Dream world for the CISO
Organizations have all kinds of assets to guard. And a few assets are simpler to guard than others. Nevertheless, it’s not the simple stuff that retains a CISO up at evening. Earlier than we dive into the more difficult examples, let’s contemplate a situation that permits a CISO to sleep peacefully.
On this situation, when a employee “goes to work” (both within the workplace or remotely), they open their company laptop computer and login to a SaaS software. This employee sorts the URL into their browser, logs in with their SSO supplier and authenticates utilizing their fingerprint (biometric) on the system. Behind the scenes, this consumer is connecting to the appliance by means of a Zero Belief Community Entry (ZTNA) resolution and authenticating with SAML protocol (or OIDC or OAuth2.0), the trendy authentication methodology for cloud purposes.
This situation is the dream situation (and simpler) to guard:
- Trendy, cloud software
- Coverage-driven software entry
- Phishing-resistant authentication
- Trusted, managed system
The truth verify
Nevertheless, the dream situation can also be the least more likely to be the reason for a breach. As an alternative, attackers are exploiting legacy know-how or networks the place it’s troublesome to deploy further safety and implement coverage, like phishing-resisting multi-factor authentication (MFA) or ZTNA. Whereas organizations are on their infrastructure modernization journey, we have to have a sensible plan to guard the lengthy tails of legacy property which might be nonetheless in place and could also be troublesome to safe.
What could be completed?
Layered safety with RADIUS
Considered one of these under-rated, however frequent, authentication protocols is RADIUS (Distant Authentication Dial-In Person Service). RADIUS is a conventional network-based authentication protocol for customers and units that want to hook up with the community.
In case your group is able the place routers, switches, wi-fi entry factors and VPNs all use RADIUS, Cisco may also help. First, Cisco Id Providers Engine (ISE) supplies a layer of Community Entry Management by providing AAA safety (Authentication, Authorization, and Entry). This safety exists for customers connecting to the community within the workplace and employees connecting to the community by means of the VPN.
The challenges and safety implications round legacy VPN entry are effectively documented, which is why organizations are transferring towards fashionable structure with ZTNA. The issue is that many legacy purposes usually are not appropriate with ZTNA and organizations should hold on to their VPN infrastructure. It’s not a shock that whereas 86% of organizations have began to undertake zero belief, 98% haven’t reached maturity. Primarily, they’re caught on this journey.
That’s the place Cisco Safe Entry is available in. Safe Entry has built-in each VPNaaS and ZTNA capabilities. This permits organizations to modernize VPN infrastructure and join utilizing Cisco’s cloud resolution, falling again to VPNaaS if ZTNA is just not potential. In observe, all customers have the identical expertise when connecting to purposes (legacy or fashionable, VPN-required or ZTNA-compatible) and the know-how takes care of the work behind the scenes.
In the case of VPNaaS use circumstances, organizations with ISE deployment can leverage the distinctive integration between Safe Entry and Cisco ISE to supply an additional layer of safety. Which means that when customers hook up with VPNaaS, they’re protected by ISE’s authentication, posture evaluation, and community segmentation, all by means of a single agent — Safe Consumer.
We begin with VPNaaS and Cisco ISE working collectively and subsequent we add an additional layer of protection with one other type of authentication (that’s the place the “multi” in MFA is available in). Cisco Duo can provide RADIUS help for legacy VPNs by means of the Duo Authentication proxy by including servers to a corporation’s surroundings. However whenever you use Duo with ISE and VPNaaS, there’s a distinctive API integration that allows RADIUS authentication with out the necessity for the extra server in your surroundings. And all the top consumer sees is the everyday Duo push that they’re used to when accessing cloud purposes.
Now, even when authenticating with RADIUS, customers have a seamless expertise, and organizations have layered safety to shut potential gaps within the assault floor.
Safe organizations with Person Safety Suite
Within the preferrred world, a corporation might defend all its assets utilizing probably the most superior and fashionable know-how and protocols. Nevertheless, organizations have a variety of property that each one want safety, no matter how straightforward or exhausting it’s to guard. When combining the community safety by means of Cisco ISE with Person Safety Suite instruments, Cisco can present the options you want at present whilst you proceed to modernize for the longer term. And permit CISOs to get a very good evening’s relaxation.
To study extra about how Cisco’s Person Safety Suite can defend your workforce, join with an skilled at present.
Share:
