Secure access for your workforce, workloads and workplace
A comprehensive approach to securing all access across your networks, applications, and environment
t’s not about getting rid of the perimeter – but rather tightening security on the inside. The new perimeter is less about the edge of the network, and now more about any place you make an access control decision.
–Wendy Nather, Head of Advisory CISOs, Summarized from Zero Trust: Going Beyond the Perimeter
What Zero Trust Architecture ?
Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
“The strategy around Zero Trust boils down to don’t trust anyone. We’re talking about, ‘Let’s cut off all access until the network knows who you are. Don’t allow access to IP addresses, machines, etc. until you know who that user is and whether they’re authorize.
How does it help ?
The Zero Trust model of information security basically kicks to the curb the old castle-and-moat mentality that had organizations focused on defending their perimeters while assuming everything already inside didn’t pose a threat and therefore was cleared for access.
Security and technology experts say the castle-and-moat approach isn’t working. They point to the fact that some of the most egregious data breaches happened because hackers, once they gained access inside corporate firewalls, were able move through internal systems without much resistance.
Experts say that today’s enterprise IT departments require a new way of thinking because, for the most part, the castle itself no longer exists in isolation as it once did. Companies don’t have corporate data centers serving a contained network of systems but instead today typically have some applications on-premises and some in the cloud with users – employees, partners, customers – accessing applications from a range of devices from multiple locations and even potentially from around the globe
Users, devices and applications were located behind a firewall, on the corporate network
All endpoints accessing resources were managed by the enterprise
Systems managed by enterprises could all inherently trust one another, and trust was often based on network location
Gaining visibility to intelligently inform policy, and enabling BYOD (bring your own device) or IoT (Internet of Things) devices for business agility
Continual reestablishment of user, device and application trust
Continuous monitoring and threat containment
Protecting the Workforce, Workloads & Workplace
With all of that in mind, what exactly are you trying to protect?
Enterprises are complex by nature. They have vast IT ecosystems, with many different vendors, software and infrastructure spread across the multi-cloud and on-premises. They have many different types of users – employees, contractors, customers, etc. – everywhere across the world – often using their own personal devices to work. They have applications that talk to each other via APIs, microservices and containers. And they still have enterprise networks that devices regularly access, including IoT.
That’s why we’ve simplified things – by classifying each area of your enterprise IT as equally important to protect using a zero-trust security approach.
Zero Trust for the Workforce
Ensure only the right users (employees, contractors, partners, etc.) and their secure devices (BYOD) can access applications (regardless of location).
Zero Trust for the Workload
Secure all connections within your applications (when an API, micro-service or container is accessing an application’s database), across the multi-cloud (cloud, data centers and other virtualized environments).
Zero Trust for the Workplace
Secure all user and device connections across your enterprise network, including IoT (types of devices may include: servers, printers, cameras, HVAC systems, infusion pumps, industrial control systems, etc.).
Benefits of a Zero-Trust Security Approach
Overall – this framework provides the benefits of a comprehensive zero-trust approach:
Increased visibility – Get insight into the contextual data behind access requests, including users, user endpoints and IoT devices connecting and talking to your applications and network
Reduced attack surface – Mitigate risks related to identity attacks (stolen or compromised passwords, phishing) and lateral attacker movement within your network (in the event of a breach – contain the impact of the initial breach)
Broad coverage – Zero-trust security for not just the workforce, but across workloads and the workplace for complete coverage and a consistent approach to securing access and enforcing policies, regardless of where data or applications are located
81% of breaches involved compromised credentials, showing that passwords are an effective way to get past traditional perimeter defenses and get access to applications, undetected.
Zero Trust for Workforce
Duo secures your workforce
Duo Security helps protect your users and their devices against stolen credentials, phishing, and other identity-based attacks. It verifies users' identities and establishes device trust before granting access to applications.
Verify users identities with multi-factor authentication (MFA)
Gain device visibility and establish trust with endpoint health and management status.
Enforce access policies for every app with adaptive and role-based access controls.
54% of web app vulnerabilities have a public exploit available to hackers, meaning if servers and applications aren't patched, they're left open to known flaws that can be exploited by an attacker to get access to your systems
Zero Trust for Workload
Tetration secures your workloads
Secure your hybrid, multicloud workloads and contain lateral movement with application segmentation from Cisco Tetration. Get complete visibility and determine the dependencies within databases and applications.
Visibility into workloads
Gain visibility into what is running and what is critical by identifying workloads and enforcing policies.
Contain breaches and minimise lateral movement with application micro-segmentation
Alert or block communication if policy is violated by continuously monitoring and responding to indicators of compromise
Kaspersky Labs found a 300% rise in new IoT malware variants from 2017 to 2018, proving that connected devices are being targeted more than ever by attackers that know they can leverage smart devices to get access to your network.
Zero Trust for Workplace
SD-Access secures your workplace
Cisco Software-Defined Access (SD-Access) helps you gain insight into users and devices; and identify threats and maintain control over all connections across your network, including Internet of Things (IoT) devices like cameras, manufacturing equipment, heart pumps, and more.
Grant the right level of network access to users and devices with network authentication and authorization
Classify and segment users, devices, and applications on your network with network segmentation
Contain infected endpoints and revoke network access by continuously monitoring and responding to threats.