With your workforce on the go, workloads in many clouds, and devices outside your control knowing who and what to trust is the big IT security challenge. Cisco Trusted Access makes it easier and safer to grant and restrict access by establishing trust and software-defined perimeters based on dynamic context, not just static credentials or network topologies.
Currently you have firewalls (1) and may even incorporate security into the LAN and WAN (2). You also have port and IP policies that allow or deny network activity (1), and these policies have evolved to be application and identity aware (2). Yet everything you are doing is still based on single points in time. This creates gaps in security.
How do you know you are providing the right data access based on a level of trust as things change over time (3)? As organizations become more agile, data is accessed from many locations and often by third parties due to M&A, supply chains, and contractors. Can you discover all the users, devices, and workloads that are requesting access to learn where your breach risk is highest (4)?
If passwords are stolen from authorized users or vulnerabilities are exploited on authorized devices or workloads, could you stop unauthorized app, network, or DC access? Just as Cisco has evolved threat-centric security by adding continuous detection (5), we're evolving trust-centric security by adding continuous verification with Cisco Trusted Access (6).
It is a basic level of security maturity to prevent attacks via an intelligence-based policy--then detect, investigate, and remediate.
It is a good security practice to verify before granting access via an identity-based policy--for any user, any device, any app, in any location.
Eliminate product silos with simpler, consistent access policies everywhere.
Verify user identity and device hygiene before granting access to your cloud and on-premises apps.
Verify compliant device profiles before granting software-defined access to your segmented network.
For user-device trust, add Cisco's multifactor authentication for any user with agent(less) assessments for any device (1).
For IoT trust, use Cisco's wired(less) network sensors, active probes, and partner exchange to classify headless devices. Or for workload trust, add Cisco's host sensors for containers, virtual machines (VMs), or bare metal to baseline East-West traffic (2).
Use Cisco's cloud and remote access security with single sign-on to restrict access for any user and device, managed or not, to certain public or private apps within software-defined perimeters (3).
Use Cisco's network and app fabric or firewalls to enforce software-defined access and micro-segmentation policies based on intent rather than network topology (4).
Use Cisco's integrated portfolio, partner exchange, product APIs, and implementation services for end-to-end policy normalization (5).
Use Cisco's continuous detection of network traffic, endpoint behavior, cloud usage, and app behavior to baseline what normal access requests look like and integrate responses to abnormal activity (6).
Cisco makes it easy to achieve business outcomes in weeks, not years.
Continuous verification stops untrusted or compromised users, devices or workloads from accessing apps and network.
Shift automation to Cisco and some remediation to end-users to reduce friction for lean IT teams.
Authorized software-defined access and micro-segmentation for regulated data within specific apps or the network.
We'll prioritize your top use cases or compliance requirements, and map our services and integrated portfolio to any trust-centric approach: Forrester ZTX, Gartner CARTA, Google BeyondCorp, NIST 800-171, CIS, or ISO 27000.