Cisco Zero Trust: Mapped to Forrester's ZTX
Make your workforce, workloads, and workplace Cisco Secure
See how the Cisco Zero Trust solution aligns to industry analyst Forrester's Zero Trust eXtended (ZTX) model. Cisco Zero Trust is a comprehensive way to establish trust at every point of access, throughout your infrastructure.
Contact Cisco
-
-
Call Sales:
- 1-800-553-6387
- US/CAN | 5am-5pm PT
The 2021 Duo Trusted Access Report
Using data from millions of authentications, Duo examines how organizations are enabling work from anywhere, on any device, by implementing controls to ensure secure access to applications.
Pillars of Forrester's ZTX framework
The Zero Trust eXtended (ZTX) framework enables direct mapping of technology purchases and strategic security decisions to seven core pillars.
Data security
What does the technology do that enables data categorization, schemas, isolation, encryption, and control?
Network security
What does the technology do to enable the principles of network isolation, segmentation, and ultimately security?
Workforce security
Users: How does the solution secure the people using the network and business infrastructure, and does it reduce the threat that users create?Devices: How does the solution employ device controls, isolation, identification, and inventory?
Workload security
Does the solution or technology secure areas such as cloud networks, apps and anything else that a business or organization uses to make the business operate technically?
Automation and orchestration
How does the technology or solution automate and orchestrate zero trust principles and empower the business to have more powerful control of disparate systems?
Visibility and analytics
Does the technology or solution provide useful analytics and data points and eliminate dark corners of systems and infrastructure?
Data security: Protect against data exfiltration
The Cisco Zero Trust security architecture helps you secure data by classifying and categorizing data; authorizing user and device access to data; preventing data loss and exfiltration; and encrypting emails and device data.
Detect anomalous behaviors
Monitor data transfers and tag workloads with sensitive data and define access control policies.
Enforce access controls
Protect data at the point of application access and enforce security best practices like encryption on end users' devices.
Block data exfiltration
Stop data exfiltration and ransomware execution by preventing connections to attackers' servers.
Enforce device security
Enforce data encryption and enable remote wipe, integrated network access control, and secure containerization.
Protect data access
Detect threats, better secure sensitive data, and continuously monitor cloud environments with this data loss prevention (DLP) tool.
Prevent data loss
Prevent data loss, encrypt content, and safeguard sensitive emails at rest and in transit.
Network security: network visibility and segmentation
Cisco Zero Trust solutions secure all user and device connections across your network, including IoT. Our automated network-segmentation capabilities allow you to set micro-perimeters for users, devices, and application traffic without requiring a network redesign.
Secure network access
Get complete visibility by identifying, classifying, and assembling the necessary context on users and endpoints, including IoT.
Dynamic visibility
Build visibility-based network segmentation and policy control into your security architecture.
Network segmentation
Build granular segmentation directly into your network, eliminating the need for complicated infrastructure configurations.
Automated threat containment
Implement adaptive threat containment to ensure your organization's security posture evolves as threats do.
Policy enforcement
Ensure policy is enforced close to source on unencrypted traffic, as well as in the network, based on encrypted traffic analytics.
Encrypted traffic analytics
Identify malware in encrypted traffic using network analytics.
Workforce security: Establish trust in users and devices
Ensure only trusted users and secure devices can access applications, while retaining usability. Cisco Zero Trust verifies trust through strong authentication, continuous endpoint monitoring, and custom security policies to protect every application.
User security
Protect against credential compromise: Verify your users' identities with multifactor authentication.
Gain visibility into access activities: Get visibility into access activity across all locations, devices, and users. Control cloud application access and prevent malicious connections.
Enforce access policies for very application: Set policies based on your organization’s risk tolerance level and requirements.
Provide self-remediation options: Notify users when security controls are not met and prompt them to update.
Protect against email compromise: Detect fraudulent senders while adapting in real time to block phishing attacks and malware.
Device security
Provide visibility into all devices: Regardless of management status, get visibility into devices being used to access applications both on and off the network.
Enforce trustworthiness of user devices: Identify risky devices, enforce contextual access policies, and report on device health using an agentless approach or by integrating with your device management tools.
Block access from compromised devices: Protect your network, endpoints and email by identifying threats, while blocking and removing malware.
Block malware: Stop malware before it reaches your devices by blocking access to malicious websites and IP addresses.
Establish controls for devices: Get unified device management for both mobile and desktop environments, to enable seamless onboarding and automated security policy enforcement.
Workload security: Secure across multicloud
Secure connections for all APIs, microservices, and containers that access your applications, no matter where they're located. Cisco Zero Trust, deployed on-premises or in the cloud, provides a comprehensive way to secure your app stack. Micro-segmentation helps you contain threats and protect against lateral movement.
Visibility into applications
Have control over every connection from users and devices to both your applications and your network, across a multicloud environment.
Application segmentation
Minimize lateral movement for on-premises and multicloud environments.
Enforce policies and controls
Enforce application-specific user and device access policies. Flag anomalies using behavioral analysis to reduce your attack surface.
Visualize app architecture
Get clarity into every component and dependency, across any environment, with flow maps.
Monitor app performance
Deep diagnostic capabilities enable you to identify root cause.
Remediate threats quickly
Identify root causes of threats with deep diagnostic capabilities.
Visibility and analytics: insights and actionable data
Cisco Zero Trust provides insights into vulnerabilities across users, network, endpoint, cloud, and applications. Comprehensive data collation and integrations with third-party data solutions establish and enforce trust at the point of access. Continuous re-evaluation of trust levels makes it easy to adapt policies.
Unified visibility
See activities and manage security policy across all parts of the infrastructure to enforce access decisions based on threat detection and meaningful analytics.
Collaborate better than ever
Gain contextual awareness across your security ecosystem to help your teams share insights and coordinate responses faster.
Accelerate threat investigation
Collect, categorize, and correlate device, application, and user data into actionable business insights.
Reporting and audits
Get by-the-minute security reporting and log capture that can be consumed in a dashboard or exported to third party SIEM and SOAR.
Contextual visibility
Ingest and analyze telemetry from network devices and capture additional contextual information about the source of potential threats.
Actionable insights
Detect and report on security posture of devices and modify policies to mitigate threats such as browser vulnerabilities and OS compromises, ensuring sources meet standards.
Automation and orchestration: Accelerate time to respond
Integrating and automating security across your entire IT environment is key for the success of your zero-trust strategy. By automating policy enforcement based on dynamic visibility, you can continually maintain trust and contain threats.
Maximize operational efficiency
Remediate security threats faster and more precisely with by automating workflows in just a few clicks.
Automate workflows
Use pre-built workflows aligned to common use cases or build your own with a no/low-code canvas to eliminate friction in your processes and automate routine tasks.
Block potential threats
Block potential malicious devices, URLs and users before they gain access through malware detection, DNS layer security and user fraud alerts.
Optimize operations
Get dynamic updates based on indication of compromise (IoC), enable data sharing, policy orchestration, information sharing, and threat response beyond the perimeter.
Extended protection and trust
Zero-trust security for any enterprise
To support a successful implementation of a zero-trust security approach, Cisco Zero Trust provides a comprehensive portfolio of Cisco Secure solutions and Zero Trust Strategy Service. It also integrates with an ecosystem of other products to provide complete zero-trust security for any enterprise environment.
Accelerate your journey to zero trust with Cisco SecureX
Simplify your security by connecting the Cisco Secure portfolio and your infrastructure with SecureX, our cloud-native, built-in platform experience.
Resources
Zero Trust: Going beyond the perimeter
Cisco named a leader in the 2020 Forrester Zero Trust Wave report
Cisco Zero Trust solution overview
Learn more and get started
Workforce: Zero-trust evaluation guide for the workforce
Demo: Duo secure access
Workplace: Forrester ZTX networks guide
Demo: Secure network
Workloads: Cisco Tetration platform for workload protection data sheet
Demo: Secure workload