more, gone are the days of purely corporate-owned assets.
This means that it is more challenging to trust all the devices on your network anymore. Let’s face it, the perimeter has shifted and users and devices have become the primary entry points for accessing the network and business applications, and more often than not they rely on weak legacy password-based access controls. There must be a better way to boldly go where every admin has gone before to control both application and network access across your campus, Data Center, and cloud!
On today’s modern networks, administrators require solutions that provide deep visibility into users, devices, and the applications both on and off the corporate network.
There is no need to set your phasers to stun for non-compliant users or devices, a “zero trust for the workforce” security model answers these challenges by treating every access attempt as if it were an invading alien species coming from an unknown galaxy, or in this case and untrusted network.
This model focuses on authenticating users and checking the security posture of devices before granting access to applications. By combining the power of Duo Security with Cisco Identity Services Engine (ISE), you have a recipe for successfully implementing modern access controls which are simple yet astonishingly effective to address some core use cases around these challenges, and more appetizing than a Klingon’s Rokeg Blood Pie.
A Recipe to Simplify Visibility and Device Compliance
Decentralization of device management can leave administrators wondering how users are accessing resources. Determining the posture of devices connecting to resources is critical because outdated software often has vulnerabilities that are routinely exploited. Without current endpoint security protections, people can unwittingly turn their devices into a menace on the network, worse than a Tribble invasion. Two simple ingredients provide a delicious approach for strong access controls that is easy to replicate anywhere in the environment.
Cisco Identity Services Engine (ISE) makes it easy to gain visibility and control over who and what’s on your corporate network consistently across wireless, wired, and VPN connections. As users and devices connect to the network, ISE confirms identities against its own user repository and authenticates those users before it grants and controls access based on who and what requested network access. Duo Security compliments this visibility by providing device insights for any device connecting to applications, including devices that are not connected to the corporate environment.
With multi-factor authentication and adaptive access controls, Duo provides the ability to authenticate the user connecting to the resource and verify the access attempt. Through granular access policies at the application or group membership level, administrators can establish controls to grant or block access attempts by identity or device and based on contextual factors such as user location, network address ranges, biometrics, device security and more.
For devices connected to the corporate network ISE together with Cisco AnyConnect Secure Mobility Client checks the security posture of devices that connect to your network. Duo’s Trusted Endpoints augments these controls and lets you issue device certificates that are checked at login for greater insight into and control over your BYOD environment while limiting access by any personal devices that don’t meet your security requirements. With ISE and Duo, you’ll benefit from simplified, secure controls needed to grant appropriate access while protecting your organization from the risks of unauthorized people and devices.
Don’t let the Borg assimilate you into an outdated approach to security. Take the helm and join Duo and Cisco on September 24th to learn more recipes for how combining the power of Duo Security with Cisco ISE can help your organization adopt a zero-trust approach to modern, simple and effective secure access. Full speed ahead, live long and prosper.
Source:: Cisco Security Notice