Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Zero Trust Security

Establish trust at point of access

Cisco Zero Trust offers a comprehensive solution to secure all access across your applications and environment, from any user, device, and location. This complete zero trust security model allows you to mitigate, detect, and respond to risks across your environment. See how you can make your environment Cisco Secure today.

The 2021 Duo Trusted Access Report

Using data from millions of authentications, Duo examines how organizations are enabling work from anywhere, on any device, by implementing controls to ensure secure access to applications.

Zero trust explained

What is zero trust?

Zero trust is a strategic approach to security that centers on the concept of eliminating trust from an organization's network architecture. Trust is neither binary nor permanent. We can no longer assume that internal entities are trustworthy, that they can be directly managed to reduce security risk, or that checking them one time is enough. The zero-trust model of security prompts you to question your assumptions of trust at every access attempt.

How is a zero-trust approach different?

Traditional security approaches assume that anything inside the corporate network can be trusted. The reality is that this assumption no longer holds true, thanks to mobility, BYOD (bring your own device), IoT, cloud adoption, increased collaboration, and a focus on business resiliency. A zero-trust model considers all resources to be external and continuously verifies trust before granting only the required access.

In summary

A zero-trust approach:

  • Establishes trust in every access request, no matter where it comes from
  • Secures access across your applications and network
  • Extends trust to support a modern enterprise across the distributed network

Cisco rides the wave as a leader in zero trust

"Cisco pushes the zero trust envelope the right way." Learn why Forrester has identified Cisco as a market leader in its Zero Trust eXtended Ecosystem Platform Providers, Q3 2020 report.

Why adopt a zero-trust security approach?

With the zero-trust model, you gain better visibility across your users, devices, containers, networks, and applications because you are verifying their security states with every access request. You can reduce your organization's attack surface by segmenting resources and only granting the absolute minimum access needed.

Adopting this model provides you with a balance between security and usability. Security teams can make it harder for attackers to collect what they need (user credentials, network access, and the ability to move laterally), and users can get a consistent and more productive security experience--regardless of where they are located, what endpoints they are using, or whether their applications are on-premises or in the cloud.

Why Cisco Zero Trust?

The most successful zero-trust solutions should seamlessly integrate with your infrastructure without entirely replacing existing investments. Cisco Zero Trust provides a comprehensive approach to securing all access across your applications and environment, from any user, device, and location, by:

Establishing trust

We establish trust by verifying:

  • User and device identity
  • Device posture and vulnerabilities
  • Any workloads
  • Application and service trust
  • Any indicators of compromise

Enforcing trust-based access

We enforce least privilege access to:

  • Applications
  • Network resources
  • Workload communications
  • All workload users and administrators

Verifying trust continuously

We continuously verify:

  • That original tenets used to establish trust are still true
  • That traffic is not threat traffic
  • Any risky, anomalous, and malicious behavior
  • That the trust level is changed, if compromised 

Zero-trust pillars

Security is not one-size-fits-all. When approaching zero-trust design, it is easier to break it down into three pillars: workforce, workload, and workplace. These align with the model proposed by Forrester to simplify adoption. There are nuances to address in each area, while all work toward the same goal.

Zero trust for the workforce

This pillar focuses on making sure users and devices can be trusted as they access systems, regardless of location.

Zero trust for workloads

This pillar focuses preventing unauthorized access within application environments irrespective of where they are hosted.

Zero trust for the workplace

This pillar focuses on secure access to the network and for any and all devices (including IoT) that connect to enterprise networks.

A comprehensive zero-trust security approach

The platform approach of Cisco Zero Trust provides a balance between security and usability. Security teams can make it harder for attackers to collect user credentials and network access and to move laterally, and users can get a consistent and more productive security experience--regardless of where they are located, what endpoints they are using, or whether their applications are on-premises or in the cloud. Its comprehensive approach to securing all access protects the workforce, workloads, and workplace.

Securing the federal workforce

Zero trust has become a dominant security model for the changes brought about by mobility, consumerization of IT, and cloud applications. Our guide can help your organization implement the principles of zero trust at a sustainable pace.

Cisco Zero Trust

With Cisco Zero Trust you can:

  • Consistently enforce policy-based controls
  • Gain visibility into users, devices, components, and more across your entire environment
  • Get detailed logs, reports, and alerts that can help you better detect and respond to threats
  • Provide more secure access, protect against gaps in visibility, and reduce your attack surface with Cisco Zero Trust
  • Automate threat containment based on any changes in the "trust level"

Cisco Zero Trust for the workforce

Cisco Zero Trust provides solutions that establish trust in users and devices through authentication and continuous monitoring of each access attempt, with custom security policies that protect every application. It allows you to:

Cisco Zero Trust for workloads

Cisco Zero Trust secures connections for all APIs, microservices, and containers that access your applications, whether in the cloud, data center, or other virtualized environment. Cisco Zero Trust, deployed on-premises or in the cloud, secures your app stack, and micro-segmentation helps you contain threats and protect against lateral movement.

Cisco Zero Trust for the workplace

Cisco Zero Trust enables users to securely connect to your network from any device, anywhere while restricting access from non-compliant devices. Our automated network-segmentation capabilities let you set micro-perimeters for users, devices, and application traffic without requiring network redesign.

  • Secure network access
  • Get complete visibility by identifying, classifying, and assembling the necessary context on users and endpoints, including IoT.

  • Network segmentation
  • Build granular segmentation directly into the network, eliminating the need for complicated infrastructure configurations.

  • Encrypted traffic analytics
  • Identify malware in encrypted traffic using network analytics.

  • Dynamic visibility
  • Build visibility-based network segmentation and policy control into your security architecture.

  • Automated threat containment
  • Implement adaptive threat containment to ensure the organization's security posture evolves as threats do.

  • Policy enforcement
  • Ensure policy is enforced close to source on unencrypted traffic, as well as in the network, based on encrypted traffic analytics.

Extended protection and trust

Zero-trust security for any enterprise

To support the successful implementation of a zero-trust security approach, Cisco Zero Trust provides a comprehensive portfolio of Cisco Secure solutions and the Zero Trust Strategy Service. It integrates with an ecosystem of other products to provide complete zero-trust security for any enterprise environment.

Accelerate your journey to zero trust with Cisco SecureX

Simplify your security by connecting the Cisco Secure portfolio and your infrastructure with SecureX, our cloud-native, built-in platform experience.

Protecting 3,000 applications with Duo

Moving to a Zero Trust model is an opportunity to move into a much better user workflow. Plus, when the geopolitics brought us new problems, Zero Trust from Duo was something that we were able to leverage in order to match the risks that we saw with the appropriate security controls.

Brad Arkin, SVP, Chief Security and Trust Officer

Featured zero-trust resources

Zero-trust approach to enterprise security

Learn the fundamentals of zero trust, including its three pillars, risks, options for implementing, and proposed maturity models.

Zero-trust evaluation guide for the workforce

Evaluate different zero-trust solutions for securing the workforce and verifying your users and their devices as they are accessing applications.

Learn more about securing your workforce, workloads, and workplace by watching this explainer video.

Begin your zero-trust journey with Secure Choice

Let your Cisco Zero-Trust journey with Secure Access by Duo and Identity Services Engine (ISE) begin by buying through Secure Choice, one easy-to-manage agreement.

For partners

Are you a Cisco partner?  Log in to see additional resources.

Looking for a solution from a Cisco partner? Connect with our security technical alliance partners.