Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Zero Trust: Mapped to Forrester's ZTX

Secure your workforce, workloads, and workplace

See how the Cisco Zero Trust solution maps to industry analyst Forrester's Zero Trust eXtended (ZTX) model. Cisco's products can help you build toward a zero-trust security model to protect every pillar of your enterprise.

Pillars of Forrester ZTX

Data security: encryption and secure access

Take a zero-trust approach to securing data by protecting the new, extended perimeter: classify and categorize data; authorize user and device access to data; prevent data loss and exfiltration; and encrypt emails and device data. Secure your data with: 


Tag workloads with sensitive data and define access control policies. Monitor data transfers for any anomalous behaviors.

Duo Security

Protect data at the point of application access and enforce security best practices like encryption on end users' devices.


Stop data exfiltration and ransomware execution by preventing connections to attackers' servers.

Meraki Systems Manager

Enforce data encryption and enable remote wipe, integrated network access control, and secure containerization.


Detect threats, better secure sensitive data, and continuously monitor cloud environments with this data loss prevention (DLP) tool.

Email Security

Prevent data loss, encrypt content, and safeguard sensitive emails at rest and in transit.

Network security: prevent and contain breaches on the network

By segmenting access across your network, you can better isolate and control critical areas of your network to contain breaches and prevent lateral movement. Get more visibility into what's on your network so you can secure it with a zero-trust approach. Secure your network with:


Gain visibility into devices and grant the right level of access with network policies. Identify, contain, and remediate network threats.

Next-Generation Firewall (NGFW)

Prevent and detect threats before they reach users, devices, and workloads; and enforce policies defined by SD-Access.

Duo Security

Control privileged access to internal applications and data centers, and grant users secure remote access to applications.

AnyConnect Secure Mobility Client

Give users more secure access to the network from any device, anywhere, anytime while restricting access by non-compliant devices with remediation.


Integrate with SD-WAN edge devices, wireless controllers, and access points for faster deployments. Gain more visibility and control while enforcing access policies and prevent network threats.

Workforce security: control who gets access

Assume zero trust until you can verify the trustworthiness of your users' identities and the security of their devices. Protect against phishing and other identity-based attacks. Better secure your workforce with:

Duo Security

Verify your users' identities with multifactor authentication while enforcing access policies for every application. Help enable continuous monitoring of access and privileges with Duo's reports.


Get visibility into Internet activity across all locations, devices, and users. Control cloud application access and prevent malicious connections.

Email Security

Detect fraudulent senders while adapting in real time to block phishing attacks and malware.

Workload security: protect the entire application stack

Secure access for APIs, microservices, or containers accessing a database within an application, no matter where it's located--in the cloud, data centers, or other virtualized environments. Segment access and identify malicious behavior to contain breaches and protect against lateral movement. Secure your workloads with:


Gain visibility into workload behavior and attack surface, then identify and respond to workload risks. Establish application micro-segmentation while enforcing policies across cloud and hybrid environments.

Application-Centric Infrastructure (ACI)

Gain visibility into infrastructure usage of applications while automating consistent connectivity and segmentation policies across on-premises and cloud.

Device security: control user and IoT devices

Get visibility into, better secure, and control every device accessing your applications and network at all times. That includes Internet of Things (IoT), network-enabled devices, and (managed and unmanaged) user devices like APIs, cameras, HVAC systems, printers, medical equipment, and more. Secure your devices with:

Duo Security

Track user devices (both corporate and personally owned) across applications and enforce trust-based device policies. Control access based on device type and enabled security features.


Gain visibility into users and devices (IoT) on the network, then authenticate and authorize their access. Prevent lateral movement by enforcing group-based network segmentation.

Advanced Malware Protection (AMP)

Gain visibility into files and executables and prevent malware at point of entry while removing it from all types of devices, including mobile.


Stop malware before it reaches your devices by blocking access to malicious websites and IP addresses.

AnyConnect Network Visibility Module

Gain insight into application, user, and endpoint behavior with visibility across the extended network.

Visibility and analytics: gain insight to enforce security

Improve or increase visibility and analytics for your users and admins by gaining insight to unknown or unidentified assets on your network, across workloads or applications. Integrate with other data sources to use information intelligently to create and enforce policies that strengthen your overall security posture.


See what's running and critical across your applications across a multicloud environment. Get insight into vulnerabilities and your attack surface.


Gain visibility into your network and collect, categorize, and correlate device, application, and user data into actionable business insights.

Duo Security

Gain visibility into user and device access across every application and endpoint platforms, then enforce trust-based polices. Notify users to update out-of-date devices at login.


Get visibility into all hosts and conversations across campus, branch, data center, and cloud networks.

Automation and orchestration: respond to threats quickly

The ability to integrate and automate security across your entire IT environment--for applications, networks, and workloads--is key for the success of your zero-trust strategy. By automating policy enforcement consistently across your environment, you can prevent a breach and also automate your threat response to more quickly contain a breach.


Create a behavioral baseline of what's considered normal for application workloads, to better understand your attack surface, then enforce micro-segmentation policies.

Duo Security

Automate security policies across platforms and applications with one admin panel and empower end users to report fraud and update devices. Duo's integrations, partnerships, APIs, and documentation allow for easy setup and management.


Automate policies for users and devices on the network with a single network fabric, helping simplify and scale management and operations. Third-party integrations help enable data-sharing, policy orchestration, information sharing, and threat response beyond the perimeter.

Cisco Threat Response (CTR)

Tie together Cisco products and integrate threat intelligence for automated threat detection, investigation, and response for direct management and remediation of threats from a single interface.


Integrate broadly across both Cisco and third-party enterprise products. Leverage strong tech partnerships and open APIs to automate security policies across any IT ecosystem -- including networks, users, devices, applications, and workloads.


Cisco Security Advisors help your organization develop a strong security, compliance and threat management strategy.